PenTest/sqlmap
1
0
Fork 0
mirror of https://github.com/sqlmapproject/sqlmap.git synced 2025-12-06 04:31:30 +00:00
Code Issues Projects Releases Wiki Activity

Minor patch (it would go boom if special character was inside the --param-del)

Browse Source
This commit is contained in:
Miroslav Stampar
2014-04-06 17:02:32 +02:00
parent 053b0fd0e9
commit cf250a0381
1 changed files with 1 additions and 1 deletions
Download Patch File Download Diff File Expand all files Collapse all files

2
lib/controller/controller.py
View File

@@ -277,7 +277,7 @@ def start():
testSqlInj = False
if PLACE.GET in conf.parameters and not any([conf.data, conf.testParameter]):
for parameter in re.findall(r"([^=]+)=([^%s]+%s?|\Z)" % (conf.paramDel or DEFAULT_GET_POST_DELIMITER, conf.paramDel or DEFAULT_GET_POST_DELIMITER), conf.parameters[PLACE.GET]):
for parameter in re.findall(r"([^=]+)=([^%s]+%s?|\Z)" % (re.escape(conf.paramDel) or DEFAULT_GET_POST_DELIMITER, re.escape(conf.paramDel) or DEFAULT_GET_POST_DELIMITER), conf.parameters[PLACE.GET]):
paramKey = (conf.hostname, conf.path, PLACE.GET, parameter[0])
if paramKey not in kb.testedParams: