sqlmap automatically inserts double quotes after a comma #4990
Description
Describe the bug
When using a custom request file, sqlmap automatically adds double quotes (") around certain payloads if a custom injection marker is behind a comma, regardless of any tampers.
To Reproduce
- Create a custom request file and set the contents to this:
POST / HTTP/1.1
Host: http://google.com
Content-Type: application/json
{
"test": ", *"
}
- Run
python sqlmap.py -r request.txt -v 6(replacingrequest.txtwith whatever you named your file - Read the outgoing HTTP requests. Some requests will have an extra set of double quotes around their payloads
Expected behavior
A clear and concise description of what you expected to happen.
Running environment:
- sqlmap version: 1.6.1.6#dev
- Installation method: Extracted from zipball
- Operating system: Windows 10
- Python version: 3.9.7
Target details:
Target details are not relevant to this bug and therefore will not be provided.
Additional context
As an example, here is the file I am using.
POST / HTTP/1.1
Host: http://google.com
Content-Type: application/json
{
"test": ", *"
}
upon running the above command and reaching payload AND 4832=2796-- bMEZ, the program sends out this:
POST / HTTP/1.1
Host: google.com
Content-type: application/json
Content-length: 45
Connection: close
{
"test": "," AND 4832=2796-- bMEZ""
}
There are now an extra pair of double quotes around the payload, despite no explicit instructions to do so.
Note that this will work on any web application, including those that do not use a SQL database.