PenTest/sqlmap
1
0
Fork 0
mirror of https://github.com/sqlmapproject/sqlmap.git synced 2025-12-06 12:41:30 +00:00
Code Issues Projects Releases Wiki Activity

major bug fix reported by Ahmed Shawky (there was a possibility of double url encoding of parameter values)

Browse Source
This commit is contained in:
Miroslav Stampar
2011-01-27 18:36:28 +00:00
parent 03413bd5e0
commit 81722b6881
4 changed files with 11 additions and 6 deletions
Download Patch File Download Diff File Expand all files Collapse all files

5
lib/core/target.py
View File

@@ -16,6 +16,7 @@ import time
from lib.core.common import dataToSessionFile
from lib.core.common import paramToDict
from lib.core.common import readInput
from lib.core.convert import urldecode
from lib.core.data import cmdLineOptions
from lib.core.data import conf
from lib.core.data import kb
@@ -61,7 +62,7 @@ def __setRequestParams():
if conf.data:
conf.data = conf.data.replace("\n", " ")
conf.parameters[PLACE.POST] = conf.data
conf.parameters[PLACE.POST] = urldecode(conf.data)
# Check if POST data is in xml syntax
if re.match("[\n]*<(\?xml |soap\:|ns).*>", conf.data):
@@ -104,7 +105,7 @@ def __setRequestParams():
for httpHeader, headerValue in conf.httpHeaders:
if httpHeader == PLACE.UA:
# No need for url encoding/decoding the user agent
conf.parameters[PLACE.UA] = headerValue
conf.parameters[PLACE.UA] = urldecode(headerValue)
condition = not conf.testParameter
condition |= PLACE.UA in conf.testParameter