PenTest/sqlmap
1
0
Fork 0
mirror of https://github.com/sqlmapproject/sqlmap.git synced 2025-12-07 05:01:30 +00:00
Code Issues Projects Releases Wiki Activity

Bug fix regarding a problem reported by user @blink2014

Browse Source
This commit is contained in:
Miroslav Stampar
2014-12-20 00:23:31 +01:00
parent 6cb76bcf85
commit 4f122ee008
4 changed files with 6 additions and 4 deletions
Download Patch File Download Diff File Expand all files Collapse all files

3
lib/core/common.py
View File

@@ -97,7 +97,6 @@ from lib.core.settings import DEFAULT_COOKIE_DELIMITER
from lib.core.settings import DEFAULT_GET_POST_DELIMITER
from lib.core.settings import DEFAULT_MSSQL_SCHEMA
from lib.core.settings import DESCRIPTION
from lib.core.settings import DUMMY_SQL_INJECTION_CHARS
from lib.core.settings import DUMMY_USER_INJECTION
from lib.core.settings import DYNAMICITY_MARK_LENGTH
from lib.core.settings import ERROR_PARSING_REGEXES
@@ -573,7 +572,7 @@ def paramToDict(place, parameters=None):
testableParameters[parameter] = "=".join(parts[1:])
if not conf.multipleTargets and not (conf.csrfToken and parameter == conf.csrfToken):
_ = urldecode(testableParameters[parameter], convall=True)
if (_.strip(DUMMY_SQL_INJECTION_CHARS) != _\
if (_.endswith("'") and _.count("'") == 1
or re.search(r'\A9{3,}', _) or re.search(DUMMY_USER_INJECTION, _))\
and not parameter.upper().startswith(GOOGLE_ANALYTICS_COOKIE_PREFIX):
warnMsg = "it appears that you have provided tainted parameter values "