Thanks to visit codestin.com
Credit goes to github.com

Skip to content

Commit 148d1c9

Browse files
stamparmstamparm
committed
Fixes #3037 
1 parent a8cb14e commit 148d1c9

4 files changed

Lines changed: 24 additions & 12 deletions

File tree

lib/core/common.py

Lines changed: 17 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -1493,6 +1493,23 @@ def parseTargetUrl():
14931493
if conf.url != originalUrl:
14941494
kb.originalUrls[conf.url] = originalUrl
14951495

1496+
def escapeJsonValue(value):
1497+
"""
1498+
Escapes JSON value (used in payloads)
1499+
1500+
# Reference: https://stackoverflow.com/a/16652683
1501+
"""
1502+
1503+
retVal = ""
1504+
1505+
for char in value:
1506+
if char < ' ' or char == '"':
1507+
retVal += json.dumps(char)[1:-1]
1508+
else:
1509+
retVal += char
1510+
1511+
return retVal
1512+
14961513
def expandAsteriskForColumns(expression):
14971514
"""
14981515
If the user provided an asterisk rather than the column(s)

lib/core/settings.py

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -19,7 +19,7 @@
1919
from lib.core.enums import OS
2020

2121
# sqlmap version (<major>.<minor>.<month>.<monthly commit>)
22-
VERSION = "1.2.4.13"
22+
VERSION = "1.2.4.14"
2323
TYPE = "dev" if VERSION.count('.') > 2 and VERSION.split('.')[-1] != '0' else "stable"
2424
TYPE_COLORS = {"dev": 33, "stable": 90, "pip": 34}
2525
VERSION_STRING = "sqlmap/%s#%s" % ('.'.join(VERSION.split('.')[:-1]) if VERSION.count('.') > 2 and VERSION.split('.')[-1] == '0' else VERSION, TYPE)

lib/request/connect.py

Lines changed: 3 additions & 8 deletions
Original file line numberDiff line numberDiff line change
@@ -34,6 +34,7 @@ class WebSocketException(Exception):
3434
from lib.core.common import checkSameHost
3535
from lib.core.common import clearConsoleLine
3636
from lib.core.common import dataToStdout
37+
from lib.core.common import escapeJsonValue
3738
from lib.core.common import evaluateCode
3839
from lib.core.common import extractRegexResult
3940
from lib.core.common import findMultipartPostBoundary
@@ -841,16 +842,10 @@ def queryPage(value=None, place=None, content=False, getRatioValue=False, silent
841842
# with their HTML encoded counterparts
842843
payload = payload.replace('>', "&gt;").replace('<', "&lt;")
843844
elif kb.postHint == POST_HINT.JSON:
844-
if payload.startswith('"') and payload.endswith('"'):
845-
payload = json.dumps(payload[1:-1])
846-
else:
847-
payload = json.dumps(payload)[1:-1]
845+
payload = escapeJsonValue(payload)
848846
elif kb.postHint == POST_HINT.JSON_LIKE:
849847
payload = payload.replace("'", REPLACEMENT_MARKER).replace('"', "'").replace(REPLACEMENT_MARKER, '"')
850-
if payload.startswith('"') and payload.endswith('"'):
851-
payload = json.dumps(payload[1:-1])
852-
else:
853-
payload = json.dumps(payload)[1:-1]
848+
payload = escapeJsonValue(payload)
854849
payload = payload.replace("'", REPLACEMENT_MARKER).replace('"', "'").replace(REPLACEMENT_MARKER, '"')
855850
value = agent.replacePayload(value, payload)
856851
else:

txt/checksum.md5

Lines changed: 3 additions & 3 deletions
Original file line numberDiff line numberDiff line change
@@ -27,7 +27,7 @@ c7443613a0a2505b1faec931cee2a6ef lib/controller/handler.py
2727
1e5532ede194ac9c083891c2f02bca93 lib/controller/__init__.py
2828
b1990c7805943f0c973a853bba981d96 lib/core/agent.py
2929
fd8f239e259afaf5f24bcf34a0ad187f lib/core/bigarray.py
30-
31cd0692a626da935b1cac8f2cfba25a lib/core/common.py
30+
7f97f69794a24670ccba1bb531815433 lib/core/common.py
3131
0d082da16c388b3445e656e0760fb582 lib/core/convert.py
3232
9f87391b6a3395f7f50830b391264f27 lib/core/data.py
3333
72016ea5c994a711a262fd64572a0fcd lib/core/datatype.py
@@ -46,7 +46,7 @@ c9a56e58984420a5abb7a3f7aadc196d lib/core/optiondict.py
4646
0c3eef46bdbf87e29a3f95f90240d192 lib/core/replication.py
4747
a7db43859b61569b601b97f187dd31c5 lib/core/revision.py
4848
fcb74fcc9577523524659ec49e2e964b lib/core/session.py
49-
8a247c468eef23045b8537d4ff98d823 lib/core/settings.py
49+
2d6842f03c9916a90467f9720ebb35b0 lib/core/settings.py
5050
0dfc2ed40adf72e302291f6ecd4406f6 lib/core/shell.py
5151
a7edc9250d13af36ac0108f259859c19 lib/core/subprocessng.py
5252
a35efa7bec9f1e6cedf17c9830a79241 lib/core/target.py
@@ -68,7 +68,7 @@ ec4e56bbb1349176b2a22e0b99ba6a55 lib/parse/payloads.py
6868
30eed3a92a04ed2c29770e1b10d39dc0 lib/request/basicauthhandler.py
6969
7e8e0a3fdebbe443832c1bab2f8d3869 lib/request/basic.py
7070
c0cabedead14b8a23353b606672cff42 lib/request/comparison.py
71-
1865164621eb94c9c231006765065c17 lib/request/connect.py
71+
e2b40b94446d59fb25abe68c429bae74 lib/request/connect.py
7272
dd4598675027fae99f2e2475b05986da lib/request/direct.py
7373
2044fce3f4ffa268fcfaaf63241b1e64 lib/request/dns.py
7474
eee965d781546d05f36cfd14af050913 lib/request/httpshandler.py

0 commit comments

Comments
 (0)