sqlmapproject/sqlmap
1
1
Fork 0
mirror of https://github.com/sqlmapproject/sqlmap.git synced 2024-11-25 11:03:47 +03:00
Code Issues Packages Projects Releases Wiki Activity

More adjustments related to unescape() and cleanupPayload().

Browse Source 
Minor code cleanup related to error-based payload.
This commit is contained in:
Bernardo Damele 2011-02-06 23:27:56 +00:00
parent 6a71629575
commit 061f56daf9
3 changed files with 13 additions and 17 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

14
lib/controller/checks.py
View File

@ -166,10 +166,6 @@ def checkSqlInjection(place, parameter, value):
continue
# Force back-end DBMS according to the current
# test value for proper payload unescaping
Backend.forceDbms(dbms)
# Skip test if it does not match the same SQL injection clause
# already identified by another test
clauseMatch = False
@ -196,9 +192,13 @@ def checkSqlInjection(place, parameter, value):
infoMsg = "testing '%s'" % title
logger.info(infoMsg)
# Force back-end DBMS according to the current
# test value for proper payload unescaping
Backend.forceDbms(dbms)
# Parse test's <request>
comment = agent.getComment(test.request)
fstPayload = agent.cleanupPayload(test.request.payload, value)
fstPayload = agent.cleanupPayload(test.request.payload, origValue=value)
for boundary in conf.boundaries:
injectable = False
@ -279,11 +279,11 @@ def checkSqlInjection(place, parameter, value):
# payload was successful
# Parse test's <response>
for method, check in test.response.items():
check = agent.cleanupPayload(check, value)
check = agent.cleanupPayload(check, origValue=value)
# In case of boolean-based blind SQL injection
if method == PAYLOAD.METHOD.COMPARISON:
sndPayload = agent.cleanupPayload(test.response.comparison, value)
sndPayload = agent.cleanupPayload(test.response.comparison, origValue=value)
# Forge response payload by prepending with
# boundary's prefix and appending the boundary's

14
lib/core/agent.py
View File

@ -139,6 +139,7 @@ class Agent:
if conf.direct:
return self.payloadDirect(expression)
expression = self.cleanupPayload(expression)
expression = unescaper.unescape(expression)
query = None
@ -167,7 +168,6 @@ class Agent:
query += " "
query = "%s%s" % (query, expression)
query = self.cleanupPayload(query)
return query
@ -180,6 +180,7 @@ class Agent:
if conf.direct:
return self.payloadDirect(expression)
expression = self.cleanupPayload(expression)
expression = unescaper.unescape(expression)
if comment is not None:
@ -198,11 +199,9 @@ class Agent:
elif suffix is not None:
expression += " %s" % suffix
expression = self.cleanupPayload(expression)
return expression.rstrip()
def cleanupPayload(self, payload, origvalue=None, query=None):
def cleanupPayload(self, payload, origValue=None):
if payload is None:
return
@ -220,11 +219,8 @@ class Agent:
payload = payload.replace("[SPACE_REPLACE]", kb.misc.space)
payload = payload.replace("[SLEEPTIME]", str(conf.timeSec))
if query is not None:
payload = payload.replace("[QUERY]", query.lstrip())
if origvalue is not None:
payload = payload.replace("[ORIGVALUE]", origvalue)
if origValue is not None:
payload = payload.replace("[ORIGVALUE]", origValue)
if "[INFERENCE]" in payload:
if Backend.getIdentifiedDbms() is not None:

2
lib/techniques/error/use.py
View File

@ -47,7 +47,7 @@ def __oneShotErrorUse(expression, field):
nulledCastedField = nulledCastedField.replace("AS CHAR)", "AS CHAR(%d))" % MYSQL_ERROR_TRIM_LENGTH)
# Forge the error-based SQL injection request
vector = agent.cleanupPayload(kb.injection.data[PAYLOAD.TECHNIQUE.ERROR].vector)
vector = kb.injection.data[PAYLOAD.TECHNIQUE.ERROR].vector
query = agent.prefixQuery(vector)
query = agent.suffixQuery(query)
injExpression = expression.replace(field, nulledCastedField, 1)