sqlmapproject/sqlmap
1
1
Fork 0
mirror of https://github.com/sqlmapproject/sqlmap.git synced 2025-01-24 08:14:24 +03:00
Code Issues Packages Projects Releases Wiki Activity

bug fix to make --predict-output work also with time-based technique

Browse Source
This commit is contained in:
Bernardo Damele 2013-02-15 16:25:33 +00:00
parent 014e4e0055
commit 35aa785870
1 changed files with 14 additions and 2 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

16
lib/techniques/blind/inference.py
View File

@ -483,7 +483,13 @@ def bisection(payload, expression, length=None, charsetType=None, firstChar=None
if commonValue is not None: if commonValue is not None:
# One-shot query containing equals commonValue # One-shot query containing equals commonValue
testValue = unescaper.escape("'%s'" % commonValue) if "'" not in commonValue else unescaper.escape("%s" % commonValue, quote=False) testValue = unescaper.escape("'%s'" % commonValue) if "'" not in commonValue else unescaper.escape("%s" % commonValue, quote=False)
query = agent.prefixQuery(safeStringFormat("AND (%s) = %s", (expressionUnescaped, testValue)))
if timeBasedCompare:
query = kb.injection.data[kb.technique].vector.replace("[RANDNUM]", testValue)
query = agent.prefixQuery(query.replace("[INFERENCE]", "(%s)=%s" % (expressionUnescaped, testValue)))
else:
query = agent.prefixQuery(safeStringFormat("AND (%s)=%s", (expressionUnescaped, testValue)))
query = agent.suffixQuery(query) query = agent.suffixQuery(query)
result = Request.queryPage(agent.payload(newValue=query), timeBasedCompare=timeBasedCompare, raise404=False) result = Request.queryPage(agent.payload(newValue=query), timeBasedCompare=timeBasedCompare, raise404=False)
incrementCounter(kb.technique) incrementCounter(kb.technique)
@ -504,7 +510,13 @@ def bisection(payload, expression, length=None, charsetType=None, firstChar=None
# Substring-query containing equals commonPattern # Substring-query containing equals commonPattern
subquery = queries[Backend.getIdentifiedDbms()].substring.query % (expressionUnescaped, 1, len(commonPattern)) subquery = queries[Backend.getIdentifiedDbms()].substring.query % (expressionUnescaped, 1, len(commonPattern))
testValue = unescaper.escape("'%s'" % commonPattern) if "'" not in commonPattern else unescaper.escape("%s" % commonPattern, quote=False) testValue = unescaper.escape("'%s'" % commonPattern) if "'" not in commonPattern else unescaper.escape("%s" % commonPattern, quote=False)
query = agent.prefixQuery(safeStringFormat("AND (%s) = %s", (subquery, testValue)))
if timeBasedCompare:
query = kb.injection.data[kb.technique].vector.replace("[RANDNUM]", testValue)
query = agent.prefixQuery(query.replace("[INFERENCE]", "(%s)=%s" % (subquery, testValue)))
else:
query = agent.prefixQuery(safeStringFormat("AND (%s)=%s", (subquery, testValue)))
query = agent.suffixQuery(query) query = agent.suffixQuery(query)
result = Request.queryPage(agent.payload(newValue=query), timeBasedCompare=timeBasedCompare, raise404=False) result = Request.queryPage(agent.payload(newValue=query), timeBasedCompare=timeBasedCompare, raise404=False)
incrementCounter(kb.technique) incrementCounter(kb.technique)