mirror of
https://github.com/sqlmapproject/sqlmap.git
synced 2025-01-24 00:04:23 +03:00
minor update
This commit is contained in:
parent
d19a8d53e4
commit
5860b8942f
|
@ -492,13 +492,23 @@ def simpletonCheckSqlInjection(place, parameter, value):
|
||||||
|
|
||||||
result = False
|
result = False
|
||||||
randInt = randomInt()
|
randInt = randomInt()
|
||||||
|
randStr = randomStr()
|
||||||
|
|
||||||
|
if value.isdigit():
|
||||||
payload = "%s OR %d>%d" % (value, randInt, randInt+1)
|
payload = "%s OR %d>%d" % (value, randInt, randInt+1)
|
||||||
|
else:
|
||||||
|
payload = "%s' OR '%s'!='%s" % (value, randStr, randStr)
|
||||||
|
|
||||||
payload = agent.payload(place, parameter, value, payload)
|
payload = agent.payload(place, parameter, value, payload)
|
||||||
firstPage, _ = Request.queryPage(payload, place, content=True, raise404=False)
|
firstPage, _ = Request.queryPage(payload, place, content=True, raise404=False)
|
||||||
|
|
||||||
if not (wasLastRequestDBMSError() or wasLastRequestHTTPError()):
|
if not (wasLastRequestDBMSError() or wasLastRequestHTTPError()):
|
||||||
if getComparePageRatio(kb.originalPage, firstPage, filtered=True) > CONSTANT_RATIO:
|
if getComparePageRatio(kb.originalPage, firstPage, filtered=True) > CONSTANT_RATIO:
|
||||||
|
if value.isdigit():
|
||||||
payload = "%s AND %d>%d" % (value, randInt, randInt+1)
|
payload = "%s AND %d>%d" % (value, randInt, randInt+1)
|
||||||
|
else:
|
||||||
|
payload = "%s' AND '%s'!='%s" % (value, randStr, randStr)
|
||||||
|
|
||||||
payload = agent.payload(place, parameter, value, payload)
|
payload = agent.payload(place, parameter, value, payload)
|
||||||
secondPage, _ = Request.queryPage(payload, place, content=True, raise404=False)
|
secondPage, _ = Request.queryPage(payload, place, content=True, raise404=False)
|
||||||
result = getComparePageRatio(firstPage, secondPage, filtered=True) <= CONSTANT_RATIO
|
result = getComparePageRatio(firstPage, secondPage, filtered=True) <= CONSTANT_RATIO
|
||||||
|
|
Loading…
Reference in New Issue
Block a user