mirror of
https://github.com/sqlmapproject/sqlmap.git
synced 2024-11-29 04:53:48 +03:00
automatically extending ranges for UNION tests in case where at least one other injection technique is usable (boundaries has been established)
This commit is contained in:
parent
eb73cab636
commit
3532d23933
|
@ -34,6 +34,7 @@ from lib.core.common import randomInt
|
||||||
from lib.core.common import randomStr
|
from lib.core.common import randomStr
|
||||||
from lib.core.common import readInput
|
from lib.core.common import readInput
|
||||||
from lib.core.common import showStaticWords
|
from lib.core.common import showStaticWords
|
||||||
|
from lib.core.common import singleTimeLogMessage
|
||||||
from lib.core.common import singleTimeWarnMessage
|
from lib.core.common import singleTimeWarnMessage
|
||||||
from lib.core.common import wasLastRequestDBMSError
|
from lib.core.common import wasLastRequestDBMSError
|
||||||
from lib.core.common import wasLastRequestHTTPError
|
from lib.core.common import wasLastRequestHTTPError
|
||||||
|
@ -108,6 +109,20 @@ def checkSqlInjection(place, parameter, value):
|
||||||
logger.debug(debugMsg)
|
logger.debug(debugMsg)
|
||||||
continue
|
continue
|
||||||
|
|
||||||
|
match = re.search(r"(\d+)-(\d+)", test.request.columns)
|
||||||
|
if injection.data and match:
|
||||||
|
lower, upper = int(match.group(1)), int(match.group(2))
|
||||||
|
for _ in (lower, upper):
|
||||||
|
if _ > 1:
|
||||||
|
infoMsg = "automatically extending ranges "
|
||||||
|
infoMsg += "for further UNION query injection technique tests as "
|
||||||
|
infoMsg += "there is at least one other injection technique found"
|
||||||
|
singleTimeLogMessage(infoMsg)
|
||||||
|
|
||||||
|
test.request.columns = re.sub(r"\b%d\b" % _, str(2 * _), test.request.columns)
|
||||||
|
title = re.sub(r"\b%d\b" % _, str(2 * _), title)
|
||||||
|
test.title = re.sub(r"\b%d\b" % _, str(2 * _), test.title)
|
||||||
|
|
||||||
# Skip test if the user's wants to test only for a specific
|
# Skip test if the user's wants to test only for a specific
|
||||||
# technique
|
# technique
|
||||||
if conf.tech and isinstance(conf.tech, list) and stype not in conf.tech:
|
if conf.tech and isinstance(conf.tech, list) and stype not in conf.tech:
|
||||||
|
|
|
@ -59,7 +59,7 @@ def __findUnionCharCount(comment, place, parameter, value, prefix, suffix, where
|
||||||
infoMsg += "This should reduce the time needed "
|
infoMsg += "This should reduce the time needed "
|
||||||
infoMsg += "to find the right number "
|
infoMsg += "to find the right number "
|
||||||
infoMsg += "of query columns. Automatically extending the "
|
infoMsg += "of query columns. Automatically extending the "
|
||||||
infoMsg += "range for UNION query injection technique"
|
infoMsg += "range for current UNION query injection technique test"
|
||||||
singleTimeLogMessage(infoMsg)
|
singleTimeLogMessage(infoMsg)
|
||||||
|
|
||||||
lowCols, highCols = 1, ORDER_BY_STEP
|
lowCols, highCols = 1, ORDER_BY_STEP
|
||||||
|
|
Loading…
Reference in New Issue
Block a user