Fix for an Issue #248

stamparm · stamparm · commit d37be5f97ba6 · 2012-11-14T15:54:24.000+01:00
diff --git a/lib/core/agent.py b/lib/core/agent.py
@@ -28,6 +28,7 @@
 from lib.core.enums import PLACE
 from lib.core.enums import POST_HINT
 from lib.core.exception import sqlmapNoneDataException
+from lib.core.settings import ASTERISK_MARKER
 from lib.core.settings import CUSTOM_INJECTION_MARK_CHAR
 from lib.core.settings import GENERIC_SQL_COMMENT
 from lib.core.settings import PAYLOAD_DELIMITER
@@ -116,7 +117,9 @@ def payload(self, place=None, parameter=None, value=None, newValue=None, where=N
             _ = "%s%s" % (origValue, CUSTOM_INJECTION_MARK_CHAR)
             if kb.postHint == POST_HINT.JSON and not isNumber(newValue) and not '"%s"' % _ in paramString:
                 newValue = '"%s"' % newValue
-            retVal = paramString.replace(_, self.addPayloadDelimiters(newValue)).replace(CUSTOM_INJECTION_MARK_CHAR, "")
+            newValue = newValue.replace(CUSTOM_INJECTION_MARK_CHAR, ASTERISK_MARKER)
+            retVal = paramString.replace(_, self.addPayloadDelimiters(newValue))
+            retVal = retVal.replace(CUSTOM_INJECTION_MARK_CHAR, "").replace(ASTERISK_MARKER, CUSTOM_INJECTION_MARK_CHAR)
         elif place in (PLACE.USER_AGENT, PLACE.REFERER, PLACE.HOST):
             retVal = paramString.replace(origValue, self.addPayloadDelimiters(newValue))
         else:
diff --git a/lib/core/settings.py b/lib/core/settings.py
@@ -36,10 +36,9 @@
 # Markers for special cases when parameter values contain html encoded characters
 PARAMETER_AMP_MARKER = "__AMP__"
 PARAMETER_SEMICOLON_MARKER = "__SEMICOLON__"
-
 PARTIAL_VALUE_MARKER = "__PARTIAL__"
-
 URI_QUESTION_MARKER = "__QUESTION_MARK__"
+ASTERISK_MARKER = "__ASTERISK_MARK__"
 
 PAYLOAD_DELIMITER = "\x00"
 CHAR_INFERENCE_MARK = "%c"
