sqlmapproject/sqlmap
1
1
Fork 0
mirror of https://github.com/sqlmapproject/sqlmap.git synced 2024-11-25 11:03:47 +03:00
Code Issues Packages Projects Releases Wiki Activity

update regarding mysql function resolution and versionedkeywords

Browse Source
This commit is contained in:
Miroslav Stampar 2011-05-28 17:34:43 +00:00
parent bfd923fe29
commit 03ef53f00a
2 changed files with 6 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

4
lib/core/settings.py
View File

@ -342,3 +342,7 @@ DEFAULT_TOR_PORTS = (8118, 8123)
# Percentage below which comparison engine could have problems # Percentage below which comparison engine could have problems
LOW_TEXT_PERCENT = 20 LOW_TEXT_PERCENT = 20
# These MySQL keywords can't go (alone) into versioned comment form (/*!...*/)
# Reference: http://dev.mysql.com/doc/refman/5.1/en/function-resolution.html
IGNORE_SPACE_AFFECTED_KEYWORDS = ("CAST", "COUNT", "EXTRACT", "GROUP_CONCAT", "MAX", "MID", "MIN", "SESSION_USER", "SUBSTR", "SUBSTRING", "SUM", "SYSTEM_USER", "TRIM")

3
tamper/versionedkeywords.py
View File

@ -12,6 +12,7 @@ import re
from lib.core.common import randomRange from lib.core.common import randomRange
from lib.core.data import kb from lib.core.data import kb
from lib.core.enums import PRIORITY from lib.core.enums import PRIORITY
from lib.core.settings import IGNORE_SPACE_AFFECTED_KEYWORDS
__priority__ = PRIORITY.NORMAL __priority__ = PRIORITY.NORMAL
@ -23,7 +24,7 @@ def tamper(payload):
def process(match): def process(match):
word = match.group('word') word = match.group('word')
if word.upper() in kb.keywords and word.upper() not in ["CAST", "COUNT"]: # keywords that can't be commented out if word.upper() in kb.keywords and word.upper() not in IGNORE_SPACE_AFFECTED_KEYWORDS:
return match.group().replace(word, "/*!%s*/" % word) return match.group().replace(word, "/*!%s*/" % word)
else: else:
return match.group() return match.group()