sqlmapproject/sqlmap
1
1
Fork 0
mirror of https://github.com/sqlmapproject/sqlmap.git synced 2024-11-25 11:03:47 +03:00
Code Issues Packages Projects Releases Wiki Activity

automatically extending ranges for UNION tests in case where at least one other injection technique is usable (boundaries has been established)

Browse Source
This commit is contained in:
Miroslav Stampar 2012-04-23 13:41:36 +00:00
parent eb73cab636
commit 3532d23933
2 changed files with 16 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

15
lib/controller/checks.py
View File

@ -34,6 +34,7 @@ from lib.core.common import randomInt
from lib.core.common import randomStr from lib.core.common import randomStr
from lib.core.common import readInput from lib.core.common import readInput
from lib.core.common import showStaticWords from lib.core.common import showStaticWords
from lib.core.common import singleTimeLogMessage
from lib.core.common import singleTimeWarnMessage from lib.core.common import singleTimeWarnMessage
from lib.core.common import wasLastRequestDBMSError from lib.core.common import wasLastRequestDBMSError
from lib.core.common import wasLastRequestHTTPError from lib.core.common import wasLastRequestHTTPError
@ -108,6 +109,20 @@ def checkSqlInjection(place, parameter, value):
logger.debug(debugMsg) logger.debug(debugMsg)
continue continue
match = re.search(r"(\d+)-(\d+)", test.request.columns)
if injection.data and match:
lower, upper = int(match.group(1)), int(match.group(2))
for _ in (lower, upper):
if _ > 1:
infoMsg = "automatically extending ranges "
infoMsg += "for further UNION query injection technique tests as "
infoMsg += "there is at least one other injection technique found"
singleTimeLogMessage(infoMsg)
test.request.columns = re.sub(r"\b%d\b" % _, str(2 * _), test.request.columns)
title = re.sub(r"\b%d\b" % _, str(2 * _), title)
test.title = re.sub(r"\b%d\b" % _, str(2 * _), test.title)
# Skip test if the user's wants to test only for a specific # Skip test if the user's wants to test only for a specific
# technique # technique
if conf.tech and isinstance(conf.tech, list) and stype not in conf.tech: if conf.tech and isinstance(conf.tech, list) and stype not in conf.tech:

2
lib/techniques/union/test.py
View File

@ -59,7 +59,7 @@ def __findUnionCharCount(comment, place, parameter, value, prefix, suffix, where
infoMsg += "This should reduce the time needed " infoMsg += "This should reduce the time needed "
infoMsg += "to find the right number " infoMsg += "to find the right number "
infoMsg += "of query columns. Automatically extending the " infoMsg += "of query columns. Automatically extending the "
infoMsg += "range for UNION query injection technique" infoMsg += "range for current UNION query injection technique test"
singleTimeLogMessage(infoMsg) singleTimeLogMessage(infoMsg)
lowCols, highCols = 1, ORDER_BY_STEP lowCols, highCols = 1, ORDER_BY_STEP