PenTest/sqlmap
1
0
Fork 0
mirror of https://github.com/sqlmapproject/sqlmap.git synced 2025-12-06 12:41:30 +00:00
Code Issues Projects Releases Wiki Activity

Implementation for an Issue #2

Browse Source
This commit is contained in:
Miroslav Stampar
2012-10-19 11:02:14 +02:00
parent 688a2db27a
commit d65d9e25cd
3 changed files with 21 additions and 4 deletions
Download Patch File Download Diff File Expand all files Collapse all files

10
lib/request/basic.py
View File

@@ -28,10 +28,12 @@ from lib.core.enums import PLACE
from lib.core.exception import sqlmapCompressionException
from lib.core.htmlentities import htmlEntities
from lib.core.settings import DEFAULT_COOKIE_DELIMITER
from lib.core.settings import EVENTVALIDATION_REGEX
from lib.core.settings import MAX_CONNECTION_TOTAL_SIZE
from lib.core.settings import ML
from lib.core.settings import META_CHARSET_REGEX
from lib.core.settings import PARSE_HEADERS_LIMIT
from lib.core.settings import VIEWSTATE_REGEX
from lib.parse.headers import headersParser
from lib.parse.html import htmlParser
from thirdparty.chardet import detect
@@ -260,3 +262,11 @@ def processResponse(page, responseHeaders):
if msg:
logger.info("parsed error message: '%s'" % msg)
for regex in (EVENTVALIDATION_REGEX, VIEWSTATE_REGEX):
match = re.search(regex, page)
if match and PLACE.POST in conf.parameters:
name, value = match.groups()
conf.parameters[PLACE.POST] = re.sub("(%s=)[^&]+" % name, r"\g<1>%s" % value, conf.parameters[PLACE.POST])
if PLACE.POST in conf.paramDict and name in conf.paramDict[PLACE.POST]:
conf.paramDict[PLACE.POST][name] = value