mirror of
https://github.com/sqlmapproject/sqlmap.git
synced 2024-11-22 09:36:35 +03:00
--technique can now be something like 123 which includes both techniques 1, 2 and 3
This commit is contained in:
parent
7ebc1ab90a
commit
22cd49a217
|
@ -93,10 +93,10 @@ def checkSqlInjection(place, parameter, value):
|
|||
|
||||
# Skip test if the user's wants to test only for a specific
|
||||
# technique
|
||||
if conf.technique and isinstance(conf.technique, int) and stype != conf.technique:
|
||||
if isinstance(conf.technique, list) and stype not in conf.technique:
|
||||
debugMsg = "skipping test '%s' because the user " % title
|
||||
debugMsg += "specified to test only for "
|
||||
debugMsg += "%s" % PAYLOAD.SQLINJECTION[conf.technique]
|
||||
debugMsg += "%s" % ",".join(map(lambda x: PAYLOAD.SQLINJECTION[x], conf.technique))
|
||||
logger.debug(debugMsg)
|
||||
continue
|
||||
|
||||
|
|
|
@ -2147,7 +2147,7 @@ def isTechniqueAvailable(technique=None):
|
|||
technique specified
|
||||
"""
|
||||
|
||||
if conf.technique and technique != conf.technique:
|
||||
if isinstance(conf.technique, list) and technique not in conf.technique:
|
||||
return False
|
||||
else:
|
||||
return getTechniqueData(technique) is not None
|
||||
|
|
|
@ -581,10 +581,12 @@ def __setTechnique():
|
|||
if not isinstance(conf.technique, int):
|
||||
return
|
||||
|
||||
if conf.technique < 0 or conf.technique > 5:
|
||||
errMsg = "the value of --technique must be an integer "
|
||||
errMsg += "between 0 and 5"
|
||||
raise sqlmapSyntaxException, errMsg
|
||||
techniques = []
|
||||
while conf.technique > 0:
|
||||
techniques.append(conf.technique % 10)
|
||||
conf.technique /= 10
|
||||
|
||||
conf.technique = techniques
|
||||
|
||||
def __setDBMS():
|
||||
"""
|
||||
|
|
|
@ -13,6 +13,7 @@ from lib.core.common import Backend
|
|||
from lib.core.common import Format
|
||||
from lib.core.common import dataToSessionFile
|
||||
from lib.core.common import getFilteredPageContent
|
||||
from lib.core.common import intersect
|
||||
from lib.core.common import readInput
|
||||
from lib.core.convert import base64pickle
|
||||
from lib.core.convert import base64unpickle
|
||||
|
@ -49,9 +50,8 @@ def setInjection(inj):
|
|||
or ( kb.resumedQueries.has_key(conf.url) and
|
||||
( not kb.resumedQueries[conf.url].has_key("Injection data")
|
||||
or ( kb.resumedQueries[conf.url].has_key("Injection data")
|
||||
and isinstance(conf.technique, int) and conf.technique > 0
|
||||
and conf.technique not in
|
||||
base64unpickle(kb.resumedQueries[conf.url]["Injection data"][:-1]).data
|
||||
and intersect(base64unpickle(kb.resumedQueries[conf.url]["Injection data"][:-1]).data,\
|
||||
inj.data.keys()) != inj.data.keys()
|
||||
) ) ) )
|
||||
|
||||
if condition:
|
||||
|
@ -164,7 +164,7 @@ def resumeConfKb(expression, url, value):
|
|||
if injection.place in conf.paramDict and \
|
||||
injection.parameter in conf.paramDict[injection.place]:
|
||||
|
||||
if not conf.technique or ( conf.technique in injection.data ):
|
||||
if not conf.technique or intersect(conf.technique, injection.data):
|
||||
kb.injections.append(injection)
|
||||
else:
|
||||
warnMsg = "there is an injection in %s parameter '%s' " % (injection.place, injection.parameter)
|
||||
|
|
Loading…
Reference in New Issue
Block a user