sqlmapproject/sqlmap
1
1
Fork 0
mirror of https://github.com/sqlmapproject/sqlmap.git synced 2024-11-26 03:23:48 +03:00
Code Issues Packages Projects Releases Wiki Activity

Minor layout adjustments to --union-tech

Browse Source
This commit is contained in:
Bernardo Damele 2008-12-29 18:48:23 +00:00
parent 9340bf59fb
commit a4d62af2ea
4 changed files with 17 additions and 13 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

15
lib/core/option.py
View File

@ -240,21 +240,24 @@ def __setGoogleDorking():
def __setUnionTech(): def __setUnionTech():
if not conf.uTech: if conf.uTech == None:
conf.uTech = "bf" conf.uTech = "NULL"
return return
if conf.uTech and conf.uTech not in ( "bf", "ob" ): uTechOriginal = conf.uTech
conf.uTech = conf.uTech.lower()
if conf.uTech and conf.uTech not in ( "null", "orderby" ):
infoMsg = "resetting the UNION query detection technique to " infoMsg = "resetting the UNION query detection technique to "
infoMsg += "'bf', '%s' is not a valid technique" % conf.uTech infoMsg += "'NULL', '%s' is not a valid technique" % uTechOriginal
logger.info(infoMsg) logger.info(infoMsg)
conf.uTech = "bf" conf.uTech = "NULL"
else: else:
debugMsg = "setting UNION query detection technique to " debugMsg = "setting UNION query detection technique to "
debugMsg += "'%s'" % conf.uTech debugMsg += "'%s'" % uTechOriginal
logger.debug(debugMsg) logger.debug(debugMsg)

2
lib/core/settings.py
View File

@ -30,7 +30,7 @@ import sys
# sqlmap version and site # sqlmap version and site
VERSION = "0.6.4-rc2" VERSION = "0.6.4-rc3"
VERSION_STRING = "sqlmap/%s" % VERSION VERSION_STRING = "sqlmap/%s" % VERSION
SITE = "http://sqlmap.sourceforge.net" SITE = "http://sqlmap.sourceforge.net"

7
lib/techniques/inband/union/test.py
View File

@ -97,6 +97,7 @@ def __unionTestByOrderBy(comment):
if seqMatcher >= 0.6: if seqMatcher >= 0.6:
columns = count columns = count
elif columns: elif columns:
value = __forgeUserFriendlyValue(prevPayload) value = __forgeUserFriendlyValue(prevPayload)
@ -113,8 +114,8 @@ def unionTest():
SQL injection vulnerability. The test is done up to 3*50 times SQL injection vulnerability. The test is done up to 3*50 times
""" """
if conf.uTech == "ob": if conf.uTech == "orderby":
technique = "ORDER BY clause" technique = "ORDER BY clause bruteforcing"
else: else:
technique = "NULL bruteforcing" technique = "NULL bruteforcing"
@ -126,7 +127,7 @@ def unionTest():
columns = None columns = None
for comment in (queries[kb.dbms].comment, ""): for comment in (queries[kb.dbms].comment, ""):
if conf.uTech == "ob": if conf.uTech == "orderby":
value, columns = __unionTestByOrderBy(comment) value, columns = __unionTestByOrderBy(comment)
else: else:
value, columns = __unionTestByNULLBruteforce(comment) value, columns = __unionTestByNULLBruteforce(comment)

6
sqlmap.conf
View File

@ -144,9 +144,9 @@ unionTest = False
# Technique to test for UNION query SQL injection # Technique to test for UNION query SQL injection
# The possible techniques are by NULL bruteforcing (bf) or by ORDER BY # The possible techniques are by NULL bruteforcing (bf) or by ORDER BY
# clause (ob) # clause (ob)
# Valid: bf, ob # Valid: NULL, OrderBy
# Default: bf # Default: NULL
uTech = bf uTech = NULL
# Use the UNION query (inband) SQL injection to retrieve the queries # Use the UNION query (inband) SQL injection to retrieve the queries
# output. No need to go blind. # output. No need to go blind.