sqlmapproject/sqlmap
1
1
Fork 0
mirror of https://github.com/sqlmapproject/sqlmap.git synced 2024-11-22 09:36:35 +03:00
Code Issues Packages Projects Releases Wiki Activity

minor refactoring/fix (randQuery is just a part (e.g. abc) of phrase (def🔤ghi) - phrase should be searched for, not just randQuery); both phrases should be inside the content for it to be full-inband injectable (...UNION ALL SELECT phrase UNION ALL SELECT phrase2....)

Browse Source
This commit is contained in:
Miroslav Stampar 2012-04-15 16:33:47 +00:00
parent ae8c70e895
commit 5772c52f46
1 changed files with 1 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
lib/techniques/union/test.py
View File

@ -202,7 +202,7 @@ def __unionPosition(comment, place, parameter, prefix, suffix, count, where=PAYL
page, headers = Request.queryPage(payload, place=place, content=True, raise404=False)
content = "%s%s".lower() % (page or "", listToStrValue(headers.headers if headers else None) or "")
if content and ((randQuery in content and phrase2 not in content) or (randQuery not in content and phrase2 in content)):
if not all(_ in content for _ in (phrase, phrase2)):
vector = (position, count, comment, prefix, suffix, kb.uChar, PAYLOAD.WHERE.NEGATIVE)
unionErrorCase = kb.errorIsNone and wasLastRequestDBMSError()