Thanks to visit codestin.com
Credit goes to github.com

Skip to content

Commit 32a4f6c

Browse files
stamparmstamparm
committed
Initial patch for #3894 (not final)
1 parent 9a47b40 commit 32a4f6c

2 files changed

Lines changed: 3 additions & 3 deletions

File tree

lib/core/common.py

Lines changed: 2 additions & 2 deletions
Original file line numberDiff line numberDiff line change
@@ -624,7 +624,7 @@ def paramToDict(place, parameters=None):
624624
try:
625625
oldValue = value
626626
value = decodeBase64(value, binary=False)
627-
parameters = re.sub(r"\b%s\b" % re.escape(oldValue), value, parameters)
627+
parameters = re.sub(r"\b%s(\b|\Z)" % re.escape(oldValue), value, parameters)
628628
except:
629629
errMsg = "parameter '%s' does not contain " % parameter
630630
errMsg += "valid Base64 encoded value ('%s')" % value
@@ -701,7 +701,7 @@ def walk(head, current=None):
701701
message += "has boundaries. Do you want to inject inside? ('%s') [y/N] " % getUnicode(_)
702702

703703
if readInput(message, default='N', boolean=True):
704-
testableParameters[parameter] = re.sub(r"\b(%s\s*=\s*)%s" % (re.escape(parameter), re.escape(testableParameters[parameter])), (r"\g<1>%s" % re.sub(regex, r"\g<1>%s\g<2>" % BOUNDED_INJECTION_MARKER, testableParameters[parameter])).replace("\\", r"\\"), parameters)
704+
testableParameters[parameter] = re.sub(r"\b(%s\s*=\s*)%s" % (re.escape(parameter), re.escape(testableParameters[parameter])), (r"\g<1>%s" % re.sub(regex, r"\g<1>%s\g<2>" % BOUNDED_INJECTION_MARKER, testableParameters[parameter].replace("\\", r"\\"))), parameters)
705705
break
706706

707707
if conf.testParameter:

lib/core/settings.py

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -18,7 +18,7 @@
1818
from thirdparty.six import unichr as _unichr
1919

2020
# sqlmap version (<major>.<minor>.<month>.<monthly commit>)
21-
VERSION = "1.3.8.22"
21+
VERSION = "1.3.8.23"
2222
TYPE = "dev" if VERSION.count('.') > 2 and VERSION.split('.')[-1] != '0' else "stable"
2323
TYPE_COLORS = {"dev": 33, "stable": 90, "pip": 34}
2424
VERSION_STRING = "sqlmap/%s#%s" % ('.'.join(VERSION.split('.')[:-1]) if VERSION.count('.') > 2 and VERSION.split('.')[-1] == '0' else VERSION, TYPE)

0 commit comments

Comments
 (0)