Skip to content

Commit

Permalink
.
Browse files Browse the repository at this point in the history
  • Loading branch information
@kazet
kazet committed Nov 1, 2023
1 parent d7ead6c commit dc8f3a1
Showing 1 changed file with 1 addition and 1 deletion.
2 changes: 1 addition & 1 deletion karton_sqlmap/karton_sqlmap.py
View file
Original file line number Diff line number Diff line change
Expand Up @@ -144,14 +144,14 @@ def _run_on_single_url(self, url: str) -> Optional[FoundSQLInjection]:
@staticmethod
def _expand_query_parameters_for_scanning(url: str) -> List[str]:
url_parsed = urllib.parse.urlparse(url)
# let's keep only the first value of a parameter
query = {
key: value[0] for key, value in urllib.parse.parse_qs(url_parsed.query, keep_blank_values=True).items()
}

results = []
for key in query:
new_query = copy.copy(query)
# this doesn't support multiple parameters with the same name, but nobody uses that
token = "__sqlmap_injection_point__"
for item in [new_query[key] + token, token]:
new_query[key] = item
Expand Down

0 comments on commit dc8f3a1

Please sign in to comment.