PenTest/sqlmap
1
0
Fork 0
mirror of https://github.com/sqlmapproject/sqlmap.git synced 2025-12-07 13:11:29 +00:00
Code Issues Projects Releases Wiki Activity

Fix for json/eval bug (#5013)

Browse Source
This commit is contained in:
Miroslav Stampar
2022-03-07 17:30:49 +01:00
parent b1881129b6
commit 0b775b6d1d
2 changed files with 12 additions and 1 deletions
Download Patch File Download Diff File Expand all files Collapse all files

11
lib/request/connect.py
View File

@@ -1357,6 +1357,17 @@ class Connect(object):
found = True
post = re.sub(r"(?s)(\b%s>)(.*?)(</[^<]*\b%s>)" % (re.escape(name), re.escape(name)), r"\g<1>%s\g<3>" % value.replace('\\', r'\\'), post)
elif kb.postHint in (POST_HINT.JSON, POST_HINT.JSON_LIKE):
match = re.search(r"['\"]%s['\"]:" % re.escape(name), post)
if match:
quote = match.group(0)[0]
post = post.replace("\\%s" % quote, BOUNDARY_BACKSLASH_MARKER)
match = re.search(r"(%s%s%s:\s*)(\d+|%s[^%s]*%s)" % (quote, re.escape(name), quote, quote, quote, quote), post)
if match:
found = True
post = post.replace(match.group(0), "%s%s" % (match.group(1), value if value.isdigit() else "%s%s%s" % (match.group(0)[0], value, match.group(0)[0])))
post = post.replace(BOUNDARY_BACKSLASH_MARKER, "\\%s" % quote)
regex = r"\b(%s)\b([^\w]+)(\w+)" % re.escape(name)
if not found and re.search(regex, (post or "")):
found = True