mirror of
https://github.com/sqlmapproject/sqlmap.git
synced 2024-11-29 04:53:48 +03:00
Fixes #1290
This commit is contained in:
parent
166dc98e81
commit
96327b6701
|
@ -386,9 +386,12 @@ def checkSqlInjection(place, parameter, value):
|
|||
# Forge request payload by prepending with boundary's
|
||||
# prefix and appending the boundary's suffix to the
|
||||
# test's ' <payload><comment> ' string
|
||||
boundPayload = agent.prefixQuery(fstPayload, prefix, where, clause)
|
||||
boundPayload = agent.suffixQuery(boundPayload, comment, suffix, where)
|
||||
reqPayload = agent.payload(place, parameter, newValue=boundPayload, where=where)
|
||||
if fstPayload:
|
||||
boundPayload = agent.prefixQuery(fstPayload, prefix, where, clause)
|
||||
boundPayload = agent.suffixQuery(boundPayload, comment, suffix, where)
|
||||
reqPayload = agent.payload(place, parameter, newValue=boundPayload, where=where)
|
||||
else:
|
||||
reqPayload = None
|
||||
|
||||
# Perform the test's request and check whether or not the
|
||||
# payload was successful
|
||||
|
|
|
@ -68,7 +68,7 @@ class Agent(object):
|
|||
|
||||
return query
|
||||
|
||||
def payload(self, place=None, parameter=None, value=None, newValue="", where=None):
|
||||
def payload(self, place=None, parameter=None, value=None, newValue=None, where=None):
|
||||
"""
|
||||
This method replaces the affected parameter with the SQL
|
||||
injection statement to request
|
||||
|
|
Loading…
Reference in New Issue
Block a user