sqlmapproject/sqlmap
1
1
Fork 0
mirror of https://github.com/sqlmapproject/sqlmap.git synced 2025-04-26 03:43:46 +03:00
Code Issues Packages Projects Releases Wiki Activity

quick bug fix for FALSE positives with UNION based technique

Browse Source
This commit is contained in:
Miroslav Stampar 2011-01-27 18:49:44 +00:00
parent 81722b6881
commit 49aeb41be8
1 changed files with 4 additions and 8 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

12
lib/techniques/inband/union/test.py
View File

@ -39,6 +39,7 @@ def __unionPosition(comment, place, parameter, value, prefix, suffix, count, whe
for position in range(0, count): for position in range(0, count):
# Prepare expression with delimiters # Prepare expression with delimiters
randQuery = randomStr() randQuery = randomStr()
phrase = "%s%s%s" % (kb.misc.start, randQuery, kb.misc.stop)
randQueryProcessed = agent.concatQuery("\'%s\'" % randQuery) randQueryProcessed = agent.concatQuery("\'%s\'" % randQuery)
randQueryUnescaped = unescaper.unescape(randQueryProcessed) randQueryUnescaped = unescaper.unescape(randQueryProcessed)
@ -49,16 +50,14 @@ def __unionPosition(comment, place, parameter, value, prefix, suffix, count, whe
# Perform the request # Perform the request
resultPage, _ = Request.queryPage(payload, place=place, content=True, raise404=False) resultPage, _ = Request.queryPage(payload, place=place, content=True, raise404=False)
if extractRegexResult('(?P<result>UNION ALL SELECT)', resultPage, re.I): if resultPage and phrase in resultPage:
continue
if resultPage and randQuery in resultPage:
validPayload = payload validPayload = payload
vector = (position, count, comment, prefix, suffix, conf.uChar, where) vector = (position, count, comment, prefix, suffix, conf.uChar, where)
if where == 1: if where == 1:
# Prepare expression with delimiters # Prepare expression with delimiters
randQuery2 = randomStr() randQuery2 = randomStr()
phrase2 = "%s%s%s" % (kb.misc.start, randQuery2, kb.misc.stop)
randQueryProcessed2 = agent.concatQuery("\'%s\'" % randQuery2) randQueryProcessed2 = agent.concatQuery("\'%s\'" % randQuery2)
randQueryUnescaped2 = unescaper.unescape(randQueryProcessed2) randQueryUnescaped2 = unescaper.unescape(randQueryProcessed2)
@ -69,10 +68,7 @@ def __unionPosition(comment, place, parameter, value, prefix, suffix, count, whe
# Perform the request # Perform the request
resultPage, _ = Request.queryPage(payload, place=place, content=True, raise404=False) resultPage, _ = Request.queryPage(payload, place=place, content=True, raise404=False)
if extractRegexResult('(?P<result>UNION ALL SELECT)', resultPage, re.I): if resultPage and ((phrase in resultPage and phrase2 not in resultPage) or (phrase not in resultPage and phrase2 in resultPage)):
continue
if resultPage and ((randQuery in resultPage and randQuery2 not in resultPage) or (randQuery not in resultPage and randQuery2 in resultPage)):
vector = (position, count, comment, prefix, suffix, conf.uChar, 2) vector = (position, count, comment, prefix, suffix, conf.uChar, 2)
break break