mirror of
https://github.com/sqlmapproject/sqlmap.git
synced 2024-11-29 04:53:48 +03:00
More adjustments related to unescape() and cleanupPayload().
Minor code cleanup related to error-based payload.
This commit is contained in:
parent
6a71629575
commit
061f56daf9
|
@ -166,10 +166,6 @@ def checkSqlInjection(place, parameter, value):
|
|||
|
||||
continue
|
||||
|
||||
# Force back-end DBMS according to the current
|
||||
# test value for proper payload unescaping
|
||||
Backend.forceDbms(dbms)
|
||||
|
||||
# Skip test if it does not match the same SQL injection clause
|
||||
# already identified by another test
|
||||
clauseMatch = False
|
||||
|
@ -196,9 +192,13 @@ def checkSqlInjection(place, parameter, value):
|
|||
infoMsg = "testing '%s'" % title
|
||||
logger.info(infoMsg)
|
||||
|
||||
# Force back-end DBMS according to the current
|
||||
# test value for proper payload unescaping
|
||||
Backend.forceDbms(dbms)
|
||||
|
||||
# Parse test's <request>
|
||||
comment = agent.getComment(test.request)
|
||||
fstPayload = agent.cleanupPayload(test.request.payload, value)
|
||||
fstPayload = agent.cleanupPayload(test.request.payload, origValue=value)
|
||||
|
||||
for boundary in conf.boundaries:
|
||||
injectable = False
|
||||
|
@ -279,11 +279,11 @@ def checkSqlInjection(place, parameter, value):
|
|||
# payload was successful
|
||||
# Parse test's <response>
|
||||
for method, check in test.response.items():
|
||||
check = agent.cleanupPayload(check, value)
|
||||
check = agent.cleanupPayload(check, origValue=value)
|
||||
|
||||
# In case of boolean-based blind SQL injection
|
||||
if method == PAYLOAD.METHOD.COMPARISON:
|
||||
sndPayload = agent.cleanupPayload(test.response.comparison, value)
|
||||
sndPayload = agent.cleanupPayload(test.response.comparison, origValue=value)
|
||||
|
||||
# Forge response payload by prepending with
|
||||
# boundary's prefix and appending the boundary's
|
||||
|
|
|
@ -139,6 +139,7 @@ class Agent:
|
|||
if conf.direct:
|
||||
return self.payloadDirect(expression)
|
||||
|
||||
expression = self.cleanupPayload(expression)
|
||||
expression = unescaper.unescape(expression)
|
||||
query = None
|
||||
|
||||
|
@ -167,7 +168,6 @@ class Agent:
|
|||
query += " "
|
||||
|
||||
query = "%s%s" % (query, expression)
|
||||
query = self.cleanupPayload(query)
|
||||
|
||||
return query
|
||||
|
||||
|
@ -180,6 +180,7 @@ class Agent:
|
|||
if conf.direct:
|
||||
return self.payloadDirect(expression)
|
||||
|
||||
expression = self.cleanupPayload(expression)
|
||||
expression = unescaper.unescape(expression)
|
||||
|
||||
if comment is not None:
|
||||
|
@ -198,11 +199,9 @@ class Agent:
|
|||
elif suffix is not None:
|
||||
expression += " %s" % suffix
|
||||
|
||||
expression = self.cleanupPayload(expression)
|
||||
|
||||
return expression.rstrip()
|
||||
|
||||
def cleanupPayload(self, payload, origvalue=None, query=None):
|
||||
def cleanupPayload(self, payload, origValue=None):
|
||||
if payload is None:
|
||||
return
|
||||
|
||||
|
@ -220,11 +219,8 @@ class Agent:
|
|||
payload = payload.replace("[SPACE_REPLACE]", kb.misc.space)
|
||||
payload = payload.replace("[SLEEPTIME]", str(conf.timeSec))
|
||||
|
||||
if query is not None:
|
||||
payload = payload.replace("[QUERY]", query.lstrip())
|
||||
|
||||
if origvalue is not None:
|
||||
payload = payload.replace("[ORIGVALUE]", origvalue)
|
||||
if origValue is not None:
|
||||
payload = payload.replace("[ORIGVALUE]", origValue)
|
||||
|
||||
if "[INFERENCE]" in payload:
|
||||
if Backend.getIdentifiedDbms() is not None:
|
||||
|
|
|
@ -47,7 +47,7 @@ def __oneShotErrorUse(expression, field):
|
|||
nulledCastedField = nulledCastedField.replace("AS CHAR)", "AS CHAR(%d))" % MYSQL_ERROR_TRIM_LENGTH)
|
||||
|
||||
# Forge the error-based SQL injection request
|
||||
vector = agent.cleanupPayload(kb.injection.data[PAYLOAD.TECHNIQUE.ERROR].vector)
|
||||
vector = kb.injection.data[PAYLOAD.TECHNIQUE.ERROR].vector
|
||||
query = agent.prefixQuery(vector)
|
||||
query = agent.suffixQuery(query)
|
||||
injExpression = expression.replace(field, nulledCastedField, 1)
|
||||
|
|
Loading…
Reference in New Issue
Block a user