sqlmapproject/sqlmap
1
1
Fork 0
mirror of https://github.com/sqlmapproject/sqlmap.git synced 2025-02-03 13:14:13 +03:00
Code Issues Packages Projects Releases Wiki Activity

Proper fix to avoid UNION test false positives

Browse Source
This commit is contained in:
Bernardo Damele 2011-01-11 23:59:02 +00:00
parent c2e994e806
commit 873951ab92
1 changed files with 1 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
lib/techniques/inband/union/test.py
View File

@ -49,7 +49,7 @@ def __unionPosition(comment, place, parameter, value, prefix, suffix, dbms, coun
# Perform the request # Perform the request
resultPage, _ = Request.queryPage(payload, place=place, content=True) resultPage, _ = Request.queryPage(payload, place=place, content=True)
if resultPage and randQuery in resultPage and query not in resultPage: if resultPage and randQuery in resultPage and " UNION ALL SELECT " not in resultPage:
setUnion(position=exprPosition) setUnion(position=exprPosition)
validPayload = payload validPayload = payload
unionVector = agent.forgeInbandQuery("[PAYLOAD]", exprPosition, count=count, comment=comment, prefix=prefix, suffix=suffix) unionVector = agent.forgeInbandQuery("[PAYLOAD]", exprPosition, count=count, comment=comment, prefix=prefix, suffix=suffix)