sqlmapproject/sqlmap
1
1
Fork 0
mirror of https://github.com/sqlmapproject/sqlmap.git synced 2025-01-23 15:54:24 +03:00
Code Issues Packages Projects Releases Wiki Activity

minor update

Browse Source
This commit is contained in:
Miroslav Stampar 2011-01-03 09:16:42 +00:00
parent d19a8d53e4
commit 5860b8942f
1 changed files with 12 additions and 2 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

10
lib/controller/checks.py
View File

@ -492,13 +492,23 @@ def simpletonCheckSqlInjection(place, parameter, value):
result = False
randInt = randomInt()
randStr = randomStr()
if value.isdigit():
payload = "%s OR %d>%d" % (value, randInt, randInt+1)
else:
payload = "%s' OR '%s'!='%s" % (value, randStr, randStr)
payload = agent.payload(place, parameter, value, payload)
firstPage, _ = Request.queryPage(payload, place, content=True, raise404=False)
if not (wasLastRequestDBMSError() or wasLastRequestHTTPError()):
if getComparePageRatio(kb.originalPage, firstPage, filtered=True) > CONSTANT_RATIO:
if value.isdigit():
payload = "%s AND %d>%d" % (value, randInt, randInt+1)
else:
payload = "%s' AND '%s'!='%s" % (value, randStr, randStr)
payload = agent.payload(place, parameter, value, payload)
secondPage, _ = Request.queryPage(payload, place, content=True, raise404=False)
result = getComparePageRatio(firstPage, secondPage, filtered=True) <= CONSTANT_RATIO