PenTest/sqlmap
1
0
Fork 0
mirror of https://github.com/sqlmapproject/sqlmap.git synced 2025-12-07 05:01:30 +00:00
Code Issues Projects Releases Wiki Activity

more changes regarding path (URI) injection

Browse Source
This commit is contained in:
Miroslav Stampar
2010-09-24 09:19:14 +00:00
parent 78ba5da4f7
commit ff419f7384
2 changed files with 12 additions and 4 deletions
Download Patch File Download Diff File Expand all files Collapse all files

14
lib/core/target.py
View File

@@ -83,10 +83,18 @@ def __setRequestParams():
conf.method = "POST"
if '*' in conf.url:
if "*" in conf.url:
conf.parameters["URI"] = conf.url
conf.paramDict["URI"] = { "URI": conf.url } # similar as for User-Agent
conf.url = conf.url.replace('*', '')
conf.paramDict["URI"] = {}
parts = conf.url.split("*")
for i in range(len(parts)-1):
result = str()
for j in range(len(parts)):
result += parts[j]
if i == j:
result += "*"
conf.paramDict["URI"]["#%d" % (i+1)] = result
conf.url = conf.url.replace("*", str())
__testableParameters = True
# Perform checks on Cookie parameters