mirror of
				https://github.com/sqlmapproject/sqlmap.git
				synced 2025-10-25 21:21:03 +03:00 
			
		
		
		
	more refactoring
This commit is contained in:
		
							parent
							
								
									e80a66acc5
								
							
						
					
					
						commit
						440ff639bb
					
				|  | @ -146,19 +146,18 @@ class Agent: | ||||||
|         query = str() |         query = str() | ||||||
|         case = getInjectionCase(kb.injType) |         case = getInjectionCase(kb.injType) | ||||||
| 
 | 
 | ||||||
|  |         if kb.parenthesis is not None: | ||||||
|  |             parenthesis = kb.parenthesis | ||||||
|  |         else: | ||||||
|  |             raise sqlmapNoneDataException, "unable to get the number of parenthesis" | ||||||
|  | 
 | ||||||
|         if case is None: |         if case is None: | ||||||
|             raise sqlmapNoneDataException, "unsupported injection type" |             raise sqlmapNoneDataException, "unsupported injection type" | ||||||
| 
 | 
 | ||||||
|         if conf.prefix: |         if conf.prefix: | ||||||
|             query = conf.prefix |             query = conf.prefix | ||||||
|         else: |         else: | ||||||
|             if case.usage.prefix._has_key('value'): |             query = case.usage.prefix.format % eval(case.usage.prefix.params) | ||||||
|                 query = case.usage.prefix.value |  | ||||||
|             elif case.usage.prefix._has_key('format'): |  | ||||||
|                 query = case.usage.prefix.format % eval(case.usage.prefix.params) |  | ||||||
| 
 |  | ||||||
|             if kb.parenthesis not in ( None, 0 ): |  | ||||||
|                 query += "%s " % (")" * kb.parenthesis) |  | ||||||
| 
 | 
 | ||||||
|         query += string |         query += string | ||||||
| 
 | 
 | ||||||
|  | @ -181,21 +180,18 @@ class Agent: | ||||||
|         randInt = randomInt() |         randInt = randomInt() | ||||||
|         randStr = randomStr() |         randStr = randomStr() | ||||||
| 
 | 
 | ||||||
|  |         if kb.parenthesis is not None: | ||||||
|  |             parenthesis = kb.parenthesis | ||||||
|  |         else: | ||||||
|  |             raise sqlmapNoneDataException, "unable to get the number of parenthesis" | ||||||
|  | 
 | ||||||
|         if comment: |         if comment: | ||||||
|             string += comment |             string += comment | ||||||
| 
 | 
 | ||||||
|         if conf.postfix: |         if conf.postfix: | ||||||
|             string += " %s" % conf.postfix |             string += " %s" % conf.postfix | ||||||
|         else: |         else: | ||||||
|             if kb.parenthesis is not None: |             string += case.usage.postfix.format % eval(case.usage.postfix.params) | ||||||
|                 string += " AND %s" % ("(" * kb.parenthesis) |  | ||||||
|             else: |  | ||||||
|                 raise sqlmapNoneDataException, "unable to get the number of parenthesis" |  | ||||||
| 
 |  | ||||||
|             if case.usage.postfix._has_key('value'): |  | ||||||
|                 string += case.usage.postfix.value |  | ||||||
|             elif case.usage.postfix._has_key('format'): |  | ||||||
|                 string += case.usage.postfix.format % eval(case.usage.postfix.params) |  | ||||||
| 
 | 
 | ||||||
|         return replaceSpaces(string) |         return replaceSpaces(string) | ||||||
| 
 | 
 | ||||||
|  |  | ||||||
|  | @ -56,16 +56,11 @@ def checkForParenthesis(): | ||||||
|         return |         return | ||||||
| 
 | 
 | ||||||
|     for parenthesis in range(1, 4): |     for parenthesis in range(1, 4): | ||||||
|         query  = agent.prefixQuery("%s " % (")" * parenthesis)) |  | ||||||
|         query += "AND %s" % ("(" * parenthesis) |  | ||||||
| 
 |  | ||||||
|         randInt = randomInt() |         randInt = randomInt() | ||||||
|         randStr = randomStr() |         randStr = randomStr() | ||||||
| 
 | 
 | ||||||
|         if case.usage.postfix._has_key('value'): |         query  = case.usage.prefix.format % eval(case.usage.prefix.params) +\ | ||||||
|             query += case.usage.postfix.value |             case.usage.postfix.format % eval(case.usage.postfix.params) | ||||||
|         elif case.usage.postfix._has_key('format'): |  | ||||||
|             query += case.usage.postfix.format % eval(case.usage.postfix.params) |  | ||||||
| 
 | 
 | ||||||
|         payload = agent.payload(newValue=query) |         payload = agent.payload(newValue=query) | ||||||
|         result = Request.queryPage(payload) |         result = Request.queryPage(payload) | ||||||
|  |  | ||||||
|  | @ -7,8 +7,8 @@ | ||||||
|             <negative format="%s%s%s AND %s%d=%d %s" params="value, prefix, ")" * parenthesis, "(" * parenthesis, randInt, randInt + 1, postfix"/> |             <negative format="%s%s%s AND %s%d=%d %s" params="value, prefix, ")" * parenthesis, "(" * parenthesis, randInt, randInt + 1, postfix"/> | ||||||
|         </test> |         </test> | ||||||
