mirror of
				https://github.com/sqlmapproject/sqlmap.git
				synced 2025-10-25 21:21:03 +03:00 
			
		
		
		
	--technique can now be something like 123 which includes both techniques 1, 2 and 3
This commit is contained in:
		
							parent
							
								
									7ebc1ab90a
								
							
						
					
					
						commit
						22cd49a217
					
				|  | @ -93,10 +93,10 @@ def checkSqlInjection(place, parameter, value): | |||
| 
 | ||||
|             # Skip test if the user's wants to test only for a specific | ||||
|             # technique | ||||
|             if conf.technique and isinstance(conf.technique, int) and stype != conf.technique: | ||||
|             if isinstance(conf.technique, list) and stype not in conf.technique: | ||||
|                 debugMsg = "skipping test '%s' because the user " % title | ||||
|                 debugMsg += "specified to test only for " | ||||
|                 debugMsg += "%s" % PAYLOAD.SQLINJECTION[conf.technique] | ||||
|                 debugMsg += "%s" % ",".join(map(lambda x: PAYLOAD.SQLINJECTION[x], conf.technique)) | ||||
|                 logger.debug(debugMsg) | ||||
|                 continue | ||||
| 
 | ||||
|  |  | |||
|  | @ -2147,7 +2147,7 @@ def isTechniqueAvailable(technique=None): | |||
|     technique specified | ||||
|     """ | ||||
| 
 | ||||
|     if conf.technique and technique != conf.technique: | ||||
|     if isinstance(conf.technique, list) and technique not in conf.technique: | ||||
|         return False | ||||
|     else: | ||||
|         return getTechniqueData(technique) is not None | ||||
|  |  | |||
|  | @ -581,10 +581,12 @@ def __setTechnique(): | |||
|     if not isinstance(conf.technique, int): | ||||
|         return | ||||
| 
 | ||||
|     if conf.technique < 0 or conf.technique > 5: | ||||
|         errMsg = "the value of --technique must be an integer " | ||||
|         errMsg += "between 0 and 5" | ||||
|         raise sqlmapSyntaxException, errMsg | ||||
|     techniques = [] | ||||
|     while conf.technique > 0: | ||||
|         techniques.append(conf.technique % 10) | ||||
|         conf.technique /= 10 | ||||
| 
 | ||||
|     conf.technique = techniques | ||||
| 
 | ||||
| def __setDBMS(): | ||||
|     """ | ||||
|  |  | |||
|  | @ -13,6 +13,7 @@ from lib.core.common import Backend | |||
| from lib.core.common import Format | ||||
| from lib.core.common import dataToSessionFile | ||||
| from lib.core.common import getFilteredPageContent | ||||
| from lib.core.common import intersect | ||||
| from lib.core.common import readInput | ||||
| from lib.core.convert import base64pickle | ||||
| from lib.core.convert import base64unpickle | ||||
|  | @ -49,9 +50,8 @@ def setInjection(inj): | |||
|                   or ( kb.resumedQueries.has_key(conf.url) and | ||||
|                   ( not kb.resumedQueries[conf.url].has_key("Injection data") | ||||
|                   or ( kb.resumedQueries[conf.url].has_key("Injection data") | ||||
|                   and isinstance(conf.technique, int) and conf.technique > 0 | ||||
|                   and conf.technique not in | ||||
|                   base64unpickle(kb.resumedQueries[conf.url]["Injection data"][:-1]).data | ||||
|                   and intersect(base64unpickle(kb.resumedQueries[conf.url]["Injection data"][:-1]).data,\ | ||||
|                     inj.data.keys()) != inj.data.keys() | ||||
|                 ) ) ) ) | ||||
| 
 | ||||
|     if condition: | ||||
|  | @ -164,7 +164,7 @@ def resumeConfKb(expression, url, value): | |||
|         if injection.place in conf.paramDict and \ | ||||
|            injection.parameter in conf.paramDict[injection.place]: | ||||
| 
 | ||||
|             if not conf.technique or ( conf.technique in injection.data ): | ||||
|             if not conf.technique or intersect(conf.technique, injection.data): | ||||
|                 kb.injections.append(injection) | ||||
|         else: | ||||
|             warnMsg = "there is an injection in %s parameter '%s' " % (injection.place, injection.parameter) | ||||
|  |  | |||
		Loading…
	
		Reference in New Issue
	
	Block a user