Thanks to visit codestin.com
Credit goes to github.com

Skip to content

Commit f90a7cc

Browse files
bdamelebdamele
committed
Minor fix to urldecode %3d and any other urlencoded values in target url, posted data and cookie
1 parent 41f8acf commit f90a7cc

3 files changed

Lines changed: 15 additions & 7 deletions

File tree

lib/core/common.py

Lines changed: 2 additions & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -33,6 +33,7 @@
3333
import urlparse
3434

3535

36+
from lib.core.convert import urldecode
3637
from lib.core.data import conf
3738
from lib.core.data import kb
3839
from lib.core.data import logger
@@ -497,7 +498,7 @@ def parseTargetUrl():
497498
conf.port = 80
498499

499500
if __urlSplit[3]:
500-
conf.parameters["GET"] = __urlSplit[3].replace("%", "%%")
501+
conf.parameters["GET"] = urldecode(__urlSplit[3]).replace("%", "%%")
501502

502503
conf.url = "%s://%s:%d%s" % (conf.scheme, conf.hostname, conf.port, conf.path)
503504

lib/core/convert.py

Lines changed: 5 additions & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -72,7 +72,11 @@ def urldecode(string):
7272
if not string:
7373
return
7474

75-
return urllib.unquote_plus(string)
75+
doublePercFreeString = string.replace("%%", "__DPERC__")
76+
unquotedString = urllib.unquote_plus(doublePercFreeString)
77+
unquotedString = unquotedString.replace("__DPERC__", "%%")
78+
79+
return unquotedString
7680

7781

7882
def urlencode(string, safe=":/?%&="):

lib/core/target.py

Lines changed: 8 additions & 5 deletions
Original file line numberDiff line numberDiff line change
@@ -32,6 +32,7 @@
3232
from lib.core.common import paramToDict
3333
from lib.core.common import parseTargetUrl
3434
from lib.core.common import readInput
35+
from lib.core.convert import urldecode
3536
from lib.core.data import conf
3637
from lib.core.data import kb
3738
from lib.core.data import logger
@@ -66,17 +67,19 @@ def __setRequestParams():
6667
raise sqlmapSyntaxException, errMsg
6768

6869
if conf.data:
69-
conf.parameters["POST"] = conf.data.replace("%", "%%")
70-
__paramDict = paramToDict("POST", conf.data)
70+
urlDecodedData = urldecode(conf.data).replace("%", "%%")
71+
conf.parameters["POST"] = urlDecodedData
72+
__paramDict = paramToDict("POST", urlDecodedData)
7173

7274
if __paramDict:
7375
conf.paramDict["POST"] = __paramDict
7476
__testableParameters = True
7577

7678
# Perform checks on Cookie parameters
7779
if conf.cookie:
78-
conf.parameters["Cookie"] = conf.cookie.replace("%", "%%")
79-
__paramDict = paramToDict("Cookie", conf.cookie)
80+
urlDecodedCookie = urldecode(conf.cookie).replace("%", "%%")
81+
conf.parameters["Cookie"] = urlDecodedCookie
82+
__paramDict = paramToDict("Cookie", urlDecodedCookie)
8083

8184
if __paramDict:
8285
conf.paramDict["Cookie"] = __paramDict
@@ -86,7 +89,7 @@ def __setRequestParams():
8689
if conf.httpHeaders:
8790
for httpHeader, headerValue in conf.httpHeaders:
8891
if httpHeader == "User-Agent":
89-
conf.parameters["User-Agent"] = headerValue.replace("%", "%%")
92+
conf.parameters["User-Agent"] = urldecode(headerValue).replace("%", "%%")
9093

9194
condition = not conf.testParameter
9295
condition |= "User-Agent" in conf.testParameter

0 commit comments

Comments
 (0)