Patch for an Issue #347

2025-01-24 08:14:24 +03:00 · 2013-01-17 15:30:14 +01:00 · 2013-01-17 15:30:14 +01:00 · f7eda07d92
commit f7eda07d92
parent a38b3e397c
3 changed files with 11 additions and 2 deletions
--- a/lib/core/common.py
+++ b/lib/core/common.py
@ -86,6 +86,7 @@ from lib.core.settings import DEFAULT_GET_POST_DELIMITER
 from lib.core.settings import DEFAULT_MSSQL_SCHEMA
 from lib.core.settings import DEPRECATED_OPTIONS
 from lib.core.settings import DESCRIPTION
+from lib.core.settings import DOLLAR_MARKER
 from lib.core.settings import DUMMY_SQL_INJECTION_CHARS
 from lib.core.settings import DUMMY_USER_INJECTION
 from lib.core.settings import DYNAMICITY_MARK_LENGTH
@ -2041,6 +2042,10 @@ def urlencode(value, safe="%&=", convall=False, limit=False):
        if all(map(lambda x: '%' in x, [safe, value])) and not kb.tamperFunctions:
            value = re.sub("%(?![0-9a-fA-F]{2})", "%25", value)

+        if '$' in value and '$' not in safe:
+            for match in re.finditer(r"\b([\w$]*\$[\w$]*)=", value):
+                value = value.replace(match.group(1), match.group(1).replace('$', DOLLAR_MARKER))
+
        while True:
            result = urllib.quote(utf8encode(value), safe)

@ -2056,6 +2061,9 @@ def urlencode(value, safe="%&=", convall=False, limit=False):
            else:
                break

+    if result:
+        result = result.replace(DOLLAR_MARKER, '$')
+
    return result

 def runningAsAdmin():
--- a/lib/core/settings.py
+++ b/lib/core/settings.py
@ -37,6 +37,7 @@ UPPER_RATIO_BOUND = 0.98
 PARAMETER_AMP_MARKER = "__AMP__"
 PARAMETER_SEMICOLON_MARKER = "__SEMICOLON__"
 PARTIAL_VALUE_MARKER = "__PARTIAL__"
+DOLLAR_MARKER = "__DOLLAR_MARK__"
 URI_QUESTION_MARKER = "__QUESTION_MARK__"
 ASTERISK_MARKER = "__ASTERISK_MARK__"

--- a/lib/request/connect.py
+++ b/lib/request/connect.py
@ -620,8 +620,8 @@ class Connect(object):
                        payload = json.dumps(payload)[1:-1]
                value = agent.replacePayload(value, payload)
            else:
-                if not skipUrlEncode and place in (PLACE.GET, PLACE.COOKIE, PLACE.URI):
-                    # GET, URI and Cookie need to be throughly URL encoded (POST is encoded down below)
+                if not skipUrlEncode and place in (PLACE.GET, PLACE.POST, PLACE.COOKIE, PLACE.URI):
+                    # GET, POST, URI and Cookie payload needs to be throughly URL encoded
                    payload = urlencode(payload, '%', False, place != PLACE.URI)
                    value = agent.replacePayload(value, payload)