|         <usage> |         <usage> | ||||||
|             <prefix/> |             <prefix format="%s " params="')' * parenthesis"/> | ||||||
|             <postfix/> |             <postfix format=" AND %s" params="'(' * parenthesis"/> | ||||||
|         </usage> |         </usage> | ||||||
|     </case> |     </case> | ||||||
|     <case name="numeric" desc="unescaped numeric"> |     <case name="numeric" desc="unescaped numeric"> | ||||||
|  | @ -17,8 +17,8 @@ | ||||||
|             <negative format="%s%s AND %s%d=%d" params="value, ")" * parenthesis, "(" * parenthesis, randInt, randInt + 1"/> |             <negative format="%s%s AND %s%d=%d" params="value, ")" * parenthesis, "(" * parenthesis, randInt, randInt + 1"/> | ||||||
|         </test> |         </test> | ||||||
|         <usage> |         <usage> | ||||||
|             <prefix/> |             <prefix format="%s " params="')' * parenthesis"/> | ||||||
|             <postfix format="%d=%d" params="randInt, randInt"/> |             <postfix format=" AND %s%d=%d" params="'(' * parenthesis, randInt, randInt"/> | ||||||
|         </usage> |         </usage> | ||||||
|     </case> |     </case> | ||||||
|     <case name="stringsingle" desc="single quoted string"> |     <case name="stringsingle" desc="single quoted string"> | ||||||
|  | @ -27,8 +27,8 @@ | ||||||
|             <negative format="%s'%s AND %s'%s'='%s" params="value, ")" * parenthesis, "(" * parenthesis, randStr, randStr + randomStr(1)"/> |             <negative format="%s'%s AND %s'%s'='%s" params="value, ")" * parenthesis, "(" * parenthesis, randStr, randStr + randomStr(1)"/> | ||||||
|         </test> |         </test> | ||||||
|         <usage> |         <usage> | ||||||
|             <prefix value="'"/> |             <prefix format="'%s " params="')' * parenthesis"/> | ||||||
|             <postfix format="'%s'='%s" params="randStr, randStr"/> |             <postfix format=" AND %s'%s'='%s" params="'(' * parenthesis, randStr, randStr"/> | ||||||
|         </usage> |         </usage> | ||||||
|     </case> |     </case> | ||||||
|     <case name="likesingle" desc="LIKE single quoted string"> |     <case name="likesingle" desc="LIKE single quoted string"> | ||||||
|  | @ -37,8 +37,8 @@ | ||||||
|             <negative format="%s'%s AND %s'%s' LIKE '%s" params="value, ")" * parenthesis, "(" * parenthesis, randStr, randStr + randomStr(1)"/> |             <negative format="%s'%s AND %s'%s' LIKE '%s" params="value, ")" * parenthesis, "(" * parenthesis, randStr, randStr + randomStr(1)"/> | ||||||
|         </test> |         </test> | ||||||
|         <usage> |         <usage> | ||||||
|             <prefix value="'"/> |             <prefix format="'%s " params="')' * parenthesis"/> | ||||||
|             <postfix format="'%s' LIKE '%s" params="randStr, randStr"/> |             <postfix format=" AND %s'%s' LIKE '%s" params="'(' * parenthesis, randStr, randStr"/> | ||||||
|         </usage> |         </usage> | ||||||
|     </case> |     </case> | ||||||
|     <case name="stringdouble" desc="double quoted string"> |     <case name="stringdouble" desc="double quoted string"> | ||||||
|  | @ -47,8 +47,8 @@ | ||||||
|             <negative format="%s\"%s AND %s\"%s\"=\"%s" params="value, ")" * parenthesis, "(" * parenthesis, randStr, randStr + randomStr(1)"/> |             <negative format="%s\"%s AND %s\"%s\"=\"%s" params="value, ")" * parenthesis, "(" * parenthesis, randStr, randStr + randomStr(1)"/> | ||||||
|         </test> |         </test> | ||||||
|         <usage> |         <usage> | ||||||
|             <prefix value="""/> |             <prefix format=""%s " params="')' * parenthesis"/> | ||||||
|             <postfix format="\"%s\"=\"%s" params="randStr, randStr"/> |             <postfix format=" AND %s\"%s\"=\"%s" params="'(' * parenthesis, randStr, randStr"/> | ||||||
|         </usage> |         </usage> | ||||||
|     </case> |     </case> | ||||||
|     <case name="likedouble" desc="LIKE double quoted string"> |     <case name="likedouble" desc="LIKE double quoted string"> | ||||||
|  | @ -57,8 +57,8 @@ | ||||||
|             <negative format="%s\"%s AND %s\"%s\" LIKE \"%s" params="value, ")" * parenthesis, "(" * parenthesis, randStr, randStr + randomStr(1)"/> |             <negative format="%s\"%s AND %s\"%s\" LIKE \"%s" params="value, ")" * parenthesis, "(" * parenthesis, randStr, randStr + randomStr(1)"/> | ||||||
|         </test> |         </test> | ||||||
|         <usage> |         <usage> | ||||||
|             <prefix value="""/> |             <prefix format=""%s " params="')' * parenthesis"/> | ||||||
|             <postfix format="\"%s\" LIKE \"%s" params="randStr, randStr"/> |             <postfix format=" AND %s\"%s\" LIKE \"%s" params="'(' * parenthesis, randStr, randStr"/> | ||||||
|         </usage> |         </usage> | ||||||
|     </case> |     </case> | ||||||
| </root> | </root> | ||||||
|  |  | ||||||
		Loading…
	
		Reference in New Issue
	
	Block a user