[sqlmap-users] Bug report in connect.py

[pacman730 <pac...@us...>]

Hi sqlmap team,

I found a bug in the getPage function in Connect class. The bug occurs 
when there is a timeout exception or others types.
In this case the function is gonna call on itself (if retriesCout < 
conf.retires), but with changed url variable.
So in this case its gonna connect to:
http://www.test.com/list.php?id=354%20sqlinjectionhere?id=354%20sqlinjectionhere

You can't see this with -v 3 because requestMsg its how it should be, I 
found it with Wireshark.
To fix this you need to change lines 90, 92, 111 and 130.
This is how I did it:
[...]
line 88 if direct:
                 if "?" in url:
                     url2, params = url.split("?")
                     params = urlencode(params).replace("%%", "%")
                     url2 = "%s?%s" % (url2, params)
                     requestMsg += "?%s" % params
[...]
line 105 else:
                     if conf.parameters.has_key("GET") and not get:
                         get = conf.parameters["GET"]

                      if get:
                         get = urlencode(get).replace("%%", "%")
                         url2 = "%s?%s" % (url, get)
                          requestMsg += "?%s" % get
[...]
line 127 try:
                     # Perform HTTP request
                     headers        = forgeHeaders(cookie, ua)
                     req            = urllib2.Request(url2, post, headers)
                     conn           = urllib2.urlopen(req)

I just made a new var url2 to not change url and send it back modified.

Or maybe you can change line 216 to:
         return Connect.__getPageProxy(kwargs)
but I haven't tried it because i was to busy and I'm kinda new to python.

Have a nice day,

pacman730