Minor adjustment to detect the proper parameter type based upon --prefix and --suffix values

This commit is contained in:
Bernardo Damele 2010-11-29 12:13:42 +00:00
parent c22338ce90
commit 6525e08d6b
2 changed files with 15 additions and 4 deletions

View File

@ -131,17 +131,29 @@ def checkSqlInjection(place, parameter, value):
testPayload = "%s%s" % (payload, comment) testPayload = "%s%s" % (payload, comment)
if conf.prefix is not None and conf.suffix is not None: if conf.prefix is not None and conf.suffix is not None:
# Create a custom boundary object for user's supplied prefix
# and suffix
boundary = advancedDict() boundary = advancedDict()
boundary.level = 1 boundary.level = 1
boundary.clause = [ 0 ] boundary.clause = [ 0 ]
boundary.where = [ 1, 2, 3 ] boundary.where = [ 1, 2, 3 ]
# TODO: inspect the conf.prefix and conf.suffix to set
# proper ptype
boundary.ptype = 1
boundary.prefix = conf.prefix boundary.prefix = conf.prefix
boundary.suffix = conf.suffix boundary.suffix = conf.suffix
if "like" in boundary.suffix.lower():
if "'" in boundary.suffix.lower():
boundary.ptype = 3
elif '"' in boundary.suffix.lower():
boundary.ptype = 5
elif "'" in boundary.suffix.lower():
boundary.ptype = 2
elif '"' in boundary.suffix.lower():
boundary.ptype = 4
else:
boundary.ptype = 1
# Prepend user's provided boundaries to all others
conf.boundaries.insert(0, boundary) conf.boundaries.insert(0, boundary)
for boundary in conf.boundaries: for boundary in conf.boundaries:

View File

@ -1280,5 +1280,4 @@ Formats:
<!-- TODO: if possible, add payload for Microsoft Access and SAP MaxDB --> <!-- TODO: if possible, add payload for Microsoft Access and SAP MaxDB -->
<!-- End of OR time-based blind tests --> <!-- End of OR time-based blind tests -->
</root> </root>