Accept [RANDNUM] as <char> in payloads.xml and handle it accordingly

2025-03-19 01:22:20 +03:00 · 2011-04-07 11:10:35 +00:00 · 2011-04-07 11:10:35 +00:00 · c6b9d89d31
commit c6b9d89d31
parent ca009e9fe2
2 changed files with 4 additions and 1 deletions
--- a/lib/controller/checks.py
+++ b/lib/controller/checks.py
@ -94,6 +94,9 @@ def checkSqlInjection(place, parameter, value):
                if "[CHAR]" in title:
                    title = title.replace("[CHAR]", conf.uChar)

+                if "[RANDNUM]" in title:
+                    title = title.replace("[RANDNUM]", "random number")
+
            # Skip test if the user's wants to test only for a specific
            # technique
            if conf.tech and isinstance(conf.tech, list) and stype not in conf.tech:
--- a/lib/techniques/inband/union/use.py
+++ b/lib/techniques/inband/union/use.py
@ -74,7 +74,7 @@ def __oneShotUnionUse(expression, unpack=True):

 def configUnion(char=None, columns=None):
    def __configUnionChar(char):
-        if char.isdigit() or char == "NULL":
+        if char.isdigit() or char == "NULL" or char.startswith("[RANDNUM"):
            conf.uChar = char
        elif not char.startswith("'") or not char.endswith("'"):
            conf.uChar = "'%s'" % char