sqlmapproject/sqlmap
1
1
Fork 0
mirror of https://github.com/sqlmapproject/sqlmap.git synced 2025-02-09 08:00:36 +03:00
Code Issues Packages Projects Releases Wiki Activity

making a random choice from candidates

Browse Source
This commit is contained in:
Miroslav Stampar 2012-04-13 10:54:30 +00:00
parent bbbcc95fe5
commit 54576ab3a6
1 changed files with 5 additions and 4 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

9
lib/controller/checks.py
View File

@ -8,6 +8,7 @@ See the file 'doc/COPYING' for copying permission
""" """
import httplib import httplib
import random
import re import re
import socket import socket
import time import time
@ -349,10 +350,10 @@ def checkSqlInjection(place, parameter, value):
if not injectable and not conf.string and kb.pageStable: if not injectable and not conf.string and kb.pageStable:
trueSet = set(extractTextTagContent(truePage)) trueSet = set(extractTextTagContent(truePage))
falseSet = set(extractTextTagContent(falsePage)) falseSet = set(extractTextTagContent(falsePage))
candidate = reduce(lambda x, y: x or (y.strip() if y.strip() in (kb.pageTemplate or "") and y.strip() not in falsePage else None), (trueSet - falseSet), None) candidates = filter(None, (_.strip() if _.strip() in (kb.pageTemplate or "") and _.strip() not in falsePage else None for _ in (trueSet - falseSet)))
if candidate: if candidates:
conf.string = candidate conf.string = random.sample(candidates, 1)[0]
infoMsg = "%s parameter '%s' seems to be '%s' injectable (with --string=%s)" % (place, parameter, title, repr(candidate).lstrip('u')) infoMsg = "%s parameter '%s' seems to be '%s' injectable (with --string=%s)" % (place, parameter, title, repr(conf.string).lstrip('u'))
logger.info(infoMsg) logger.info(infoMsg)
injectable = True injectable = True