| skipped 1085 lines |
1086 | 1086 | | injection_type=injection_type, |
1087 | 1087 | | is_multipart=is_multipart, |
1088 | 1088 | | ) |
| 1089 | + | value = urlencode( |
| 1090 | + | value=value, |
| 1091 | + | safe="/=*?&:;,+", |
| 1092 | + | decode_first=True, |
| 1093 | + | injection_type=injection_type, |
| 1094 | + | is_multipart=is_multipart, |
| 1095 | + | ) |
1089 | 1096 | | if encode and not is_json: |
1090 | 1097 | | payload = urlencode( |
1091 | 1098 | | value=payload, |
| skipped 2 lines |
1094 | 1101 | | is_multipart=is_multipart, |
1095 | 1102 | | ) |
1096 | 1103 | | key_to_split_by = urldecode(key) |
1097 | | - | if injection_type in ["GET", "POST", "COOKIE", "HEADER"] and "*" in key_to_split_by: |
| 1104 | + | if ( |
| 1105 | + | injection_type in ["GET", "POST", "COOKIE", "HEADER"] |
| 1106 | + | and "*" in key_to_split_by |
| 1107 | + | and key_to_split_by != "#1*" |
| 1108 | + | ): |
1098 | 1109 | | init, last = text.split(key_to_split_by) |
1099 | 1110 | | key_new = key_to_split_by.replace("*", "") |
1100 | 1111 | | prepared_payload = f"{init}{key_new}{payload}{last}" |
| skipped 3 lines |
1104 | 1115 | | else: |
1105 | 1116 | | key = re.escape(key) |
1106 | 1117 | | value = re.escape(value) |
1107 | | - | REGEX_GET_POST_COOKIE_INJECTION = r"(?is)(?:((?:\?| |&)%s)(=)(%s))" % ( |
| 1118 | + | REGEX_GET_POST_COOKIE_INJECTION = r"(?is)(?:((?:\?| |&)?%s)(=)(%s))" % ( |
1108 | 1119 | | f"{'' if injection_type == 'GET' else '?'}{key}", |
1109 | 1120 | | value, |
1110 | 1121 | | ) |
| skipped 99 lines |
1210 | 1221 | | prepared_payload = re.sub( |
1211 | 1222 | | REGEX_MULTIPART_INJECTION, "\\1\\2\\3%s\\4" % (payload), text |
1212 | 1223 | | ) |
| 1224 | + | logger.debug(f"prepared payload: {prepared_payload}") |
1213 | 1225 | | return prepared_payload |
1214 | 1226 | | |
1215 | 1227 | | |
| skipped 227 lines |
1443 | 1455 | | # logger.debug(f"type: {_type}, param: {entry}") |
1444 | 1456 | | if value and "*" in value: |
1445 | 1457 | | custom_injection_in.append(_type) |
1446 | | - | if key and "*" in key: |
| 1458 | + | if key and "*" in key and key != "#1*": |
1447 | 1459 | | custom_injection_in.append(_type) |
1448 | 1460 | | _temp = InjectionPoints( |
1449 | | - | custom_injection_in=custom_injection_in, |
| 1461 | + | custom_injection_in=list(set(custom_injection_in)), |
1450 | 1462 | | injection_points=_injection_points, |
1451 | 1463 | | is_multipart=is_multipart, |
1452 | 1464 | | is_json=is_json, |
1453 | 1465 | | ) |
| 1466 | + | logger.debug(_temp) |
1454 | 1467 | | return _temp |
1455 | 1468 | | |
1456 | 1469 | | |
| skipped 315 lines |