From accf4e6ce0dc46e3bae41ab257bdb1c916be40b6 Mon Sep 17 00:00:00 2001 From: Miroslav Stampar Date: Fri, 4 Feb 2011 12:43:18 +0000 Subject: [PATCH] one important fix (URI injection parameter '*' now can go anywhere) --- lib/core/common.py | 7 ++++++- lib/core/settings.py | 2 ++ 2 files changed, 8 insertions(+), 1 deletion(-) diff --git a/lib/core/common.py b/lib/core/common.py index a51fbbfe9..445c9c18e 100644 --- a/lib/core/common.py +++ b/lib/core/common.py @@ -85,6 +85,8 @@ from lib.core.settings import TIME_STDEV_COEFF from lib.core.settings import DYNAMICITY_MARK_LENGTH from lib.core.settings import SENSITIVE_DATA_REGEX from lib.core.settings import UNKNOWN_DBMS_VERSION +from lib.core.settings import URI_INJECTION_MARK_CHAR +from lib.core.settings import URI_QUESTION_MARKER from lib.core.threads import getCurrentThreadData class UnicodeRawConfigParser(RawConfigParser): @@ -950,7 +952,6 @@ def parseTargetUrl(): """ Parse target url and set some attributes into the configuration singleton. """ - if not conf.url: return @@ -960,6 +961,9 @@ def parseTargetUrl(): else: conf.url = "http://" + conf.url + if URI_INJECTION_MARK_CHAR in conf.url: + conf.url = conf.url.replace('?', URI_QUESTION_MARKER) + __urlSplit = urlparse.urlsplit(conf.url) __hostnamePort = __urlSplit[1].split(":") @@ -986,6 +990,7 @@ def parseTargetUrl(): conf.parameters[PLACE.GET] = urldecode(__urlSplit[3]) conf.url = "%s://%s:%d%s" % (conf.scheme, conf.hostname, conf.port, conf.path) + conf.url = conf.url.replace(URI_QUESTION_MARKER, '?') def expandAsteriskForColumns(expression): # If the user provided an asterisk rather than the column(s) diff --git a/lib/core/settings.py b/lib/core/settings.py index d14fc4f83..3d07ba48d 100644 --- a/lib/core/settings.py +++ b/lib/core/settings.py @@ -52,6 +52,8 @@ DUMP_TAB_MARKER = "__TAB__" DUMP_START_MARKER = "__START__" DUMP_STOP_MARKER = "__STOP__" +URI_QUESTION_MARKER = "__QUESTION_MARK__" + PAYLOAD_DELIMITER = "\x00" CHAR_INFERENCE_MARK = "%c" NON_CONTROL_CHAR_REGEX = r'[^\x00-\x1f]'