changes regarding Data (GET/POST/Cookie) encoding (Bug #129)

2025-12-07 05:01:30 +00:00 · 2010-01-14 18:05:03 +00:00
parent 1d968f51e9
commit 26c7b74e65
8 changed files with 20 additions and 14 deletions
--- a/lib/core/agent.py
+++ b/lib/core/agent.py
@@ -26,6 +26,7 @@ import re

 from lib.core.common import randomInt
 from lib.core.common import randomStr
+from lib.core.convert import urlencode
 from lib.core.data import conf
 from lib.core.data import kb
 from lib.core.data import queries
@@ -77,7 +78,12 @@ class Agent:
            paramString = conf.parameters[place]
            retValue = paramString.replace("%s=%s" % (parameter, value),
                                           "%s=%s" % (parameter, newValue))
-
+        
+        if conf.cookieUrlencode and (kb.injPlace == "Cookie" or place == "Cookie"):
+            name = retValue[:retValue.find('=')]
+            value = retValue[retValue.find('=') + 1:]
+            retValue = "%s=%s" % (name, urlencode(value, convall=True))
+            
        return retValue

    def fullPayload(self, query):
--- a/lib/core/option.py
+++ b/lib/core/option.py
@@ -38,7 +38,6 @@ from lib.core.common import getFileType
 from lib.core.common import parseTargetUrl
 from lib.core.common import paths
 from lib.core.common import randomRange
-from lib.core.common import sanitizeCookie
 from lib.core.common import sanitizeStr
 from lib.core.data import conf
 from lib.core.data import kb
@@ -847,8 +846,6 @@ def __setHTTPCookies():
        debugMsg = "setting the HTTP Cookie header"
        logger.debug(debugMsg)
        
-        conf.cookie = sanitizeCookie(conf.cookie, True)
-        
        conf.httpHeaders.append(("Connection", "Keep-Alive"))
        conf.httpHeaders.append(("Cookie", conf.cookie))

--- a/lib/core/optiondict.py
+++ b/lib/core/optiondict.py
@@ -61,7 +61,8 @@ optDict = {
                               "string":            "string",
                               "regexp":            "string",
                               "eString":           "string",
-                               "eRegexp":           "string"
+                               "eRegexp":           "string",
+                               "cookieUrlencode":   "boolean"
                             },

            "Techniques":    {
--- a/lib/core/target.py
+++ b/lib/core/target.py
@@ -28,7 +28,6 @@ import time
 from lib.core.common import dataToSessionFile
 from lib.core.common import paramToDict
 from lib.core.common import parseTargetUrl
-from lib.core.common import sanitizeCookie
 from lib.core.data import conf
 from lib.core.data import kb
 from lib.core.data import logger
@@ -73,7 +72,6 @@ def __setRequestParams():

    # Perform checks on Cookie parameters
    if conf.cookie:
-        conf.cookie = sanitizeCookie(conf.cookie)
        conf.parameters["Cookie"] = conf.cookie
        __paramDict = paramToDict("Cookie", conf.cookie)