diff --git a/lib/controller/controller.py b/lib/controller/controller.py index 7e6be8ad7..2cb71f3d0 100644 --- a/lib/controller/controller.py +++ b/lib/controller/controller.py @@ -36,6 +36,7 @@ from lib.core.common import popValue from lib.core.common import pushValue from lib.core.common import randomStr from lib.core.common import readInput +from lib.core.common import removePostHintPrefix from lib.core.common import safeCSValue from lib.core.common import showHttpErrorCodes from lib.core.common import urlencode @@ -497,7 +498,7 @@ def start(): infoMsg = "skipping previously processed %s parameter '%s'" % (paramType, parameter) logger.info(infoMsg) - elif parameter in conf.testParameter: + elif any(_ in conf.testParameter for _ in (parameter, removePostHintPrefix(parameter))): pass elif parameter in conf.rParam: diff --git a/lib/core/common.py b/lib/core/common.py index 14dba1d5a..49e6553bf 100644 --- a/lib/core/common.py +++ b/lib/core/common.py @@ -82,8 +82,9 @@ from lib.core.enums import LOGGING_LEVELS from lib.core.enums import MKSTEMP_PREFIX from lib.core.enums import OPTION_TYPE from lib.core.enums import OS -from lib.core.enums import PLACE from lib.core.enums import PAYLOAD +from lib.core.enums import PLACE +from lib.core.enums import POST_HINT from lib.core.enums import REFLECTIVE_COUNTER from lib.core.enums import SORT_ORDER from lib.core.exception import SqlmapBaseException @@ -5071,6 +5072,18 @@ def firstNotNone(*args): return retVal +def removePostHintPrefix(value): + """ + Remove POST hint prefix from a given value (name) + + >>> removePostHintPrefix("JSON id") + 'id' + >>> removePostHintPrefix("id") + 'id' + """ + + return re.sub(r"\A(%s) " % '|'.join(re.escape(__) for __ in getPublicTypeMembers(POST_HINT, onlyValues=True)), "", value) + def chunkSplitPostData(data): """ Convert POST data to chunked transfer-encoded data (Note: splitting done by SQL keywords) diff --git a/lib/core/option.py b/lib/core/option.py index 2ec728f03..de1422219 100644 --- a/lib/core/option.py +++ b/lib/core/option.py @@ -1585,8 +1585,7 @@ def _cleanupOptions(): if conf.testParameter: conf.testParameter = urldecode(conf.testParameter) - conf.testParameter = conf.testParameter.replace(" ", "") - conf.testParameter = re.split(PARAMETER_SPLITTING_REGEX, conf.testParameter) + conf.testParameter = [_.strip() for _ in re.split(PARAMETER_SPLITTING_REGEX, conf.testParameter)] else: conf.testParameter = [] diff --git a/lib/core/settings.py b/lib/core/settings.py index 68696d1a7..07e8c586c 100644 --- a/lib/core/settings.py +++ b/lib/core/settings.py @@ -18,7 +18,7 @@ from lib.core.enums import OS from thirdparty import six # sqlmap version (...) -VERSION = "1.3.5.87" +VERSION = "1.3.5.88" TYPE = "dev" if VERSION.count('.') > 2 and VERSION.split('.')[-1] != '0' else "stable" TYPE_COLORS = {"dev": 33, "stable": 90, "pip": 34} VERSION_STRING = "sqlmap/%s#%s" % ('.'.join(VERSION.split('.')[:-1]) if VERSION.count('.') > 2 and VERSION.split('.')[-1] == '0' else VERSION, TYPE) diff --git a/lib/core/target.py b/lib/core/target.py index c5dc262ac..57cac840c 100644 --- a/lib/core/target.py +++ b/lib/core/target.py @@ -23,6 +23,7 @@ from lib.core.common import openFile from lib.core.common import paramToDict from lib.core.common import randomStr from lib.core.common import readInput +from lib.core.common import removePostHintPrefix from lib.core.common import resetCookieJar from lib.core.common import urldecode from lib.core.compat import xrange @@ -110,7 +111,7 @@ def _setRequestParams(): def process(match, repl): retVal = match.group(0) - if not (conf.testParameter and match.group("name") not in conf.testParameter): + if not (conf.testParameter and match.group("name") not in [removePostHintPrefix(_) for _ in conf.testParameter]): retVal = repl while True: _ = re.search(r"\\g<([^>]+)>", retVal)