mirror of
				https://github.com/sqlmapproject/sqlmap.git
				synced 2025-10-26 13:41:10 +03:00 
			
		
		
		
	minor update
This commit is contained in:
		
							parent
							
								
									d19a8d53e4
								
							
						
					
					
						commit
						5860b8942f
					
				|  | @ -492,13 +492,23 @@ def simpletonCheckSqlInjection(place, parameter, value): | |||
| 
 | ||||
|     result = False | ||||
|     randInt = randomInt() | ||||
|     payload = "%s OR %d>%d" % (value, randInt, randInt+1) | ||||
|     randStr = randomStr() | ||||
| 
 | ||||
|     if value.isdigit(): | ||||
|         payload = "%s OR %d>%d" % (value, randInt, randInt+1) | ||||
|     else: | ||||
|         payload = "%s' OR '%s'!='%s" % (value, randStr, randStr) | ||||
| 
 | ||||
|     payload = agent.payload(place, parameter, value, payload) | ||||
|     firstPage, _ = Request.queryPage(payload, place, content=True, raise404=False) | ||||
| 
 | ||||
|     if not (wasLastRequestDBMSError() or wasLastRequestHTTPError()): | ||||
|         if getComparePageRatio(kb.originalPage, firstPage, filtered=True) > CONSTANT_RATIO: | ||||
|             payload = "%s AND %d>%d" % (value, randInt, randInt+1) | ||||
|             if value.isdigit(): | ||||
|                 payload = "%s AND %d>%d" % (value, randInt, randInt+1) | ||||
|             else: | ||||
|                 payload = "%s' AND '%s'!='%s" % (value, randStr, randStr) | ||||
| 
 | ||||
|             payload = agent.payload(place, parameter, value, payload) | ||||
|             secondPage, _ = Request.queryPage(payload, place, content=True, raise404=False) | ||||
|             result = getComparePageRatio(firstPage, secondPage, filtered=True) <= CONSTANT_RATIO | ||||
|  |  | |||
		Loading…
	
		Reference in New Issue
	
	Block a user