Thanks to visit codestin.com
Credit goes to github.com

Skip to content

Commit 03413bd

Browse files
stamparmstamparm
committed
minor refactoring before a huge bug fix reported by Ahmed Shawky (we are falsely urlencoding ORIGINAL part of the injection payload)
1 parent 539168d commit 03413bd

2 files changed

Lines changed: 6 additions & 2 deletions

File tree

lib/core/settings.py

Lines changed: 4 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -13,6 +13,7 @@
1313
import sys
1414

1515
from lib.core.enums import DBMS
16+
from lib.core.enums import PLACE
1617
from lib.core.revision import getRevisionNumber
1718

1819
# sqlmap version and site
@@ -204,3 +205,6 @@
204205

205206
# Splitter used between requests in BURP log files
206207
BURP_SPLITTER = "======================================================"
208+
209+
# Do the url-encoding based on parameter place
210+
URL_ENCODE_PAYLOAD = { PLACE.GET: True, PLACE.POST: True, PLACE.COOKIE: False, PLACE.UA: True, PLACE.URI: False }

lib/request/connect.py

Lines changed: 2 additions & 2 deletions
Original file line numberDiff line numberDiff line change
@@ -40,6 +40,7 @@
4040
from lib.core.exception import sqlmapConnectionException
4141
from lib.core.exception import sqlmapSyntaxException
4242
from lib.core.settings import MIN_TIME_RESPONSES
43+
from lib.core.settings import URL_ENCODE_PAYLOAD
4344
from lib.core.threads import getCurrentThreadData
4445
from lib.request.basic import decodePage
4546
from lib.request.basic import forgeHeaders
@@ -382,7 +383,6 @@ def queryPage(value=None, place=None, content=False, getSeqMatcher=False, silent
382383
pageLength = None
383384
uri = None
384385
raise404 = place != PLACE.URI if raise404 is None else raise404
385-
toUrlencode = { PLACE.GET: True, PLACE.POST: True, PLACE.COOKIE: conf.cookieUrlencode, PLACE.UA: True, PLACE.URI: False }
386386

387387
if not place:
388388
place = kb.injection.place
@@ -403,7 +403,7 @@ def queryPage(value=None, place=None, content=False, getSeqMatcher=False, silent
403403
value = agent.removePayloadDelimiters(value, False)
404404
value = urlEncodeCookieValues(value)
405405
elif place:
406-
value = agent.removePayloadDelimiters(value, toUrlencode[place])
406+
value = agent.removePayloadDelimiters(value, URL_ENCODE_PAYLOAD[place])
407407

408408
if conf.checkPayload:
409409
checkPayload(value)

0 commit comments

Comments
 (0)