From f90a7cce283b746417939e2cd9f8934079747576 Mon Sep 17 00:00:00 2001 From: Bernardo Damele Date: Thu, 16 Oct 2008 16:31:20 +0000 Subject: [PATCH] Minor fix to urldecode %3d and any other urlencoded values in target url, posted data and cookie --- lib/core/common.py | 3 ++- lib/core/convert.py | 6 +++++- lib/core/target.py | 13 ++++++++----- 3 files changed, 15 insertions(+), 7 deletions(-) diff --git a/lib/core/common.py b/lib/core/common.py index aba01041a..b78f45a20 100644 --- a/lib/core/common.py +++ b/lib/core/common.py @@ -33,6 +33,7 @@ import time import urlparse +from lib.core.convert import urldecode from lib.core.data import conf from lib.core.data import kb from lib.core.data import logger @@ -497,7 +498,7 @@ def parseTargetUrl(): conf.port = 80 if __urlSplit[3]: - conf.parameters["GET"] = __urlSplit[3].replace("%", "%%") + conf.parameters["GET"] = urldecode(__urlSplit[3]).replace("%", "%%") conf.url = "%s://%s:%d%s" % (conf.scheme, conf.hostname, conf.port, conf.path) diff --git a/lib/core/convert.py b/lib/core/convert.py index 258237aa0..449fc73f1 100644 --- a/lib/core/convert.py +++ b/lib/core/convert.py @@ -72,7 +72,11 @@ def urldecode(string): if not string: return - return urllib.unquote_plus(string) + doublePercFreeString = string.replace("%%", "__DPERC__") + unquotedString = urllib.unquote_plus(doublePercFreeString) + unquotedString = unquotedString.replace("__DPERC__", "%%") + + return unquotedString def urlencode(string, safe=":/?%&="): diff --git a/lib/core/target.py b/lib/core/target.py index c94773ff6..36364d7e2 100644 --- a/lib/core/target.py +++ b/lib/core/target.py @@ -32,6 +32,7 @@ from lib.core.common import dataToSessionFile from lib.core.common import paramToDict from lib.core.common import parseTargetUrl from lib.core.common import readInput +from lib.core.convert import urldecode from lib.core.data import conf from lib.core.data import kb from lib.core.data import logger @@ -66,8 +67,9 @@ def __setRequestParams(): raise sqlmapSyntaxException, errMsg if conf.data: - conf.parameters["POST"] = conf.data.replace("%", "%%") - __paramDict = paramToDict("POST", conf.data) + urlDecodedData = urldecode(conf.data).replace("%", "%%") + conf.parameters["POST"] = urlDecodedData + __paramDict = paramToDict("POST", urlDecodedData) if __paramDict: conf.paramDict["POST"] = __paramDict @@ -75,8 +77,9 @@ def __setRequestParams(): # Perform checks on Cookie parameters if conf.cookie: - conf.parameters["Cookie"] = conf.cookie.replace("%", "%%") - __paramDict = paramToDict("Cookie", conf.cookie) + urlDecodedCookie = urldecode(conf.cookie).replace("%", "%%") + conf.parameters["Cookie"] = urlDecodedCookie + __paramDict = paramToDict("Cookie", urlDecodedCookie) if __paramDict: conf.paramDict["Cookie"] = __paramDict @@ -86,7 +89,7 @@ def __setRequestParams(): if conf.httpHeaders: for httpHeader, headerValue in conf.httpHeaders: if httpHeader == "User-Agent": - conf.parameters["User-Agent"] = headerValue.replace("%", "%%") + conf.parameters["User-Agent"] = urldecode(headerValue).replace("%", "%%") condition = not conf.testParameter condition |= "User-Agent" in conf.testParameter