PenTest/sqlmap
1
0
Fork 0
mirror of https://github.com/sqlmapproject/sqlmap.git synced 2025-12-06 20:51:31 +00:00
Code Issues Projects Releases Wiki Activity

Minor fix for --eval (urldecoded values should be used inside evaluation)

Browse Source
This commit is contained in:
Miroslav Stampar
2013-02-12 17:01:47 +01:00
parent b6f7da6832
commit c34f6e25b2
2 changed files with 3 additions and 1 deletions
Download Patch File Download Diff File Expand all files Collapse all files

2
lib/core/common.py
View File

@@ -2025,7 +2025,7 @@ def urldecode(value, encoding=None, unsafe="%%&=;+%s" % CUSTOM_INJECTION_MARK_CH
pass
finally:
if convall:
result = urllib.unquote_plus(value)
result = urllib.unquote_plus(value) if plusspace else urllib.unquote(value)
else:
def _(match):
charset = reduce(lambda x, y: x.replace(y, ""), unsafe, string.printable)

2
lib/request/connect.py
View File

@@ -36,6 +36,7 @@ from lib.core.common import singleTimeWarnMessage
from lib.core.common import stdev
from lib.core.common import wasLastResponseDelayed
from lib.core.common import unicodeencode
from lib.core.common import urldecode
from lib.core.common import urlencode
from lib.core.data import conf
from lib.core.data import kb
@@ -716,6 +717,7 @@ class Connect(object):
for part in item.split(delimiter):
if '=' in part:
name, value = part.split('=', 1)
value = urldecode(value, convall=True, plusspace=(item==post and kb.postSpaceToPlus))
evaluateCode("%s=%s" % (name, repr(value)), variables)
originals.update(variables)