From 0ad8090ad8a9ccca80761e6a1935bd49ff1ef997 Mon Sep 17 00:00:00 2001 From: Miroslav Stampar Date: Fri, 1 Oct 2010 08:03:39 +0000 Subject: [PATCH] fix for a google bug reported by Brandon E. --- doc/THANKS | 3 +++ lib/core/convert.py | 8 +++++++- lib/utils/google.py | 3 ++- 3 files changed, 12 insertions(+), 2 deletions(-) diff --git a/doc/THANKS b/doc/THANKS index 0db6cd35d..8d933f9e3 100644 --- a/doc/THANKS +++ b/doc/THANKS @@ -68,6 +68,9 @@ Dan Guido Vulnerability Analysis class at the Polytechnic University of New York, http://isisblogs.poly.edu/courses/pentest/ +Brandon E. + for reporting a bug + Adam Faheem for reporting a few bugs diff --git a/lib/core/convert.py b/lib/core/convert.py index bf2a7435e..b8f8f1686 100644 --- a/lib/core/convert.py +++ b/lib/core/convert.py @@ -79,7 +79,7 @@ def sha1hash(string): def urldecode(string): result = None - + if string: result = urllib.unquote_plus(string) @@ -106,3 +106,9 @@ def utf8encode(string): def utf8decode(string): return string.decode("utf-8") + +def htmlescape(string): + return string.replace('&', '&').replace('<', '<').replace('>', '>').replace('"', '"').replace("'", ''') + +def htmlunescape(string): + return string.replace('&', '&').replace('<', '<').replace('>', '>').replace('"', '"').replace(''', "'") diff --git a/lib/utils/google.py b/lib/utils/google.py index 707b98b73..84a01a325 100644 --- a/lib/utils/google.py +++ b/lib/utils/google.py @@ -28,6 +28,7 @@ import socket import urllib2 from lib.core.common import getUnicode +from lib.core.convert import htmlunescape from lib.core.convert import urlencode from lib.core.data import conf from lib.core.data import kb @@ -71,7 +72,7 @@ class Google: for match in self.__matches: if re.search("(.*?)\?(.+)", match, re.I): - kb.targetUrls.add(( match, None, None, None )) + kb.targetUrls.add(( htmlunescape(match), None, None, None )) def getCookie(self): """