mirror of
https://github.com/sqlmapproject/sqlmap.git
synced 2024-11-26 19:43:48 +03:00
lol. this was a pesky bug. heuristic wasn't working on one mssql test site and i couldn't find why. at end the problem was that when the HTTP code was raised (like 500) no parseResponse was called.
This commit is contained in:
parent
7c06dbffc3
commit
8fc60215ed
|
@ -444,7 +444,8 @@ def heuristicCheckSqlInjection(place, parameter, value):
|
||||||
|
|
||||||
payload = "%s%s%s%s" % (value, prefix, randomStr(length=10, alphabet=['"', '\'', ')', '(']), suffix)
|
payload = "%s%s%s%s" % (value, prefix, randomStr(length=10, alphabet=['"', '\'', ')', '(']), suffix)
|
||||||
payload = agent.payload(place, parameter, value, payload)
|
payload = agent.payload(place, parameter, value, payload)
|
||||||
page, _ = Request.queryPage(payload, place, content=True, raise404=False)
|
Request.queryPage(payload, place, content=False, raise404=False)
|
||||||
|
|
||||||
result = wasLastRequestDBMSError()
|
result = wasLastRequestDBMSError()
|
||||||
|
|
||||||
infoMsg = "heuristic test shows that %s " % place
|
infoMsg = "heuristic test shows that %s " % place
|
||||||
|
|
|
@ -266,6 +266,7 @@ class Connect:
|
||||||
else:
|
else:
|
||||||
debugMsg = "got HTTP error code: %d (%s)" % (code, status)
|
debugMsg = "got HTTP error code: %d (%s)" % (code, status)
|
||||||
logger.debug(debugMsg)
|
logger.debug(debugMsg)
|
||||||
|
parseResponse(page, responseHeaders)
|
||||||
return page, responseHeaders
|
return page, responseHeaders
|
||||||
|
|
||||||
except (urllib2.URLError, socket.error, socket.timeout, httplib.BadStatusLine, httplib.IncompleteRead), e:
|
except (urllib2.URLError, socket.error, socket.timeout, httplib.BadStatusLine, httplib.IncompleteRead), e:
|
||||||
|
|
|
@ -23,6 +23,7 @@
|
||||||
<error regexp="OLE DB.*SQL Server"/>
|
<error regexp="OLE DB.*SQL Server"/>
|
||||||
<error regexp="SQL Server.*Driver"/>
|
<error regexp="SQL Server.*Driver"/>
|
||||||
<error regexp="Warning.*mssql_.*"/>
|
<error regexp="Warning.*mssql_.*"/>
|
||||||
|
<error regexp="SQL Server.*[0-9a-fA-F]{8}"/>
|
||||||
</dbms>
|
</dbms>
|
||||||
|
|
||||||
<!-- Microsoft Access -->
|
<!-- Microsoft Access -->
|
||||||
|
|
Loading…
Reference in New Issue
Block a user