sqlmapproject/sqlmap
1
1
Fork 0
mirror of https://github.com/sqlmapproject/sqlmap.git synced 2025-03-03 19:55:47 +03:00
Code Issues Packages Projects Releases Wiki Activity

Making those --string tips (containing escaped characters) decodable by sqlmap

Browse Source
This commit is contained in:
Miroslav Stampar 2012-07-31 11:32:53 +02:00
parent 142fc887f1
commit 6f529542e3
2 changed files with 4 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
lib/controller/checks.py
View File

@ -365,7 +365,7 @@ def checkSqlInjection(place, parameter, value):
candidates = filter(None, (_.strip() if _.strip() in (kb.pageTemplate or "") and _.strip() not in falsePage else None for _ in (trueSet - falseSet)))
if candidates:
conf.string = random.sample(candidates, 1)[0]
infoMsg = "%s parameter '%s' seems to be '%s' injectable (with --string=%s)" % (place, parameter, title, repr(conf.string).lstrip('u'))
infoMsg = "%s parameter '%s' seems to be '%s' injectable (with --string=\"%s\")" % (place, parameter, title, repr(conf.string).lstrip('u').strip("'"))
logger.info(infoMsg)
injectable = True

3
lib/core/option.py
View File

@ -1375,6 +1375,9 @@ def __cleanupOptions():
if conf.oDir:
paths.SQLMAP_OUTPUT_PATH = conf.oDir
if conf.string:
conf.string = conf.string.decode("unicode_escape")
threadData = getCurrentThreadData()
threadData.reset()