Fixed and commited. Thanks for reporting.
Cheers,
Bernardo
On Wed, Dec 9, 2009 at 03:22, pacman730 <pac...@us...> wrote:
> Hi sqlmap team,
>
> I found a bug in the getPage function in Connect class. The bug occurs
> when there is a timeout exception or others types.
> In this case the function is gonna call on itself (if retriesCout <
> conf.retires), but with changed url variable.
> So in this case its gonna connect to:
> http://www.test.com/list.php?id=354%20sqlinjectionhere?id=354%20sqlinjectionhere
>
> You can't see this with -v 3 because requestMsg its how it should be, I
> found it with Wireshark.
> To fix this you need to change lines 90, 92, 111 and 130.
> This is how I did it:
> [...]
> line 88 if direct:
> if "?" in url:
> url2, params = url.split("?")
> params = urlencode(params).replace("%%", "%")
> url2 = "%s?%s" % (url2, params)
> requestMsg += "?%s" % params
> [...]
> line 105 else:
> if conf.parameters.has_key("GET") and not get:
> get = conf.parameters["GET"]
>
> if get:
> get = urlencode(get).replace("%%", "%")
> url2 = "%s?%s" % (url, get)
> requestMsg += "?%s" % get
> [...]
> line 127 try:
> # Perform HTTP request
> headers = forgeHeaders(cookie, ua)
> req = urllib2.Request(url2, post, headers)
> conn = urllib2.urlopen(req)
>
> I just made a new var url2 to not change url and send it back modified.
>
> Or maybe you can change line 216 to:
> return Connect.__getPageProxy(kwargs)
> but I haven't tried it because i was to busy and I'm kinda new to python.
>
> Have a nice day,
>
> pacman730
>
> ------------------------------------------------------------------------------
> Return on Information:
> Google Enterprise Search pays you back
> Get the facts.
> http://p.sf.net/sfu/google-dev2dev
> _______________________________________________
> sqlmap-users mailing list
> sql...@li...
> https://lists.sourceforge.net/lists/listinfo/sqlmap-users
>
--
Bernardo Damele A. G.
E-mail / Jabber: bernardo.damele (at) gmail.com
Mobile: +447788962949 (UK 07788962949)
PGP Key ID: 0x05F5A30F
|
