sqlmapproject/sqlmap
1
1
Fork 0
mirror of https://github.com/sqlmapproject/sqlmap.git synced 2025-10-30 23:47:45 +03:00
Code Issues Packages Projects Releases Wiki Activity

restraining "using unescaped version of the test because of zero knowledge of the back-end DBMS" once per test (before was once per boundary)

Browse Source
This commit is contained in:
Miroslav Stampar 2011-02-07 21:18:01 +00:00
parent 66adf23532
commit a577d0e9a5
1 changed files with 7 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

8
lib/controller/checks.py
View File

@ -192,6 +192,9 @@ def checkSqlInjection(place, parameter, value):
infoMsg = "testing '%s'" % title
logger.info(infoMsg)
# Flag used for signaling warning messages regarding unescaping
genericWarningFlag = False
# Force back-end DBMS according to the current
# test value for proper payload unescaping
Backend.forceDbms(dbms)
@ -360,12 +363,15 @@ def checkSqlInjection(place, parameter, value):
configUnion(test.request.char, test.request.columns)
if not Backend.getIdentifiedDbms():
if not Backend.getIdentifiedDbms() and not genericWarningFlag:
warnMsg = "using unescaped version of the test "
warnMsg += "because of zero knowledge of the "
warnMsg += "back-end DBMS"
logger.warn(warnMsg)
# Set the flag preventing bulking of the message for the same test
genericWarningFlag = True
# Test for UNION query SQL injection
reqPayload, vector = unionTest(comment, place, parameter, value, prefix, suffix)