mirror of
https://github.com/sqlmapproject/sqlmap.git
synced 2024-11-22 17:46:37 +03:00
doing all the work for the users so they wouldn't strain their little hands
This commit is contained in:
parent
524dd75ff2
commit
938d9ff23e
|
@ -19,6 +19,7 @@ from lib.core.common import popValue
|
||||||
from lib.core.common import pushValue
|
from lib.core.common import pushValue
|
||||||
from lib.core.common import randomInt
|
from lib.core.common import randomInt
|
||||||
from lib.core.common import randomStr
|
from lib.core.common import randomStr
|
||||||
|
from lib.core.common import readInput
|
||||||
from lib.core.common import removeReflectiveValues
|
from lib.core.common import removeReflectiveValues
|
||||||
from lib.core.common import singleTimeLogMessage
|
from lib.core.common import singleTimeLogMessage
|
||||||
from lib.core.common import singleTimeWarnMessage
|
from lib.core.common import singleTimeWarnMessage
|
||||||
|
@ -254,15 +255,25 @@ def __unionTestByCharBruteforce(comment, place, parameter, value, prefix, suffix
|
||||||
if not all([validPayload, vector]) and not all([conf.uChar, conf.dbms]):
|
if not all([validPayload, vector]) and not all([conf.uChar, conf.dbms]):
|
||||||
warnMsg = "if UNION based SQL injection is not detected, "
|
warnMsg = "if UNION based SQL injection is not detected, "
|
||||||
warnMsg += "please consider "
|
warnMsg += "please consider "
|
||||||
|
|
||||||
if not conf.uChar:
|
if not conf.uChar:
|
||||||
|
message = "injection not exploitable with NULL values. Do you want to try with a random integer value for '--union-char'? [Y/n] "
|
||||||
|
test = readInput(message, default="Y")
|
||||||
|
if test[0] not in ("y", "Y"):
|
||||||
warnMsg += "usage of option '--union-char' "
|
warnMsg += "usage of option '--union-char' "
|
||||||
warnMsg += "(e.g. --union-char=1) "
|
warnMsg += "(e.g. --union-char=1) "
|
||||||
|
else:
|
||||||
|
conf.uChar = str(randomInt(2))
|
||||||
|
validPayload, vector = __unionConfirm(comment, place, parameter, prefix, suffix, count)
|
||||||
|
|
||||||
if not conf.dbms:
|
if not conf.dbms:
|
||||||
if not conf.uChar:
|
if not conf.uChar:
|
||||||
warnMsg += "and/or try to force the "
|
warnMsg += "and/or try to force the "
|
||||||
else:
|
else:
|
||||||
warnMsg += "forcing the "
|
warnMsg += "forcing the "
|
||||||
warnMsg += "back-end DBMS (e.g. --dbms=mysql) "
|
warnMsg += "back-end DBMS (e.g. --dbms=mysql) "
|
||||||
|
|
||||||
|
if not all([validPayload, vector]):
|
||||||
singleTimeWarnMessage(warnMsg)
|
singleTimeWarnMessage(warnMsg)
|
||||||
|
|
||||||
return validPayload, vector
|
return validPayload, vector
|
||||||
|
|
Loading…
Reference in New Issue
Block a user