New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
@ Symbol for $pass #8
Comments
@kwaimind You may have noticed that the script sends login data in a cURL POST request. Depending on the PHP version the data is being send as either an array or as a URL-encoded string. So, just a blind guess.. But may it be related to this? Or does it happen only when the |
Hey @eyecatchup , thanks for the update. Yes that is exactly when it happens. If I change the first symbol to a normal text character there is no issue. I hope that helps! |
Okay, I think I know what happens. When feeding The curl command line, fortunately, offers another option '--form-string', which behaves the same way as '-F', except that the 'form-string' option is not parsed. As an example, if you want to use curl to POST field1 with value "@value" and file1 with the file "testfile.txt" you can do so as follows: Even though there's no direct syntax of this in using PHP's cURL, you can still work around the issue, by the use of I'm gonna commit a patch for it now, which should fix this issue. Would be nice if you could verify that it works now, @kwaimind. |
Fix is live |
Curl's default -F switch interprets a leading @ symbol for the value as an instruction to not POST the field/value data, but instead to send the file name that immediately succeeds the symbol (as part of the POST). In order to be able to use passwords starting with an @ symbol, POST data is now being send as application/x-www-form-encoded instead of multipart/form-data whenever a password value starts with an @ symbol. (See eyecatchup/GWT_CrawlErrors-php#8 for further reference.)
Curl's default -F switch interprets a leading @ symbol for the value as an instruction to not POST the field/value data, but instead to send the file name that immediately succeeds the symbol (as part of the POST). In order to be able to use passwords starting with an @ symbol, POST data is now being send as application/x-www-form-encoded instead of multipart/form-data whenever a password value starts with an @ symbol. (See eyecatchup/GWT_CrawlErrors-php#8 for further reference.)
Curl's default -F switch interprets a leading @ symbol for the value as an instruction to not POST the field/value data, but instead to send the file name that immediately succeeds the symbol (as part of the POST). In order to be able to use passwords starting with an @ symbol, POST data is now being send as application/x-www-form-encoded instead of multipart/form-data whenever a password value starts with an @ symbol. (See eyecatchup/GWT_CrawlErrors-php#8 for further reference.)
Curl's default -F switch interprets a leading @ symbol for the value as an instruction to not POST the field/value data, but instead to send the file name that immediately succeeds the symbol (as part of the POST). In order to be able to use passwords starting with an @ symbol, POST data is now being send as application/x-www-form-encoded instead of multipart/form-data whenever a password value starts with an @ symbol. (See eyecatchup/GWT_CrawlErrors-php#8 for further reference.)
Yep @eyecatchup, that looks like its fixed now. Thanks so much! |
👍 |
@eteled START |
Hey
I was testing the
$pass
option using passwords beginning with @ and noticed that a pass starting with the @ symbol cause a bad authentication. When trying to run via a the command line, it reports back with Login Failed!.Hope you can look into this.
Dan
The text was updated successfully, but these errors were encountered: