Thanks to visit codestin.com
Credit goes to github.com

Skip to content

Commit aaa83a3

Browse files
committed
Fixes #3656
1 parent 36cb4fa commit aaa83a3

5 files changed

Lines changed: 20 additions & 6 deletions

File tree

lib/controller/controller.py

Lines changed: 2 additions & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -36,6 +36,7 @@
3636
from lib.core.common import pushValue
3737
from lib.core.common import randomStr
3838
from lib.core.common import readInput
39+
from lib.core.common import removePostHintPrefix
3940
from lib.core.common import safeCSValue
4041
from lib.core.common import showHttpErrorCodes
4142
from lib.core.common import urlencode
@@ -497,7 +498,7 @@ def start():
497498
infoMsg = "skipping previously processed %s parameter '%s'" % (paramType, parameter)
498499
logger.info(infoMsg)
499500

500-
elif parameter in conf.testParameter:
501+
elif any(_ in conf.testParameter for _ in (parameter, removePostHintPrefix(parameter))):
501502
pass
502503

503504
elif parameter in conf.rParam:

lib/core/common.py

Lines changed: 14 additions & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -82,8 +82,9 @@
8282
from lib.core.enums import MKSTEMP_PREFIX
8383
from lib.core.enums import OPTION_TYPE
8484
from lib.core.enums import OS
85-
from lib.core.enums import PLACE
8685
from lib.core.enums import PAYLOAD
86+
from lib.core.enums import PLACE
87+
from lib.core.enums import POST_HINT
8788
from lib.core.enums import REFLECTIVE_COUNTER
8889
from lib.core.enums import SORT_ORDER
8990
from lib.core.exception import SqlmapBaseException
@@ -5071,6 +5072,18 @@ def firstNotNone(*args):
50715072

50725073
return retVal
50735074

5075+
def removePostHintPrefix(value):
5076+
"""
5077+
Remove POST hint prefix from a given value (name)
5078+
5079+
>>> removePostHintPrefix("JSON id")
5080+
'id'
5081+
>>> removePostHintPrefix("id")
5082+
'id'
5083+
"""
5084+
5085+
return re.sub(r"\A(%s) " % '|'.join(re.escape(__) for __ in getPublicTypeMembers(POST_HINT, onlyValues=True)), "", value)
5086+
50745087
def chunkSplitPostData(data):
50755088
"""
50765089
Convert POST data to chunked transfer-encoded data (Note: splitting done by SQL keywords)

lib/core/option.py

Lines changed: 1 addition & 2 deletions
Original file line numberDiff line numberDiff line change
@@ -1585,8 +1585,7 @@ def _cleanupOptions():
15851585

15861586
if conf.testParameter:
15871587
conf.testParameter = urldecode(conf.testParameter)
1588-
conf.testParameter = conf.testParameter.replace(" ", "")
1589-
conf.testParameter = re.split(PARAMETER_SPLITTING_REGEX, conf.testParameter)
1588+
conf.testParameter = [_.strip() for _ in re.split(PARAMETER_SPLITTING_REGEX, conf.testParameter)]
15901589
else:
15911590
conf.testParameter = []
15921591

lib/core/settings.py

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -18,7 +18,7 @@
1818
from thirdparty import six
1919

2020
# sqlmap version (<major>.<minor>.<month>.<monthly commit>)
21-
VERSION = "1.3.5.87"
21+
VERSION = "1.3.5.88"
2222
TYPE = "dev" if VERSION.count('.') > 2 and VERSION.split('.')[-1] != '0' else "stable"
2323
TYPE_COLORS = {"dev": 33, "stable": 90, "pip": 34}
2424
VERSION_STRING = "sqlmap/%s#%s" % ('.'.join(VERSION.split('.')[:-1]) if VERSION.count('.') > 2 and VERSION.split('.')[-1] == '0' else VERSION, TYPE)

lib/core/target.py

Lines changed: 2 additions & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -23,6 +23,7 @@
2323
from lib.core.common import paramToDict
2424
from lib.core.common import randomStr
2525
from lib.core.common import readInput
26+
from lib.core.common import removePostHintPrefix
2627
from lib.core.common import resetCookieJar
2728
from lib.core.common import urldecode
2829
from lib.core.compat import xrange
@@ -110,7 +111,7 @@ def _setRequestParams():
110111
def process(match, repl):
111112
retVal = match.group(0)
112113

113-
if not (conf.testParameter and match.group("name") not in conf.testParameter):
114+
if not (conf.testParameter and match.group("name") not in [removePostHintPrefix(_) for _ in conf.testParameter]):
114115
retVal = repl
115116
while True:
116117
_ = re.search(r"\\g<([^>]+)>", retVal)

0 commit comments

Comments
 (0)