Re: [sqlmap-users] Bug report in connect.py

SourceForge Headquarters 1320 Columbia Street Suite 310 San Diego, CA 92101 +1 (858) 422-6466

Fixed and commited. Thanks for reporting.

Cheers,
Bernardo

On Wed, Dec 9, 2009 at 03:22, pacman730 <pac...@us...> wrote:
> Hi sqlmap team,
>
> I found a bug in the getPage function in Connect class. The bug occurs
> when there is a timeout exception or others types.
> In this case the function is gonna call on itself (if retriesCout <
> conf.retires), but with changed url variable.
> So in this case its gonna connect to:
> http://www.test.com/list.php?id=354%20sqlinjectionhere?id=354%20sqlinjectionhere
>
> You can't see this with -v 3 because requestMsg its how it should be, I
> found it with Wireshark.
> To fix this you need to change lines 90, 92, 111 and 130.
> This is how I did it:
> [...]
> line 88 if direct:
>                 if "?" in url:
>                     url2, params = url.split("?")
>                     params = urlencode(params).replace("%%", "%")
>                     url2 = "%s?%s" % (url2, params)
>                     requestMsg += "?%s" % params
> [...]
> line 105 else:
>                     if conf.parameters.has_key("GET") and not get:
>                         get = conf.parameters["GET"]
>
>                      if get:
>                         get = urlencode(get).replace("%%", "%")
>                         url2 = "%s?%s" % (url, get)
>                          requestMsg += "?%s" % get
> [...]
> line 127 try:
>                     # Perform HTTP request
>                     headers        = forgeHeaders(cookie, ua)
>                     req            = urllib2.Request(url2, post, headers)
>                     conn           = urllib2.urlopen(req)
>
> I just made a new var url2 to not change url and send it back modified.
>
> Or maybe you can change line 216 to:
>         return Connect.__getPageProxy(kwargs)
> but I haven't tried it because i was to busy and I'm kinda new to python.
>
> Have a nice day,
>
> pacman730
>
> ------------------------------------------------------------------------------
> Return on Information:
> Google Enterprise Search pays you back
> Get the facts.
> http://p.sf.net/sfu/google-dev2dev
> _______________________________________________
> sqlmap-users mailing list
> sql...@li...
> https://lists.sourceforge.net/lists/listinfo/sqlmap-users
>

-- 
Bernardo Damele A. G.

E-mail / Jabber: bernardo.damele (at) gmail.com
Mobile: +447788962949 (UK 07788962949)
PGP Key ID: 0x05F5A30F