def _inject_post(r, target, payloads, append): rs = [] i_pts = parse_qs(r.content) if target in i_pts: nc = i_pts.copy() # ASSUMPTION: When injecting in the request body, the parameter is not # polluted original_value = nc[target][0] for p in payloads: if append: nc[target] = [ original_value + p, ] else: nc[target] = [ p, ] n_content = urlencode(nc) r_new = r.copy() r_new.raw_content = n_content r_new.content = n_content r_new.injection_point = target r_new.payload = p r_new.update_content_length() rs.append(r_new) return rs
def _inject_query(r, target, payloads, append): rs = [] i_pts = parse_qs(r.query) if target in i_pts: nq = i_pts.copy() parsed_url = urlparse.urlparse(r.url) # ASSUMPTION: When injecting in a query, the parameter is not polluted original_value = nq[target][0] for p in payloads: if append: nq[target] = [ original_value + p, ] else: nq[target] = [ p, ] s = list(parsed_url) s[4] = urlencode(nq) r_new = r.copy() r_new.url = urlparse.urlunparse(s) r_new.injection_point = target r_new.payload = p rs.append(r_new) return rs
def _inject_post(r, value, pds): rs = [] i_pts = parse_qs(r.content) if value in i_pts: nc = i_pts.copy() for p in pds: nc[value] = [p, ] n_content = urlencode(nc) r_new = r.copy() r_new.raw_content = n_content r_new.content = n_content r_new.injection_point = value r_new.payload = p r_new.update_content_length() rs.append(r_new) return rs
def _inject_query(r, value, pds): rs = [] i_pts = parse_qs(r.query) if value in i_pts: nq = i_pts.copy() parsed_url = urlparse.urlparse(r.url) for p in pds: nq[value] = [p, ] s = list(parsed_url) s[4] = urlencode(nq) r_new = r.copy() r_new.url = urlparse.urlunparse(s) r_new.injection_point = value r_new.payload = p rs.append(r_new) return rs
def _inject_query(r, target, payloads, append): rs = [] i_pts = parse_qs(r.query) if target in i_pts: nq = i_pts.copy() parsed_url = urlparse.urlparse(r.url) # ASSUMPTION: When injecting in a query, the parameter is not polluted original_value = nq[target][0] for p in payloads: if append: nq[target] = [ original_value + p, ] else: nq[target] = [p, ] s = list(parsed_url) s[4] = urlencode(nq) r_new = r.copy() r_new.url = urlparse.urlunparse(s) r_new.injection_point = target r_new.payload = p rs.append(r_new) return rs
def _inject_post(r, target, payloads, append): rs = [] i_pts = parse_qs(r.content) if target in i_pts: nc = i_pts.copy() # ASSUMPTION: When injecting in the request body, the parameter is not # polluted original_value = nc[target][0] for p in payloads: if append: nc[target] = [ original_value + p, ] else: nc[target] = [p, ] n_content = urlencode(nc) r_new = r.copy() r_new.raw_content = n_content r_new.content = n_content r_new.injection_point = target r_new.payload = p r_new.update_content_length() rs.append(r_new) return rs