few reverts

2025-02-03 05:04:11 +03:00 · 2011-02-06 22:10:28 +00:00 · 2011-02-06 22:10:28 +00:00 · 078a2207cc
commit 078a2207cc
parent b9b2fe0e7c
3 changed files with 4 additions and 1 deletions
--- a/lib/controller/checks.py
+++ b/lib/controller/checks.py
@ -200,6 +200,7 @@ def checkSqlInjection(place, parameter, value):
            # Parse test's <request>
            comment = agent.getComment(test.request)
            fstPayload = agent.cleanupPayload(test.request.payload, value)
+            fstPayload = unescaper.unescape(fstPayload, dbms=dbms)

            for boundary in conf.boundaries:
                injectable = False
@ -286,6 +287,7 @@ def checkSqlInjection(place, parameter, value):
                        # In case of boolean-based blind SQL injection
                        if method == PAYLOAD.METHOD.COMPARISON:
                            sndPayload = agent.cleanupPayload(test.response.comparison, value)
+                            sndPayload = unescaper.unescape(sndPayload, dbms=dbms)

                            # Forge response payload by prepending with
                            # boundary's prefix and appending the boundary's
--- a/lib/core/agent.py
+++ b/lib/core/agent.py
@ -241,7 +241,7 @@ class Agent:
                errMsg += "knowledge of underlying DBMS"
                raise sqlmapNoneDataException, errMsg

-        payload = unescaper.unescape(payload)
+        #payload = unescaper.unescape(payload)

        return payload

--- a/lib/techniques/error/use.py
+++ b/lib/techniques/error/use.py
@ -48,6 +48,7 @@ def __oneShotErrorUse(expression, field):

    # Forge the error-based SQL injection request
    vector = agent.cleanupPayload(kb.injection.data[PAYLOAD.TECHNIQUE.ERROR].vector)
+    query = unescaper.unescape(vector)
    query = agent.prefixQuery(query)
    query = agent.suffixQuery(query)
    injExpression = expression.replace(field, nulledCastedField, 1)