mirror of
https://github.com/sqlmapproject/sqlmap.git
synced 2025-12-14 19:59:03 +00:00
Implemented a better way to deal with % characters in parameters' value. Minor code restyle.
This commit is contained in:
Bernardo Damele
@@ -87,14 +87,14 @@ class Connect:
|
||||
get = conf.parameters["GET"]
|
||||
|
||||
if get:
|
||||
get = urlencode(get)
|
||||
get = urlencode(get).replace("%%", "%")
|
||||
url = "%s?%s" % (url, get)
|
||||
requestMsg += "?%s" % get
|
||||
elif conf.method == "POST":
|
||||
if conf.parameters.has_key("POST") and not post:
|
||||
post = conf.parameters["POST"]
|
||||
|
||||
post = urlencode(post)
|
||||
post = urlencode(post).replace("%%", "%")
|
||||
|
||||
requestMsg += " HTTP/1.1"
|
||||
|
||||
@@ -113,7 +113,7 @@ class Connect:
|
||||
if not cookieStr:
|
||||
cookieStr = "Cookie: "
|
||||
|
||||
cookie = str(cookie)
|
||||
cookie = str(cookie).replace("%%", "%")
|
||||
index = cookie.index(" for ")
|
||||
|
||||
cookieStr += "%s; " % cookie[8:index]
|
||||
|
||||
@@ -55,8 +55,7 @@ def __getFieldsProxy(expression):
|
||||
def __goInference(payload, expression):
|
||||
start = time.time()
|
||||
|
||||
if conf.sessionFile:
|
||||
dataToSessionFile("[%s][%s][%s][%s][" % (conf.url, kb.injPlace, conf.parameters[kb.injPlace], expression))
|
||||
dataToSessionFile("[%s][%s][%s][%s][" % (conf.url, kb.injPlace, conf.parameters[kb.injPlace], expression))
|
||||
|
||||
if ( conf.eta or conf.threads > 1 ) and kb.dbms:
|
||||
_, length, _ = queryOutputLength(expression, payload)
|
||||
@@ -326,7 +325,7 @@ def __goInband(expression):
|
||||
|
||||
output = re.findall(regExpr, output, re.S)
|
||||
|
||||
if conf.sessionFile and ( partial or not condition ):
|
||||
if partial or not condition:
|
||||
logOutput = "".join(["__START__%s__STOP__" % replaceNewlineTabs(value) for value in output])
|
||||
dataToSessionFile("[%s][%s][%s][%s][%s]\n" % (conf.url, kb.injPlace, conf.parameters[kb.injPlace], expression, logOutput))
|
||||
|
||||
|
||||
Reference in New Issue
Block a user