minor fix for parameters containing '=' inside values itself (remark: no parameter name will have '=' nor '%3d' inside; tested and it does a good job)

stamparm · stamparm · commit 963f54e6d27e · 2011-07-21T10:06:52.000Z
diff --git a/lib/core/common.py b/lib/core/common.py
@@ -554,7 +554,7 @@ def paramToDict(place, parameters=None):
         for element in splitParams:
             elem = element.split("=")
 
-            if len(elem) == 2:
+            if len(elem) >= 2:
                 parameter = elem[0].replace(" ", "")
 
                 condition = not conf.testParameter
@@ -569,7 +569,7 @@ def paramToDict(place, parameters=None):
                         errMsg += "please, always use only valid parameter values "
                         errMsg += "so sqlmap could be able to do a valid run."
                         raise sqlmapSyntaxException, errMsg
-                    testableParameters[parameter] = elem[1]
+                    testableParameters[parameter] = "=".join(elem[1:])
     else:
         root = ET.XML(parameters)
         iterator = root.getiterator()
