Re: [sqlmap-users] Bug report in connect.py
Brought to you by:
inquisb
From: Bernardo D. A. G. <ber...@gm...> - 2009-12-21 11:22:24
|
Fixed and commited. Thanks for reporting. Cheers, Bernardo On Wed, Dec 9, 2009 at 03:22, pacman730 <pac...@us...> wrote: > Hi sqlmap team, > > I found a bug in the getPage function in Connect class. The bug occurs > when there is a timeout exception or others types. > In this case the function is gonna call on itself (if retriesCout < > conf.retires), but with changed url variable. > So in this case its gonna connect to: > http://www.test.com/list.php?id=354%20sqlinjectionhere?id=354%20sqlinjectionhere > > You can't see this with -v 3 because requestMsg its how it should be, I > found it with Wireshark. > To fix this you need to change lines 90, 92, 111 and 130. > This is how I did it: > [...] > line 88 if direct: > if "?" in url: > url2, params = url.split("?") > params = urlencode(params).replace("%%", "%") > url2 = "%s?%s" % (url2, params) > requestMsg += "?%s" % params > [...] > line 105 else: > if conf.parameters.has_key("GET") and not get: > get = conf.parameters["GET"] > > if get: > get = urlencode(get).replace("%%", "%") > url2 = "%s?%s" % (url, get) > requestMsg += "?%s" % get > [...] > line 127 try: > # Perform HTTP request > headers = forgeHeaders(cookie, ua) > req = urllib2.Request(url2, post, headers) > conn = urllib2.urlopen(req) > > I just made a new var url2 to not change url and send it back modified. > > Or maybe you can change line 216 to: > return Connect.__getPageProxy(kwargs) > but I haven't tried it because i was to busy and I'm kinda new to python. > > Have a nice day, > > pacman730 > > ------------------------------------------------------------------------------ > Return on Information: > Google Enterprise Search pays you back > Get the facts. > http://p.sf.net/sfu/google-dev2dev > _______________________________________________ > sqlmap-users mailing list > sql...@li... > https://lists.sourceforge.net/lists/listinfo/sqlmap-users > -- Bernardo Damele A. G. E-mail / Jabber: bernardo.damele (at) gmail.com Mobile: +447788962949 (UK 07788962949) PGP Key ID: 0x05F5A30F |