No point in unescaping the expression also in suffixQuery() also 'cause it will exit sqlmap if the parameter value is a string hence injection payload starts with single quote (')

2025-02-03 13:14:13 +03:00 · 2011-02-06 23:30:43 +00:00 · 2011-02-06 23:30:43 +00:00 · bf5ca4bd9a
commit bf5ca4bd9a
parent 061f56daf9
1 changed files with 0 additions and 1 deletions
--- a/lib/core/agent.py
+++ b/lib/core/agent.py
@ -181,7 +181,6 @@ class Agent:
            return self.payloadDirect(expression)

        expression = self.cleanupPayload(expression)
-        expression = unescaper.unescape(expression)

        if comment is not None:
            expression += comment