few reverts

This commit is contained in:
Miroslav Stampar 2011-02-06 22:10:28 +00:00
parent b9b2fe0e7c
commit 078a2207cc
3 changed files with 4 additions and 1 deletions

View File

@ -200,6 +200,7 @@ def checkSqlInjection(place, parameter, value):
# Parse test's <request>
comment = agent.getComment(test.request)
fstPayload = agent.cleanupPayload(test.request.payload, value)
fstPayload = unescaper.unescape(fstPayload, dbms=dbms)
for boundary in conf.boundaries:
injectable = False
@ -286,6 +287,7 @@ def checkSqlInjection(place, parameter, value):
# In case of boolean-based blind SQL injection
if method == PAYLOAD.METHOD.COMPARISON:
sndPayload = agent.cleanupPayload(test.response.comparison, value)
sndPayload = unescaper.unescape(sndPayload, dbms=dbms)
# Forge response payload by prepending with
# boundary's prefix and appending the boundary's

View File

@ -241,7 +241,7 @@ class Agent:
errMsg += "knowledge of underlying DBMS"
raise sqlmapNoneDataException, errMsg
payload = unescaper.unescape(payload)
#payload = unescaper.unescape(payload)
return payload

View File

@ -48,6 +48,7 @@ def __oneShotErrorUse(expression, field):
# Forge the error-based SQL injection request
vector = agent.cleanupPayload(kb.injection.data[PAYLOAD.TECHNIQUE.ERROR].vector)
query = unescaper.unescape(vector)
query = agent.prefixQuery(query)
query = agent.suffixQuery(query)
injExpression = expression.replace(field, nulledCastedField, 1)