Minor fix to urldecode %3d and any other urlencoded values in target url, posted data and cookie

2024-11-22 01:26:42 +03:00 · 2008-10-16 16:31:20 +00:00 · 2008-10-16 16:31:20 +00:00 · f90a7cce28
commit f90a7cce28
parent 41f8acf0fd
3 changed files with 15 additions and 7 deletions
--- a/lib/core/common.py
+++ b/lib/core/common.py
@ -33,6 +33,7 @@ import time
 import urlparse


+from lib.core.convert import urldecode
 from lib.core.data import conf
 from lib.core.data import kb
 from lib.core.data import logger
@ -497,7 +498,7 @@ def parseTargetUrl():
        conf.port = 80

    if __urlSplit[3]:
-        conf.parameters["GET"] = __urlSplit[3].replace("%", "%%")
+        conf.parameters["GET"] = urldecode(__urlSplit[3]).replace("%", "%%")

    conf.url = "%s://%s:%d%s" % (conf.scheme, conf.hostname, conf.port, conf.path)

--- a/lib/core/convert.py
+++ b/lib/core/convert.py
@ -72,7 +72,11 @@ def urldecode(string):
    if not string:
        return

-    return urllib.unquote_plus(string)
+    doublePercFreeString = string.replace("%%", "__DPERC__")
+    unquotedString = urllib.unquote_plus(doublePercFreeString)
+    unquotedString = unquotedString.replace("__DPERC__", "%%")
+
+    return unquotedString


 def urlencode(string, safe=":/?%&="):
--- a/lib/core/target.py
+++ b/lib/core/target.py
@ -32,6 +32,7 @@ from lib.core.common import dataToSessionFile
 from lib.core.common import paramToDict
 from lib.core.common import parseTargetUrl
 from lib.core.common import readInput
+from lib.core.convert import urldecode
 from lib.core.data import conf
 from lib.core.data import kb
 from lib.core.data import logger
@ -66,8 +67,9 @@ def __setRequestParams():
        raise sqlmapSyntaxException, errMsg

    if conf.data:
-        conf.parameters["POST"] = conf.data.replace("%", "%%")
-        __paramDict = paramToDict("POST", conf.data)
+        urlDecodedData = urldecode(conf.data).replace("%", "%%")
+        conf.parameters["POST"] = urlDecodedData
+        __paramDict = paramToDict("POST", urlDecodedData)

        if __paramDict:
            conf.paramDict["POST"] = __paramDict
@ -75,8 +77,9 @@ def __setRequestParams():

    # Perform checks on Cookie parameters
    if conf.cookie:
-        conf.parameters["Cookie"] = conf.cookie.replace("%", "%%")
-        __paramDict = paramToDict("Cookie", conf.cookie)
+        urlDecodedCookie = urldecode(conf.cookie).replace("%", "%%")
+        conf.parameters["Cookie"] = urlDecodedCookie
+        __paramDict = paramToDict("Cookie", urlDecodedCookie)

        if __paramDict:
            conf.paramDict["Cookie"] = __paramDict
@ -86,7 +89,7 @@ def __setRequestParams():
    if conf.httpHeaders:
        for httpHeader, headerValue in conf.httpHeaders:
            if httpHeader == "User-Agent":
-                conf.parameters["User-Agent"] = headerValue.replace("%", "%%")
+                conf.parameters["User-Agent"] = urldecode(headerValue).replace("%", "%%")

                condition  = not conf.testParameter
                condition |= "User-Agent" in conf.testParameter