sqlmapproject/sqlmap
1
1
Fork 0
mirror of https://github.com/sqlmapproject/sqlmap.git synced 2025-02-20 13:30:36 +03:00
Code Issues Packages Projects Releases Wiki Activity

Fixes #1290

Browse Source
This commit is contained in:
Miroslav Stampar 2015-07-05 01:47:01 +02:00
parent 166dc98e81
commit 96327b6701
2 changed files with 7 additions and 4 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

3
lib/controller/checks.py
View File

@ -386,9 +386,12 @@ def checkSqlInjection(place, parameter, value):
# Forge request payload by prepending with boundary's # Forge request payload by prepending with boundary's
# prefix and appending the boundary's suffix to the # prefix and appending the boundary's suffix to the
# test's ' <payload><comment> ' string # test's ' <payload><comment> ' string
if fstPayload:
boundPayload = agent.prefixQuery(fstPayload, prefix, where, clause) boundPayload = agent.prefixQuery(fstPayload, prefix, where, clause)
boundPayload = agent.suffixQuery(boundPayload, comment, suffix, where) boundPayload = agent.suffixQuery(boundPayload, comment, suffix, where)
reqPayload = agent.payload(place, parameter, newValue=boundPayload, where=where) reqPayload = agent.payload(place, parameter, newValue=boundPayload, where=where)
else:
reqPayload = None
# Perform the test's request and check whether or not the # Perform the test's request and check whether or not the
# payload was successful # payload was successful

2
lib/core/agent.py
View File

@ -68,7 +68,7 @@ class Agent(object):
return query return query
def payload(self, place=None, parameter=None, value=None, newValue="", where=None): def payload(self, place=None, parameter=None, value=None, newValue=None, where=None):
""" """
This method replaces the affected parameter with the SQL This method replaces the affected parameter with the SQL
injection statement to request injection statement to request