sqlmapproject/sqlmap
1
1
Fork 0
mirror of https://github.com/sqlmapproject/sqlmap.git synced 2025-01-24 16:24:25 +03:00
Code Issues Packages Projects Releases Wiki Activity

fix for a bug (--predict-output) noticed by Bernardo

Browse Source
This commit is contained in:
Miroslav Stampar 2011-01-31 15:00:41 +00:00
parent 60a2364f2b
commit 25463bc67c
2 changed files with 11 additions and 3 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

6
lib/core/settings.py
View File

@ -80,6 +80,12 @@ INFERENCE_BLANK_BREAK = 15
# use this replacement character for cases when inference is not able to retrieve the proper character value # use this replacement character for cases when inference is not able to retrieve the proper character value
INFERENCE_UNKNOWN_CHAR = '?' INFERENCE_UNKNOWN_CHAR = '?'
# character used for operation "greater" in inference
INFERENCE_GREATER_CHAR = ">"
# character used for operation "equals" in inference
INFERENCE_EQUALS_CHAR = "="
# string used for representation of unknown dbms version # string used for representation of unknown dbms version
UNKNOWN_DBMS_VERSION = "Unknown" UNKNOWN_DBMS_VERSION = "Unknown"

8
lib/techniques/blind/inference.py
View File

@ -38,6 +38,8 @@ from lib.core.progress import ProgressBar
from lib.core.settings import CHAR_INFERENCE_MARK from lib.core.settings import CHAR_INFERENCE_MARK
from lib.core.settings import INFERENCE_BLANK_BREAK from lib.core.settings import INFERENCE_BLANK_BREAK
from lib.core.settings import INFERENCE_UNKNOWN_CHAR from lib.core.settings import INFERENCE_UNKNOWN_CHAR
from lib.core.settings import INFERENCE_GREATER_CHAR
from lib.core.settings import INFERENCE_EQUALS_CHAR
from lib.core.unescaper import unescaper from lib.core.unescaper import unescaper
from lib.request.connect import Connect as Request from lib.request.connect import Connect as Request
@ -129,7 +131,7 @@ def bisection(payload, expression, length=None, charsetType=None, firstChar=None
else: else:
posValue = ord(hintValue[idx-1]) posValue = ord(hintValue[idx-1])
forgedPayload = safeStringFormat(payload.replace('%3E', '%3D'), (expressionUnescaped, idx, posValue)) forgedPayload = safeStringFormat(payload.replace(INFERENCE_GREATER_CHAR, INFERENCE_EQUALS_CHAR), (expressionUnescaped, idx, posValue))
queriesCount[0] += 1 queriesCount[0] += 1
result = Request.queryPage(forgedPayload, timeBasedCompare=timeBasedCompare, raise404=False) result = Request.queryPage(forgedPayload, timeBasedCompare=timeBasedCompare, raise404=False)
@ -163,7 +165,7 @@ def bisection(payload, expression, length=None, charsetType=None, firstChar=None
charTbl.remove(ord('\n')) charTbl.remove(ord('\n'))
if len(charTbl) == 1: if len(charTbl) == 1:
forgedPayload = safeStringFormat(payload.replace('%3E', '%3D'), (expressionUnescaped, idx, charTbl[0])) forgedPayload = safeStringFormat(payload.replace(INFERENCE_GREATER_CHAR, INFERENCE_EQUALS_CHAR), (expressionUnescaped, idx, charTbl[0]))
queriesCount[0] += 1 queriesCount[0] += 1
result = Request.queryPage(forgedPayload, timeBasedCompare=timeBasedCompare, raise404=False) result = Request.queryPage(forgedPayload, timeBasedCompare=timeBasedCompare, raise404=False)
@ -239,7 +241,7 @@ def bisection(payload, expression, length=None, charsetType=None, firstChar=None
# both minValue and character afterwards are possible # both minValue and character afterwards are possible
# candidates # candidates
for retVal in (originalTbl[originalTbl.index(minValue)], originalTbl[originalTbl.index(minValue) + 1]): for retVal in (originalTbl[originalTbl.index(minValue)], originalTbl[originalTbl.index(minValue) + 1]):
forgedPayload = safeStringFormat(payload.replace('%3E', '%3D'), (expressionUnescaped, idx, retVal)) forgedPayload = safeStringFormat(payload.replace(INFERENCE_GREATER_CHAR, INFERENCE_EQUALS_CHAR), (expressionUnescaped, idx, retVal))
queriesCount[0] += 1 queriesCount[0] += 1
result = Request.queryPage(forgedPayload, timeBasedCompare=timeBasedCompare, raise404=False) result = Request.queryPage(forgedPayload, timeBasedCompare=timeBasedCompare, raise404=False)