sqlmapproject/sqlmap
1
1
Fork 0
mirror of https://github.com/sqlmapproject/sqlmap.git synced 2025-02-03 13:14:13 +03:00
Code Issues Packages Projects Releases Wiki Activity

minor beauty patch

Browse Source
This commit is contained in:
Miroslav Stampar 2012-05-07 13:51:31 +00:00
parent e9f6b00e26
commit 80ee687b41
1 changed files with 8 additions and 5 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

13
lib/controller/checks.py
View File

@ -83,6 +83,7 @@ def checkSqlInjection(place, parameter, value):
title = test.title title = test.title
stype = test.stype stype = test.stype
clause = test.clause clause = test.clause
unionExtended = False
if stype == PAYLOAD.TECHNIQUE.UNION: if stype == PAYLOAD.TECHNIQUE.UNION:
configUnion(test.request.char) configUnion(test.request.char)
@ -114,11 +115,7 @@ def checkSqlInjection(place, parameter, value):
lower, upper = int(match.group(1)), int(match.group(2)) lower, upper = int(match.group(1)), int(match.group(2))
for _ in (lower, upper): for _ in (lower, upper):
if _ > 1: if _ > 1:
infoMsg = "automatically extending ranges " unionExtended = True
infoMsg += "for further UNION query injection technique tests as "
infoMsg += "there is at least one other injection technique found"
singleTimeLogMessage(infoMsg)
test.request.columns = re.sub(r"\b%d\b" % _, str(2 * _), test.request.columns) test.request.columns = re.sub(r"\b%d\b" % _, str(2 * _), test.request.columns)
title = re.sub(r"\b%d\b" % _, str(2 * _), title) title = re.sub(r"\b%d\b" % _, str(2 * _), title)
test.title = re.sub(r"\b%d\b" % _, str(2 * _), test.title) test.title = re.sub(r"\b%d\b" % _, str(2 * _), test.title)
@ -437,6 +434,12 @@ def checkSqlInjection(place, parameter, value):
warnMsg += "option" warnMsg += "option"
singleTimeWarnMessage(warnMsg) singleTimeWarnMessage(warnMsg)
if unionExtended:
infoMsg = "automatically extending ranges "
infoMsg += "for UNION query injection technique tests as "
infoMsg += "there is at least one other injection technique found"
singleTimeLogMessage(infoMsg)
# Test for UNION query SQL injection # Test for UNION query SQL injection
reqPayload, vector = unionTest(comment, place, parameter, value, prefix, suffix) reqPayload, vector = unionTest(comment, place, parameter, value, prefix, suffix)