Thanks to visit codestin.com
Credit goes to github.com

Skip to content

Commit aec2419

Browse files
bdamelebdamele
committed
Fixed character escaping in SQL shell/query functionalities.
1 parent 1af6898 commit aec2419

1 file changed

Lines changed: 3 additions & 0 deletions

File tree

plugins/generic/enumeration.py

Lines changed: 3 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -30,6 +30,7 @@
3030
from lib.core.common import getRange
3131
from lib.core.common import parsePasswordHash
3232
from lib.core.common import readInput
33+
from lib.core.convert import urlencode
3334
from lib.core.data import conf
3435
from lib.core.data import kb
3536
from lib.core.data import logger
@@ -1100,6 +1101,8 @@ def sqlQuery(self, query):
11001101
selectQuery = True
11011102
sqlType = None
11021103

1104+
query = urlencode(query, convall=True)
1105+
11031106
for sqlTitle, sqlStatements in SQL_STATEMENTS.items():
11041107
for sqlStatement in sqlStatements:
11051108
if query.lower().startswith(sqlStatement):

0 commit comments

Comments
 (0)