sqlmapproject/sqlmap
1
1
Fork 0
mirror of https://github.com/sqlmapproject/sqlmap.git synced 2024-11-22 09:36:35 +03:00
Code Issues Packages Projects Releases Wiki Activity

minor adjustment

Browse Source
This commit is contained in:
Bernardo Damele 2013-02-15 16:28:09 +00:00
parent 35aa785870
commit 0e7f771be6
1 changed files with 2 additions and 2 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

4
lib/techniques/blind/inference.py
View File

@ -485,7 +485,7 @@ def bisection(payload, expression, length=None, charsetType=None, firstChar=None
testValue = unescaper.escape("'%s'" % commonValue) if "'" not in commonValue else unescaper.escape("%s" % commonValue, quote=False) testValue = unescaper.escape("'%s'" % commonValue) if "'" not in commonValue else unescaper.escape("%s" % commonValue, quote=False)
if timeBasedCompare: if timeBasedCompare:
query = kb.injection.data[kb.technique].vector.replace("[RANDNUM]", testValue) query = kb.injection.data[kb.technique].vector
query = agent.prefixQuery(query.replace("[INFERENCE]", "(%s)=%s" % (expressionUnescaped, testValue))) query = agent.prefixQuery(query.replace("[INFERENCE]", "(%s)=%s" % (expressionUnescaped, testValue)))
else: else:
query = agent.prefixQuery(safeStringFormat("AND (%s)=%s", (expressionUnescaped, testValue))) query = agent.prefixQuery(safeStringFormat("AND (%s)=%s", (expressionUnescaped, testValue)))
@ -512,7 +512,7 @@ def bisection(payload, expression, length=None, charsetType=None, firstChar=None
testValue = unescaper.escape("'%s'" % commonPattern) if "'" not in commonPattern else unescaper.escape("%s" % commonPattern, quote=False) testValue = unescaper.escape("'%s'" % commonPattern) if "'" not in commonPattern else unescaper.escape("%s" % commonPattern, quote=False)
if timeBasedCompare: if timeBasedCompare:
query = kb.injection.data[kb.technique].vector.replace("[RANDNUM]", testValue) query = kb.injection.data[kb.technique].vector
query = agent.prefixQuery(query.replace("[INFERENCE]", "(%s)=%s" % (subquery, testValue))) query = agent.prefixQuery(query.replace("[INFERENCE]", "(%s)=%s" % (subquery, testValue)))
else: else:
query = agent.prefixQuery(safeStringFormat("AND (%s)=%s", (subquery, testValue))) query = agent.prefixQuery(safeStringFormat("AND (%s)=%s", (subquery, testValue)))