mirror of
https://github.com/sqlmapproject/sqlmap.git
synced 2024-11-22 09:36:35 +03:00
Minor fix to urldecode %3d and any other urlencoded values in target url, posted data and cookie
This commit is contained in:
parent
41f8acf0fd
commit
f90a7cce28
|
@ -33,6 +33,7 @@ import time
|
||||||
import urlparse
|
import urlparse
|
||||||
|
|
||||||
|
|
||||||
|
from lib.core.convert import urldecode
|
||||||
from lib.core.data import conf
|
from lib.core.data import conf
|
||||||
from lib.core.data import kb
|
from lib.core.data import kb
|
||||||
from lib.core.data import logger
|
from lib.core.data import logger
|
||||||
|
@ -497,7 +498,7 @@ def parseTargetUrl():
|
||||||
conf.port = 80
|
conf.port = 80
|
||||||
|
|
||||||
if __urlSplit[3]:
|
if __urlSplit[3]:
|
||||||
conf.parameters["GET"] = __urlSplit[3].replace("%", "%%")
|
conf.parameters["GET"] = urldecode(__urlSplit[3]).replace("%", "%%")
|
||||||
|
|
||||||
conf.url = "%s://%s:%d%s" % (conf.scheme, conf.hostname, conf.port, conf.path)
|
conf.url = "%s://%s:%d%s" % (conf.scheme, conf.hostname, conf.port, conf.path)
|
||||||
|
|
||||||
|
|
|
@ -72,7 +72,11 @@ def urldecode(string):
|
||||||
if not string:
|
if not string:
|
||||||
return
|
return
|
||||||
|
|
||||||
return urllib.unquote_plus(string)
|
doublePercFreeString = string.replace("%%", "__DPERC__")
|
||||||
|
unquotedString = urllib.unquote_plus(doublePercFreeString)
|
||||||
|
unquotedString = unquotedString.replace("__DPERC__", "%%")
|
||||||
|
|
||||||
|
return unquotedString
|
||||||
|
|
||||||
|
|
||||||
def urlencode(string, safe=":/?%&="):
|
def urlencode(string, safe=":/?%&="):
|
||||||
|
|
|
@ -32,6 +32,7 @@ from lib.core.common import dataToSessionFile
|
||||||
from lib.core.common import paramToDict
|
from lib.core.common import paramToDict
|
||||||
from lib.core.common import parseTargetUrl
|
from lib.core.common import parseTargetUrl
|
||||||
from lib.core.common import readInput
|
from lib.core.common import readInput
|
||||||
|
from lib.core.convert import urldecode
|
||||||
from lib.core.data import conf
|
from lib.core.data import conf
|
||||||
from lib.core.data import kb
|
from lib.core.data import kb
|
||||||
from lib.core.data import logger
|
from lib.core.data import logger
|
||||||
|
@ -66,8 +67,9 @@ def __setRequestParams():
|
||||||
raise sqlmapSyntaxException, errMsg
|
raise sqlmapSyntaxException, errMsg
|
||||||
|
|
||||||
if conf.data:
|
if conf.data:
|
||||||
conf.parameters["POST"] = conf.data.replace("%", "%%")
|
urlDecodedData = urldecode(conf.data).replace("%", "%%")
|
||||||
__paramDict = paramToDict("POST", conf.data)
|
conf.parameters["POST"] = urlDecodedData
|
||||||
|
__paramDict = paramToDict("POST", urlDecodedData)
|
||||||
|
|
||||||
if __paramDict:
|
if __paramDict:
|
||||||
conf.paramDict["POST"] = __paramDict
|
conf.paramDict["POST"] = __paramDict
|
||||||
|
@ -75,8 +77,9 @@ def __setRequestParams():
|
||||||
|
|
||||||
# Perform checks on Cookie parameters
|
# Perform checks on Cookie parameters
|
||||||
if conf.cookie:
|
if conf.cookie:
|
||||||
conf.parameters["Cookie"] = conf.cookie.replace("%", "%%")
|
urlDecodedCookie = urldecode(conf.cookie).replace("%", "%%")
|
||||||
__paramDict = paramToDict("Cookie", conf.cookie)
|
conf.parameters["Cookie"] = urlDecodedCookie
|
||||||
|
__paramDict = paramToDict("Cookie", urlDecodedCookie)
|
||||||
|
|
||||||
if __paramDict:
|
if __paramDict:
|
||||||
conf.paramDict["Cookie"] = __paramDict
|
conf.paramDict["Cookie"] = __paramDict
|
||||||
|
@ -86,7 +89,7 @@ def __setRequestParams():
|
||||||
if conf.httpHeaders:
|
if conf.httpHeaders:
|
||||||
for httpHeader, headerValue in conf.httpHeaders:
|
for httpHeader, headerValue in conf.httpHeaders:
|
||||||
if httpHeader == "User-Agent":
|
if httpHeader == "User-Agent":
|
||||||
conf.parameters["User-Agent"] = headerValue.replace("%", "%%")
|
conf.parameters["User-Agent"] = urldecode(headerValue).replace("%", "%%")
|
||||||
|
|
||||||
condition = not conf.testParameter
|
condition = not conf.testParameter
|
||||||
condition |= "User-Agent" in conf.testParameter
|
condition |= "User-Agent" in conf.testParameter
|
||||||
|
|
Loading…
Reference in New Issue
Block a user