sqlmapproject/sqlmap
1
1
Fork 0
mirror of https://github.com/sqlmapproject/sqlmap.git synced 2025-03-23 19:34:13 +03:00
Code Issues Packages Projects Releases Wiki Activity

more changes regarding path (URI) injection

Browse Source
This commit is contained in:
Miroslav Stampar 2010-09-24 09:19:14 +00:00
parent 78ba5da4f7
commit ff419f7384
2 changed files with 12 additions and 4 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
lib/core/agent.py
View File

@ -102,7 +102,7 @@ class Agent:
# Before identifing the injectable parameter # Before identifing the injectable parameter
elif parameter == "User-Agent": elif parameter == "User-Agent":
retValue = value.replace(value, newValue) retValue = value.replace(value, newValue)
elif parameter == "URI": elif place == "URI":
retValue = value.replace("*", " %s " % newValue.replace(value, str())) retValue = value.replace("*", " %s " % newValue.replace(value, str()))
else: else:
paramString = conf.parameters[place] paramString = conf.parameters[place]

14
lib/core/target.py
View File

@ -83,10 +83,18 @@ def __setRequestParams():
conf.method = "POST" conf.method = "POST"
if '*' in conf.url: if "*" in conf.url:
conf.parameters["URI"] = conf.url conf.parameters["URI"] = conf.url
conf.paramDict["URI"] = { "URI": conf.url } # similar as for User-Agent conf.paramDict["URI"] = {}
conf.url = conf.url.replace('*', '') parts = conf.url.split("*")
for i in range(len(parts)-1):
result = str()
for j in range(len(parts)):
result += parts[j]
if i == j:
result += "*"
conf.paramDict["URI"]["#%d" % (i+1)] = result
conf.url = conf.url.replace("*", str())
__testableParameters = True __testableParameters = True
# Perform checks on Cookie parameters # Perform checks on Cookie parameters