sqlmapproject/sqlmap
1
1
Fork 0
mirror of https://github.com/sqlmapproject/sqlmap.git synced 2025-10-31 16:07:55 +03:00
Code Issues Packages Projects Releases Wiki Activity

minor update of heuristic check

Browse Source
This commit is contained in:
Miroslav Stampar 2010-12-21 12:56:18 +00:00
parent 16f1f4e13e
commit 0e68248f60
1 changed files with 3 additions and 2 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

5
lib/controller/checks.py
View File

@ -16,6 +16,7 @@ from difflib import SequenceMatcher
from lib.core.agent import agent
from lib.core.common import beep
from lib.core.common import extractRegexResult
from lib.core.common import getCompiledRegex
from lib.core.common import getUnicode
from lib.core.common import popValue
from lib.core.common import pushValue
@ -448,8 +449,8 @@ def heuristicCheckSqlInjection(place, parameter, value):
payload = "%s%s%s%s" % (value, prefix, randomStr(length=10, alphabet=['"', '\'', ')', '(']), suffix)
payload = agent.payload(place, parameter, value, payload)
Request.queryPage(payload, place, raise404=False)
result = wasLastRequestDBMSError()
page, _ = Request.queryPage(payload, place, content=True, raise404=False)
result = wasLastRequestDBMSError() or getCompiledRegex('(Error)|(Warning)|(Exception)', re.I|re.M).search(page)
infoMsg = "heuristic test shows that %s " % place
infoMsg += "parameter '%s' might " % parameter