PenTest/sqlmap
1
0
Fork 0
mirror of https://github.com/sqlmapproject/sqlmap.git synced 2025-12-06 12:41:30 +00:00
Code Issues Projects Releases Wiki Activity

Implementation for #2552 (sorry @mg98)

Browse Source
This commit is contained in:
Miroslav Stampar
2018-12-10 14:53:11 +01:00
parent e47c1aa61b
commit 2c95b65eac
7 changed files with 61 additions and 42 deletions
Download Patch File Download Diff File Expand all files Collapse all files

2
lib/core/common.py
View File

@@ -600,7 +600,7 @@ def paramToDict(place, parameters=None):
if condition:
testableParameters[parameter] = "=".join(parts[1:])
if not conf.multipleTargets and not (conf.csrfToken and parameter == conf.csrfToken):
if not conf.multipleTargets and not (conf.csrfToken and re.search(conf.csrfToken, parameter, re.I)):
_ = urldecode(testableParameters[parameter], convall=True)
if (_.endswith("'") and _.count("'") == 1 or re.search(r'\A9{3,}', _) or re.search(r'\A-\d+\Z', _) or re.search(DUMMY_USER_INJECTION, _)) and not parameter.upper().startswith(GOOGLE_ANALYTICS_COOKIE_PREFIX):
warnMsg = "it appears that you have provided tainted parameter values "