mirror of
https://github.com/sqlmapproject/sqlmap.git
synced 2024-11-25 19:13:48 +03:00
doing all the work for the users so they wouldn't strain their little hands
This commit is contained in:
parent
524dd75ff2
commit
938d9ff23e
|
@ -19,6 +19,7 @@ from lib.core.common import popValue
|
|||
from lib.core.common import pushValue
|
||||
from lib.core.common import randomInt
|
||||
from lib.core.common import randomStr
|
||||
from lib.core.common import readInput
|
||||
from lib.core.common import removeReflectiveValues
|
||||
from lib.core.common import singleTimeLogMessage
|
||||
from lib.core.common import singleTimeWarnMessage
|
||||
|
@ -254,15 +255,25 @@ def __unionTestByCharBruteforce(comment, place, parameter, value, prefix, suffix
|
|||
if not all([validPayload, vector]) and not all([conf.uChar, conf.dbms]):
|
||||
warnMsg = "if UNION based SQL injection is not detected, "
|
||||
warnMsg += "please consider "
|
||||
|
||||
if not conf.uChar:
|
||||
message = "injection not exploitable with NULL values. Do you want to try with a random integer value for '--union-char'? [Y/n] "
|
||||
test = readInput(message, default="Y")
|
||||
if test[0] not in ("y", "Y"):
|
||||
warnMsg += "usage of option '--union-char' "
|
||||
warnMsg += "(e.g. --union-char=1) "
|
||||
else:
|
||||
conf.uChar = str(randomInt(2))
|
||||
validPayload, vector = __unionConfirm(comment, place, parameter, prefix, suffix, count)
|
||||
|
||||
if not conf.dbms:
|
||||
if not conf.uChar:
|
||||
warnMsg += "and/or try to force the "
|
||||
else:
|
||||
warnMsg += "forcing the "
|
||||
warnMsg += "back-end DBMS (e.g. --dbms=mysql) "
|
||||
|
||||
if not all([validPayload, vector]):
|
||||
singleTimeWarnMessage(warnMsg)
|
||||
|
||||
return validPayload, vector
|
||||
|
|
Loading…
Reference in New Issue
Block a user