sqlmapproject/sqlmap
1
1
Fork 0
mirror of https://github.com/sqlmapproject/sqlmap.git synced 2025-05-10 10:43:44 +03:00
Code Issues Packages Projects Releases Wiki Activity

some comments regarding inference.py

Browse Source
This commit is contained in:
Miroslav Stampar 2010-05-31 15:20:20 +00:00
parent 6df2d98fc9
commit af2f184464
1 changed files with 5 additions and 5 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

10
lib/techniques/blind/inference.py
View File

@ -144,7 +144,7 @@ def bisection(payload, expression, length=None, charsetType=None, firstChar=None
return None return None
def getChar(idx, charTbl=asciiTbl, continuousOrder=True): def getChar(idx, charTbl=asciiTbl, continuousOrder=True): # continuousOrder means that distance between each two neighbour's numerical values is exactly 1
result = tryHint(idx) result = tryHint(idx)
if result: if result:
@ -190,21 +190,21 @@ def bisection(payload, expression, length=None, charsetType=None, firstChar=None
if type(charTbl) != xrange: if type(charTbl) != xrange:
charTbl = charTbl[position:] charTbl = charTbl[position:]
else: else: # xrange - extended virtual charset used for memory/space optimization
charTbl = xrange(charTbl[position], charTbl[-1] + 1) charTbl = xrange(charTbl[position], charTbl[-1] + 1)
else: else:
maxValue = posValue maxValue = posValue
if type(charTbl) != xrange: if type(charTbl) != xrange:
charTbl = charTbl[:position] charTbl = charTbl[:position]
else: else: # xrange - extended set (e.g. Unicode)
charTbl = xrange(charTbl[0], charTbl[position]) charTbl = xrange(charTbl[0], charTbl[position])
if len(charTbl) == 1: if len(charTbl) == 1:
if continuousOrder: if continuousOrder:
if maxValue == 1: if maxValue == 1:
return None return None
elif minValue == maxChar: elif minValue == maxChar: # if we hit the maxChar then extend the working set with xrange (virtual charset used because of memory/space optimization) and continue tests with new set
charTbl = xrange(maxChar + 1, (maxChar + 1) << 8) charTbl = xrange(maxChar + 1, (maxChar + 1) << 8)
maxChar = maxValue = charTbl[-1] maxChar = maxValue = charTbl[-1]
minChar = minValue = charTbl[0] minChar = minValue = charTbl[0]
@ -215,7 +215,7 @@ def bisection(payload, expression, length=None, charsetType=None, firstChar=None
if minValue == maxChar or maxValue == minChar: if minValue == maxChar or maxValue == minChar:
return None return None
for retVal in (originalTbl[originalTbl.index(minValue)], originalTbl[originalTbl.index(minValue) + 1]): for retVal in (originalTbl[originalTbl.index(minValue)], originalTbl[originalTbl.index(minValue) + 1]): # if we are working with non-continuous set both minValue and character afterwards are possible candidates
forgedPayload = safeStringFormat(payload.replace('%3E', '%3D'), (expressionUnescaped, idx, retVal)) forgedPayload = safeStringFormat(payload.replace('%3E', '%3D'), (expressionUnescaped, idx, retVal))
queriesCount[0] += 1 queriesCount[0] += 1
result = Request.queryPage(urlencode(forgedPayload)) result = Request.queryPage(urlencode(forgedPayload))