mirror of
https://github.com/sqlmapproject/sqlmap.git
synced 2025-01-24 08:14:24 +03:00
changes regarding Feature #157 (Evaluate BETWEEN for inference algorithm)
This commit is contained in:
parent
8b74c405f5
commit
893bc04fe4
|
@ -67,6 +67,7 @@ optDict = {
|
|||
"regexp": "string",
|
||||
"eString": "string",
|
||||
"eRegexp": "string",
|
||||
"useBetween": "boolean",
|
||||
},
|
||||
|
||||
"Techniques": {
|
||||
|
|
|
@ -182,6 +182,10 @@ def cmdLineParser():
|
|||
help="Matches to be excluded before "
|
||||
"comparing page contents")
|
||||
|
||||
injection.add_option("--use-between", dest="useBetween",
|
||||
action="store_true",
|
||||
help="Use operator BETWEEN instead of default '>'")
|
||||
|
||||
# Techniques options
|
||||
techniques = OptionGroup(parser, "Techniques", "These options can "
|
||||
"be used to test for specific SQL injection "
|
||||
|
|
|
@ -158,18 +158,30 @@ def bisection(payload, expression, length=None, charsetType=None, firstChar=None
|
|||
posValueOld = posValue
|
||||
posValue = chr(posValue)
|
||||
|
||||
forgedPayload = safeStringFormat(payload, (expressionUnescaped, idx, posValue))
|
||||
if not conf.useBetween:
|
||||
forgedPayload = safeStringFormat(payload, (expressionUnescaped, idx, posValue))
|
||||
else:
|
||||
forgedPayload = safeStringFormat(payload.replace('%3E', 'BETWEEN 0 AND '), (expressionUnescaped, idx, posValue))
|
||||
|
||||
result = Request.queryPage(urlencode(forgedPayload))
|
||||
|
||||
if kb.dbms == "SQLite":
|
||||
posValue = posValueOld
|
||||
|
||||
if result:
|
||||
minValue = posValue
|
||||
asciiTbl = asciiTbl[position:]
|
||||
else:
|
||||
maxValue = posValue
|
||||
asciiTbl = asciiTbl[:position]
|
||||
if not conf.useBetween: #normal
|
||||
if result:
|
||||
minValue = posValue
|
||||
asciiTbl = asciiTbl[position:]
|
||||
else:
|
||||
maxValue = posValue
|
||||
asciiTbl = asciiTbl[:position]
|
||||
else: #reversed
|
||||
if result:
|
||||
maxValue = posValue
|
||||
asciiTbl = asciiTbl[:position]
|
||||
else:
|
||||
minValue = posValue
|
||||
asciiTbl = asciiTbl[position:]
|
||||
|
||||
if len(asciiTbl) == 1:
|
||||
if maxValue == 1:
|
||||
|
|
|
@ -184,6 +184,9 @@ eString =
|
|||
# (http://www.python.org/doc/2.5.2/lib/re-syntax.html)
|
||||
eRegexp =
|
||||
|
||||
# Use operator BETWEEN instead of default '>'
|
||||
# Valid: True or False
|
||||
useBetween = False
|
||||
|
||||
# These options can be used to test for specific SQL injection technique
|
||||
# or to use one of them to exploit the affected parameter(s) rather than
|
||||
|
|
Loading…
Reference in New Issue
Block a user