Thanks to visit codestin.com
Credit goes to github.com

Skip to content

Commit 302348b

Browse files
stamparmstamparm
committed
Minor update
1 parent a40d7a5 commit 302348b

1 file changed

Lines changed: 3 additions & 2 deletions

File tree

lib/core/common.py

Lines changed: 3 additions & 2 deletions
Original file line numberDiff line numberDiff line change
@@ -527,8 +527,9 @@ def paramToDict(place, parameters=None):
527527
if condition:
528528
testableParameters[parameter] = "=".join(elem[1:])
529529
if not conf.multipleTargets:
530-
if testableParameters[parameter].strip(DUMMY_SQL_INJECTION_CHARS) != testableParameters[parameter]\
531-
or re.search(r'\A9{3,}', testableParameters[parameter]) or re.search(DUMMY_USER_INJECTION, testableParameters[parameter]):
530+
_ = urldecode(testableParameters[parameter], convall=True)
531+
if _.strip(DUMMY_SQL_INJECTION_CHARS) != _\
532+
or re.search(r'\A9{3,}', _) or re.search(DUMMY_USER_INJECTION, _):
532533
warnMsg = "it appears that you have provided tainted parameter values "
533534
warnMsg += "('%s') with most probably leftover " % element
534535
warnMsg += "chars from manual SQL injection "

0 commit comments

Comments
 (0)