sqlmapproject/sqlmap
1
1
Fork 0
mirror of https://github.com/sqlmapproject/sqlmap.git synced 2025-07-05 04:13:17 +03:00
Code Issues Packages Projects Releases Wiki Activity

Minor enhancement to prefix payload in ORDER BY and GROUP BY clauses

Browse Source
This commit is contained in:
Bernardo Damele 2010-12-03 14:39:51 +00:00
parent bb40ab9fb0
commit b824826a89
2 changed files with 6 additions and 4 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
lib/controller/checks.py
View File

@ -257,7 +257,7 @@ def checkSqlInjection(place, parameter, value):
if where == 1: if where == 1:
origValue = value origValue = value
elif where == 2: elif where == 2:
origValue = "-%s" % value origValue = "-%s" % randomInt()
elif where == 3: elif where == 3:
origValue = "" origValue = ""

8
lib/core/agent.py
View File

@ -83,7 +83,7 @@ class Agent:
if where == 1: if where == 1:
value = origValue value = origValue
elif where == 2: elif where == 2:
value = "-%s" % origValue value = "-%s" % randomInt()
elif where == 3: elif where == 3:
value = "" value = ""
else: else:
@ -155,10 +155,12 @@ class Agent:
# payload, do not put a space after the prefix # payload, do not put a space after the prefix
if kb.technique == 4: if kb.technique == 4:
query = kb.injection.prefix query = kb.injection.prefix
elif kb.technique and kb.technique in kb.injection.data: elif (kb.technique and kb.technique in kb.injection.data) or \
(kb.injection.clause == [2, 3] or kb.injection.clause == [ 2 ]):
where = kb.injection.data[kb.technique].where where = kb.injection.data[kb.technique].where
if where == 3: if where == 3 or (kb.injection.clause == [2, 3] or \
kb.injection.clause == [ 2 ]):
query = kb.injection.prefix query = kb.injection.prefix
if query is None: if query is None: