mirror of
https://github.com/sqlmapproject/sqlmap.git
synced 2025-01-24 00:04:23 +03:00
Minor layout adjustments to --union-tech
This commit is contained in:
parent
9340bf59fb
commit
a4d62af2ea
|
@ -240,21 +240,24 @@ def __setGoogleDorking():
|
|||
|
||||
|
||||
def __setUnionTech():
|
||||
if not conf.uTech:
|
||||
conf.uTech = "bf"
|
||||
if conf.uTech == None:
|
||||
conf.uTech = "NULL"
|
||||
|
||||
return
|
||||
|
||||
if conf.uTech and conf.uTech not in ( "bf", "ob" ):
|
||||
uTechOriginal = conf.uTech
|
||||
conf.uTech = conf.uTech.lower()
|
||||
|
||||
if conf.uTech and conf.uTech not in ( "null", "orderby" ):
|
||||
infoMsg = "resetting the UNION query detection technique to "
|
||||
infoMsg += "'bf', '%s' is not a valid technique" % conf.uTech
|
||||
infoMsg += "'NULL', '%s' is not a valid technique" % uTechOriginal
|
||||
logger.info(infoMsg)
|
||||
|
||||
conf.uTech = "bf"
|
||||
conf.uTech = "NULL"
|
||||
|
||||
else:
|
||||
debugMsg = "setting UNION query detection technique to "
|
||||
debugMsg += "'%s'" % conf.uTech
|
||||
debugMsg += "'%s'" % uTechOriginal
|
||||
logger.debug(debugMsg)
|
||||
|
||||
|
||||
|
|
|
@ -30,7 +30,7 @@ import sys
|
|||
|
||||
|
||||
# sqlmap version and site
|
||||
VERSION = "0.6.4-rc2"
|
||||
VERSION = "0.6.4-rc3"
|
||||
VERSION_STRING = "sqlmap/%s" % VERSION
|
||||
SITE = "http://sqlmap.sourceforge.net"
|
||||
|
||||
|
|
|
@ -97,6 +97,7 @@ def __unionTestByOrderBy(comment):
|
|||
|
||||
if seqMatcher >= 0.6:
|
||||
columns = count
|
||||
|
||||
elif columns:
|
||||
value = __forgeUserFriendlyValue(prevPayload)
|
||||
|
||||
|
@ -113,8 +114,8 @@ def unionTest():
|
|||
SQL injection vulnerability. The test is done up to 3*50 times
|
||||
"""
|
||||
|
||||
if conf.uTech == "ob":
|
||||
technique = "ORDER BY clause"
|
||||
if conf.uTech == "orderby":
|
||||
technique = "ORDER BY clause bruteforcing"
|
||||
else:
|
||||
technique = "NULL bruteforcing"
|
||||
|
||||
|
@ -126,7 +127,7 @@ def unionTest():
|
|||
columns = None
|
||||
|
||||
for comment in (queries[kb.dbms].comment, ""):
|
||||
if conf.uTech == "ob":
|
||||
if conf.uTech == "orderby":
|
||||
value, columns = __unionTestByOrderBy(comment)
|
||||
else:
|
||||
value, columns = __unionTestByNULLBruteforce(comment)
|
||||
|
|
|
@ -144,9 +144,9 @@ unionTest = False
|
|||
# Technique to test for UNION query SQL injection
|
||||
# The possible techniques are by NULL bruteforcing (bf) or by ORDER BY
|
||||
# clause (ob)
|
||||
# Valid: bf, ob
|
||||
# Default: bf
|
||||
uTech = bf
|
||||
# Valid: NULL, OrderBy
|
||||
# Default: NULL
|
||||
uTech = NULL
|
||||
|
||||
# Use the UNION query (inband) SQL injection to retrieve the queries
|
||||
# output. No need to go blind.
|
||||
|
|
Loading…
Reference in New Issue
Block a user