sqlmapproject/sqlmap
1
1
Fork 0
mirror of https://github.com/sqlmapproject/sqlmap.git synced 2025-02-03 05:04:11 +03:00
Code Issues Packages Projects Releases Wiki Activity

Favoring non-string specific boundaries in case of digit-like parameter values

Browse Source
This commit is contained in:
Miroslav Stampar 2012-08-22 13:58:52 +02:00
parent 25ee333e66
commit 7b93108e7d
1 changed files with 8 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

9
lib/controller/checks.py
View File

@ -5,6 +5,7 @@ Copyright (c) 2006-2012 sqlmap developers (http://sqlmap.org/)
See the file 'doc/COPYING' for copying permission See the file 'doc/COPYING' for copying permission
""" """
import copy
import httplib import httplib
import random import random
import re import re
@ -237,7 +238,13 @@ def checkSqlInjection(place, parameter, value):
comment = agent.getComment(test.request) if len(conf.boundaries) > 1 else None comment = agent.getComment(test.request) if len(conf.boundaries) > 1 else None
fstPayload = agent.cleanupPayload(test.request.payload, origValue=value) fstPayload = agent.cleanupPayload(test.request.payload, origValue=value)
for boundary in conf.boundaries: # Favoring non-string specific boundaries in case of digit-like parameter values
if value.isdigit():
boundaries = sorted(copy.deepcopy(conf.boundaries), key=lambda x: any(_ in (x.prefix or "") or _ in (x.suffix or "") for _ in ('"', '\'')))
else:
boundaries = conf.boundaries
for boundary in boundaries:
injectable = False injectable = False
# Skip boundary if the level is higher than the provided (or # Skip boundary if the level is higher than the provided (or