Added a comment needed to understand this hack when looking at the code in a month or so ;)

This commit is contained in:
Bernardo Damele 2010-12-03 11:00:41 +00:00
parent 0069a21a0d
commit 7690aa85ce

View File

@ -148,6 +148,9 @@ class Agent:
if conf.direct: if conf.direct:
return self.payloadDirect(string) return self.payloadDirect(string)
# Either if the technique is stacked queries (<stype>) or we are
# replacing (<where>) the parameter original value with our
# payload, do not put a space after the prefix
if kb.technique == 4: if kb.technique == 4:
query = kb.injection.prefix query = kb.injection.prefix
elif kb.technique and kb.technique in kb.injection.data: elif kb.technique and kb.technique in kb.injection.data: