Thanks to visit codestin.com
Credit goes to github.com

Skip to content

Commit 2d801b7

Browse files
stamparmstamparm
committed
Minor patch for an Issue #1861 
1 parent 1e07269 commit 2d801b7

2 files changed

Lines changed: 11 additions & 10 deletions

File tree

lib/core/common.py

Lines changed: 10 additions & 9 deletions
Original file line numberDiff line numberDiff line change
@@ -601,15 +601,16 @@ def paramToDict(place, parameters=None):
601601
logger.warn(warnMsg)
602602

603603
if place in (PLACE.POST, PLACE.GET):
604-
regex = r"\A([^\w]+.*\w+)([^\w]+)\Z"
605-
match = re.search(regex, testableParameters[parameter])
606-
if match:
607-
_ = re.sub(regex, "\g<1>%s\g<2>" % CUSTOM_INJECTION_MARK_CHAR, testableParameters[parameter])
608-
message = "it appears that provided value for %s parameter '%s' " % (place, parameter)
609-
message += "has boundaries. Do you want to inject inside? ('%s') [y/N] " % _
610-
test = readInput(message, default="N")
611-
if test[0] in ("y", "Y"):
612-
testableParameters[parameter] = re.sub(regex, "\g<1>%s\g<2>" % BOUNDED_INJECTION_MARKER, testableParameters[parameter])
604+
for regex in (r"\A((?:<[^>]+>)+\w+)((?:<[^>]+>)+)\Z", r"\A([^\w]+.*\w+)([^\w]+)\Z"):
605+
match = re.search(regex, testableParameters[parameter])
606+
if match:
607+
_ = re.sub(regex, "\g<1>%s\g<%d>" % (CUSTOM_INJECTION_MARK_CHAR, len(match.groups())), testableParameters[parameter])
608+
message = "it appears that provided value for %s parameter '%s' " % (place, parameter)
609+
message += "has boundaries. Do you want to inject inside? ('%s') [y/N] " % _
610+
test = readInput(message, default="N")
611+
if test[0] in ("y", "Y"):
612+
testableParameters[parameter] = re.sub(regex, "\g<1>%s\g<2>" % BOUNDED_INJECTION_MARKER, testableParameters[parameter])
613+
break
613614

614615
if conf.testParameter and not testableParameters:
615616
paramStr = ", ".join(test for test in conf.testParameter)

lib/core/settings.py

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -19,7 +19,7 @@
1919
from lib.core.revision import getRevisionNumber
2020

2121
# sqlmap version (<major>.<minor>.<month>.<monthly commit>)
22-
VERSION = "1.0.5.21"
22+
VERSION = "1.0.5.22"
2323
REVISION = getRevisionNumber()
2424
STABLE = VERSION.count('.') <= 2
2525
VERSION_STRING = "sqlmap/%s#%s" % (VERSION, "stable" if STABLE else "dev")

0 commit comments

Comments
 (0)