Thanks to visit codestin.com
Credit goes to github.com

Skip to content

Commit 81722b6

Browse files
stamparmstamparm
committed
major bug fix reported by Ahmed Shawky (there was a possibility of double url encoding of parameter values)
1 parent 03413bd commit 81722b6

4 files changed

Lines changed: 11 additions & 6 deletions

File tree

doc/THANKS

Lines changed: 3 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -335,6 +335,9 @@ Sven Schluter <[email protected]>
335335
Uemit Seren <[email protected]>
336336
for reporting a minor adjustment when running with python 2.6
337337

338+
Ahmed Shawky <[email protected]>
339+
for reporting a major bug with improper handling of parameter values
340+
338341
Brian Shura <[email protected]>
339342
for reporting a bug
340343

lib/core/common.py

Lines changed: 2 additions & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -45,6 +45,7 @@
4545
from lib.core.data import paths
4646
from lib.core.data import queries
4747
from lib.core.convert import htmlunescape
48+
from lib.core.convert import urldecode
4849
from lib.core.convert import urlencode
4950
from lib.core.enums import DBMS
5051
from lib.core.enums import PLACE
@@ -704,7 +705,7 @@ def parseTargetUrl():
704705
conf.port = 80
705706

706707
if __urlSplit[3]:
707-
conf.parameters[PLACE.GET] = __urlSplit[3]
708+
conf.parameters[PLACE.GET] = urldecode(__urlSplit[3])
708709

709710
conf.url = "%s://%s:%d%s" % (conf.scheme, conf.hostname, conf.port, conf.path)
710711

lib/core/target.py

Lines changed: 3 additions & 2 deletions
Original file line numberDiff line numberDiff line change
@@ -16,6 +16,7 @@
1616
from lib.core.common import dataToSessionFile
1717
from lib.core.common import paramToDict
1818
from lib.core.common import readInput
19+
from lib.core.convert import urldecode
1920
from lib.core.data import cmdLineOptions
2021
from lib.core.data import conf
2122
from lib.core.data import kb
@@ -61,7 +62,7 @@ def __setRequestParams():
6162

6263
if conf.data:
6364
conf.data = conf.data.replace("\n", " ")
64-
conf.parameters[PLACE.POST] = conf.data
65+
conf.parameters[PLACE.POST] = urldecode(conf.data)
6566

6667
# Check if POST data is in xml syntax
6768
if re.match("[\n]*<(\?xml |soap\:|ns).*>", conf.data):
@@ -104,7 +105,7 @@ def __setRequestParams():
104105
for httpHeader, headerValue in conf.httpHeaders:
105106
if httpHeader == PLACE.UA:
106107
# No need for url encoding/decoding the user agent
107-
conf.parameters[PLACE.UA] = headerValue
108+
conf.parameters[PLACE.UA] = urldecode(headerValue)
108109

109110
condition = not conf.testParameter
110111
condition |= PLACE.UA in conf.testParameter

lib/request/connect.py

Lines changed: 3 additions & 3 deletions
Original file line numberDiff line numberDiff line change
@@ -409,16 +409,16 @@ def queryPage(value=None, place=None, content=False, getSeqMatcher=False, silent
409409
checkPayload(value)
410410

411411
if PLACE.GET in conf.parameters:
412-
get = conf.parameters[PLACE.GET] if place != PLACE.GET or not value else value
412+
get = urlencode(conf.parameters[PLACE.GET]) if place != PLACE.GET or not value else value
413413

414414
if PLACE.POST in conf.parameters:
415-
post = conf.parameters[PLACE.POST] if place != PLACE.POST or not value else value
415+
post = urlencode(conf.parameters[PLACE.POST]) if place != PLACE.POST or not value else value
416416

417417
if PLACE.COOKIE in conf.parameters:
418418
cookie = conf.parameters[PLACE.COOKIE] if place != PLACE.COOKIE or not value else value
419419

420420
if PLACE.UA in conf.parameters:
421-
ua = conf.parameters[PLACE.UA] if place != PLACE.UA or not value else value
421+
ua = urlencode(conf.parameters[PLACE.UA]) if place != PLACE.UA or not value else value
422422

423423
if PLACE.URI in conf.parameters:
424424
uri = conf.url if place != PLACE.URI or not value else value

0 commit comments

Comments
 (0)