mirror of
				https://github.com/sqlmapproject/sqlmap.git
				synced 2025-10-25 05:01:32 +03:00 
			
		
		
		
	Minor fix to check for inline query payloads regardless of previously identified payloads and code cleanup
This commit is contained in:
		
							parent
							
								
									3b3205c532
								
							
						
					
					
						commit
						214b9360e9
					
				|  | @ -179,7 +179,6 @@ def checkSqlInjection(place, parameter, value): | |||
|                 logger.debug(debugMsg) | ||||
|                 continue | ||||
| 
 | ||||
| 
 | ||||
|             # Skip DBMS-specific test if it does not match either the | ||||
|             # previously identified or the user's provided DBMS (either | ||||
|             # from program switch or from parsed error message(s)) | ||||
|  | @ -250,11 +249,11 @@ def checkSqlInjection(place, parameter, value): | |||
| 
 | ||||
|             if clause != [0] and injection.clause and injection.clause != [0] and not clauseMatch: | ||||
|                 debugMsg = "skipping test '%s' because the clauses " % title | ||||
|                 debugMsg += "differs from the clause already identified" | ||||
|                 debugMsg += "differ from the clause already identified" | ||||
|                 logger.debug(debugMsg) | ||||
|                 continue | ||||
| 
 | ||||
|             # Skip test if the user provided custom character | ||||
|             # Skip test if the user provided custom character (for UNION-based payloads) | ||||
|             if conf.uChar is not None and ("random number" in title or "(NULL)" in title): | ||||
|                 debugMsg = "skipping test '%s' because the user " % title | ||||
|                 debugMsg += "provided a specific character, %s" % conf.uChar | ||||
|  | @ -314,14 +313,13 @@ def checkSqlInjection(place, parameter, value): | |||
|                 # Parse boundary's <prefix>, <suffix> and <ptype> | ||||
|                 prefix = boundary.prefix if boundary.prefix else "" | ||||
|                 suffix = boundary.suffix if boundary.suffix else "" | ||||
|                 ptype = boundary.ptype | ||||
| 
 | ||||
|                 # Options --prefix/--suffix have a higher priority (if set by user) | ||||
|                 prefix = conf.prefix if conf.prefix is not None else prefix | ||||
|                 suffix = conf.suffix if conf.suffix is not None else suffix | ||||
|                 comment = None if conf.suffix is not None else comment | ||||
| 
 | ||||
|                 ptype = boundary.ptype | ||||
| 
 | ||||
|                 # If the previous injections succeeded, we know which prefix, | ||||
|                 # suffix and parameter type to use for further tests, no | ||||
|                 # need to cycle through the boundaries for the following tests | ||||
|  | @ -329,7 +327,9 @@ def checkSqlInjection(place, parameter, value): | |||
|                 condBound &= (injection.prefix != prefix or injection.suffix != suffix) | ||||
|                 condType = injection.ptype is not None and injection.ptype != ptype | ||||
| 
 | ||||
|                 if condBound or condType: | ||||
|                 # If the payload is an inline query test for it regardless | ||||
|                 # of previously identified injection types | ||||
|                 if stype != PAYLOAD.TECHNIQUE.QUERY and (condBound or condType): | ||||
|                     continue | ||||
| 
 | ||||
|                 # For each test's <where> | ||||
|  |  | |||
		Loading…
	
		Reference in New Issue
	
	Block a user