Thanks to visit codestin.com
Credit goes to github.com

Skip to content

Commit 4fa24ec

Browse files
stamparmstamparm
committed
minor improvement
1 parent 65b2b0a commit 4fa24ec

3 files changed

Lines changed: 12 additions & 10 deletions

File tree

lib/parse/cmdline.py

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -141,7 +141,7 @@ def cmdLineParser():
141141
help="Test requests between two visits to a given safe url")
142142

143143
request.add_option("--eval", dest="evalCode",
144-
help="Evaluate provided Python code before the request (e.g. \"import hashlib;id2=hashlib.md5(str(id)).hexdigest()\")")
144+
help="Evaluate provided Python code before the request (e.g. \"import hashlib;id2=hashlib.md5(id).hexdigest()\")")
145145

146146
# Optimization options
147147
optimization = OptionGroup(parser, "Optimization", "These "

lib/request/connect.py

Lines changed: 10 additions & 8 deletions
Original file line numberDiff line numberDiff line change
@@ -605,13 +605,15 @@ def _randomizeParameter(paramString, randomParameter):
605605
cookie = _randomizeParameter(cookie, randomParameter)
606606

607607
if conf.evalCode:
608+
delimiter = conf.pDel or "&"
608609
variables = {}
609610
originals = {}
610611

611-
if get:
612-
executeCode(get.replace("&", ";"), variables)
613-
if post:
614-
executeCode(post.replace("&", ";"), variables)
612+
for item in filter(None, (get, post)):
613+
for part in item.split(delimiter):
614+
if '=' in part:
615+
name, value = part.split('=', 1)
616+
executeCode("%s='%s'" % (name, value), variables)
615617

616618
originals.update(variables)
617619
executeCode(conf.evalCode, variables)
@@ -621,13 +623,13 @@ def _randomizeParameter(paramString, randomParameter):
621623
if isinstance(value, (basestring, int)):
622624
value = unicode(value)
623625
if '%s=' % name in (get or ""):
624-
get = re.sub("(%s=)([^&]+)" % name, "\g<1>%s" % value, get)
626+
get = re.sub("((\A|\W)%s=)([^%s]+)" % (name, delimiter), "\g<1>%s" % value, get)
625627
elif '%s=' % name in (post or ""):
626-
post = re.sub("(%s=)([^&]+)" % name, "\g<1>%s" % value, post)
628+
post = re.sub("((\A|\W)%s=)([^%s]+)" % (name, delimiter), "\g<1>%s" % value, post)
627629
elif post:
628-
post += "&%s=%s" % (name, value)
630+
post += "%s%s=%s" % (delimiter, name, value)
629631
else:
630-
get += "&%s=%s" % (name, value)
632+
get += "%s%s=%s" % (delimiter, name, value)
631633

632634
get = urlencode(get, limit=True)
633635
if post and place != PLACE.POST and hasattr(post, UNENCODED_ORIGINAL_VALUE):

sqlmap.conf

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -131,7 +131,7 @@ safUrl =
131131
saFreq = 0
132132

133133
# Evaluate provided Python code before the request
134-
# Example: import hashlib;id2=hashlib.md5(str(id)).hexdigest()
134+
# Example: import hashlib;id2=hashlib.md5(id).hexdigest()
135135
evalCode =
136136

137137

0 commit comments

Comments
 (0)