mirror of
https://github.com/sqlmapproject/sqlmap.git
synced 2024-11-23 01:56:36 +03:00
Minor improvement of error-based SQLi when trimmed output is detected (trying to reconstruct)
This commit is contained in:
parent
71c43be53a
commit
a074efe75e
|
@ -74,7 +74,7 @@ def _oneShotErrorUse(expression, field=None):
|
||||||
try:
|
try:
|
||||||
while True:
|
while True:
|
||||||
check = "%s(?P<result>.*?)%s" % (kb.chars.start, kb.chars.stop)
|
check = "%s(?P<result>.*?)%s" % (kb.chars.start, kb.chars.stop)
|
||||||
trimcheck = "%s(?P<result>.*?)</" % (kb.chars.start)
|
trimcheck = "%s(?P<result>[^<]*)" % (kb.chars.start)
|
||||||
|
|
||||||
if field:
|
if field:
|
||||||
nulledCastedField = agent.nullAndCastField(field)
|
nulledCastedField = agent.nullAndCastField(field)
|
||||||
|
@ -130,6 +130,10 @@ def _oneShotErrorUse(expression, field=None):
|
||||||
warnMsg += safecharencode(trimmed)
|
warnMsg += safecharencode(trimmed)
|
||||||
logger.warn(warnMsg)
|
logger.warn(warnMsg)
|
||||||
|
|
||||||
|
if not kb.testMode:
|
||||||
|
check = "(?P<result>.*?)%s" % kb.chars.stop[:2]
|
||||||
|
output = extractRegexResult(check, trimmed, re.IGNORECASE)
|
||||||
|
|
||||||
if any(Backend.isDbms(dbms) for dbms in (DBMS.MYSQL, DBMS.MSSQL)):
|
if any(Backend.isDbms(dbms) for dbms in (DBMS.MYSQL, DBMS.MSSQL)):
|
||||||
if offset == 1:
|
if offset == 1:
|
||||||
retVal = output
|
retVal = output
|
||||||
|
|
Loading…
Reference in New Issue
Block a user