Thanks to visit codestin.com
Credit goes to github.com

Skip to content

Commit fcb2a6e

Browse files
stamparmstamparm
committed
Patch related to the #4137 
1 parent 2e7333d commit fcb2a6e

2 files changed

Lines changed: 13 additions & 3 deletions

File tree

lib/core/agent.py

Lines changed: 12 additions & 2 deletions
Original file line numberDiff line numberDiff line change
@@ -110,6 +110,7 @@ def payload(self, place=None, parameter=None, value=None, newValue=None, where=N
110110
paramDict = conf.paramDict[place]
111111
origValue = getUnicode(paramDict[parameter])
112112
newValue = getUnicode(newValue) if newValue else newValue
113+
base64Encoding = re.sub(r" \(.+", "", parameter) in conf.base64Parameter
113114

114115
if place == PLACE.URI or BOUNDED_INJECTION_MARKER in origValue:
115116
paramString = origValue
@@ -173,7 +174,10 @@ def payload(self, place=None, parameter=None, value=None, newValue=None, where=N
173174

174175
newValue = self.cleanupPayload(newValue, origValue)
175176

176-
if re.sub(r" \(.+", "", parameter) in conf.base64Parameter:
177+
if base64Encoding:
178+
_newValue = newValue
179+
_origValue = origValue
180+
177181
# TODO: support for POST_HINT
178182
newValue = encodeBase64(newValue, binary=False, encoding=conf.encoding or UNICODE_ENCODING)
179183
origValue = encodeBase64(origValue, binary=False, encoding=conf.encoding or UNICODE_ENCODING)
@@ -194,7 +198,13 @@ def payload(self, place=None, parameter=None, value=None, newValue=None, where=N
194198

195199
retVal = retVal.replace(kb.customInjectionMark, "").replace(REPLACEMENT_MARKER, kb.customInjectionMark)
196200
elif BOUNDED_INJECTION_MARKER in paramDict[parameter]:
197-
retVal = paramString.replace("%s%s" % (origValue, BOUNDED_INJECTION_MARKER), self.addPayloadDelimiters(newValue))
201+
if base64Encoding:
202+
retVal = paramString.replace("%s%s" % (_origValue, BOUNDED_INJECTION_MARKER), _newValue)
203+
match = re.search(r"(%s)=([^&]*)" % re.sub(r" \(.+", "", parameter), retVal)
204+
if match:
205+
retVal = retVal.replace(match.group(0), "%s=%s" % (match.group(1), encodeBase64(match.group(2), binary=False, encoding=conf.encoding or UNICODE_ENCODING)))
206+
else:
207+
retVal = paramString.replace("%s%s" % (origValue, BOUNDED_INJECTION_MARKER), self.addPayloadDelimiters(newValue))
198208
elif place in (PLACE.USER_AGENT, PLACE.REFERER, PLACE.HOST):
199209
retVal = paramString.replace(origValue, self.addPayloadDelimiters(newValue))
200210
else:

lib/core/settings.py

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -18,7 +18,7 @@
1818
from thirdparty.six import unichr as _unichr
1919

2020
# sqlmap version (<major>.<minor>.<month>.<monthly commit>)
21-
VERSION = "1.4.3.7"
21+
VERSION = "1.4.3.8"
2222
TYPE = "dev" if VERSION.count('.') > 2 and VERSION.split('.')[-1] != '0' else "stable"
2323
TYPE_COLORS = {"dev": 33, "stable": 90, "pip": 34}
2424
VERSION_STRING = "sqlmap/%s#%s" % ('.'.join(VERSION.split('.')[:-1]) if VERSION.count('.') > 2 and VERSION.split('.')[-1] == '0' else VERSION, TYPE)

0 commit comments

Comments
 (0)