Implementation for an Issue #194

2025-02-03 05:04:11 +03:00 · 2012-09-25 09:25:35 +02:00 · 2012-09-25 09:25:35 +02:00 · 9ca7b3e20e
commit 9ca7b3e20e
parent d175decdfc
2 changed files with 6 additions and 9 deletions
--- a/lib/controller/checks.py
+++ b/lib/controller/checks.py
@ -281,6 +281,12 @@ def checkSqlInjection(place, parameter, value):
                # Parse boundary's <prefix>, <suffix> and <ptype>
                prefix = boundary.prefix if boundary.prefix else ""
                suffix = boundary.suffix if boundary.suffix else ""
+
+                # Options --prefix/--suffix have a higher priority (if set by user)
+                prefix = conf.prefix if conf.prefix is not None else prefix
+                suffix = conf.suffix if conf.suffix is not None else suffix
+                comment = None if conf.suffix is not None else comment
+
                ptype = boundary.ptype

                # If the previous injections succeeded, we know which prefix,
--- a/lib/core/option.py
+++ b/lib/core/option.py
@ -958,15 +958,6 @@ def __setSafeUrl():
        raise sqlmapSyntaxException, errMsg

 def __setPrefixSuffix():
-    if conf.prefix is not None and conf.suffix is None:
-        errMsg = "you specified the payload prefix, but did not provide "
-        errMsg += "the payload suffix"
-        raise sqlmapSyntaxException, errMsg
-    elif conf.prefix is None and conf.suffix is not None:
-        errMsg = "you specified the payload suffix, but did not provide "
-        errMsg += "the payload prefix"
-        raise sqlmapSyntaxException, errMsg
-
    if conf.prefix is not None and conf.suffix is not None:
        # Create a custom boundary object for user's supplied prefix
        # and suffix