mirror of
https://github.com/sqlmapproject/sqlmap.git
synced 2024-11-22 09:36:35 +03:00
Minor fix to urldecode %3d and any other urlencoded values in target url, posted data and cookie
This commit is contained in:
parent
41f8acf0fd
commit
f90a7cce28
|
@ -33,6 +33,7 @@ import time
|
|||
import urlparse
|
||||
|
||||
|
||||
from lib.core.convert import urldecode
|
||||
from lib.core.data import conf
|
||||
from lib.core.data import kb
|
||||
from lib.core.data import logger
|
||||
|
@ -497,7 +498,7 @@ def parseTargetUrl():
|
|||
conf.port = 80
|
||||
|
||||
if __urlSplit[3]:
|
||||
conf.parameters["GET"] = __urlSplit[3].replace("%", "%%")
|
||||
conf.parameters["GET"] = urldecode(__urlSplit[3]).replace("%", "%%")
|
||||
|
||||
conf.url = "%s://%s:%d%s" % (conf.scheme, conf.hostname, conf.port, conf.path)
|
||||
|
||||
|
|
|
@ -72,7 +72,11 @@ def urldecode(string):
|
|||
if not string:
|
||||
return
|
||||
|
||||
return urllib.unquote_plus(string)
|
||||
doublePercFreeString = string.replace("%%", "__DPERC__")
|
||||
unquotedString = urllib.unquote_plus(doublePercFreeString)
|
||||
unquotedString = unquotedString.replace("__DPERC__", "%%")
|
||||
|
||||
return unquotedString
|
||||
|
||||
|
||||
def urlencode(string, safe=":/?%&="):
|
||||
|
|
|
@ -32,6 +32,7 @@ from lib.core.common import dataToSessionFile
|
|||
from lib.core.common import paramToDict
|
||||
from lib.core.common import parseTargetUrl
|
||||
from lib.core.common import readInput
|
||||
from lib.core.convert import urldecode
|
||||
from lib.core.data import conf
|
||||
from lib.core.data import kb
|
||||
from lib.core.data import logger
|
||||
|
@ -66,8 +67,9 @@ def __setRequestParams():
|
|||
raise sqlmapSyntaxException, errMsg
|
||||
|
||||
if conf.data:
|
||||
conf.parameters["POST"] = conf.data.replace("%", "%%")
|
||||
__paramDict = paramToDict("POST", conf.data)
|
||||
urlDecodedData = urldecode(conf.data).replace("%", "%%")
|
||||
conf.parameters["POST"] = urlDecodedData
|
||||
__paramDict = paramToDict("POST", urlDecodedData)
|
||||
|
||||
if __paramDict:
|
||||
conf.paramDict["POST"] = __paramDict
|
||||
|
@ -75,8 +77,9 @@ def __setRequestParams():
|
|||
|
||||
# Perform checks on Cookie parameters
|
||||
if conf.cookie:
|
||||
conf.parameters["Cookie"] = conf.cookie.replace("%", "%%")
|
||||
__paramDict = paramToDict("Cookie", conf.cookie)
|
||||
urlDecodedCookie = urldecode(conf.cookie).replace("%", "%%")
|
||||
conf.parameters["Cookie"] = urlDecodedCookie
|
||||
__paramDict = paramToDict("Cookie", urlDecodedCookie)
|
||||
|
||||
if __paramDict:
|
||||
conf.paramDict["Cookie"] = __paramDict
|
||||
|
@ -86,7 +89,7 @@ def __setRequestParams():
|
|||
if conf.httpHeaders:
|
||||
for httpHeader, headerValue in conf.httpHeaders:
|
||||
if httpHeader == "User-Agent":
|
||||
conf.parameters["User-Agent"] = headerValue.replace("%", "%%")
|
||||
conf.parameters["User-Agent"] = urldecode(headerValue).replace("%", "%%")
|
||||
|
||||
condition = not conf.testParameter
|
||||
condition |= "User-Agent" in conf.testParameter
|
||||
|
|
Loading…
Reference in New Issue
Block a user