sqlmapproject/sqlmap
1
1
Fork 0
mirror of https://github.com/sqlmapproject/sqlmap.git synced 2025-03-22 10:54:22 +03:00
Code Issues Packages Projects Releases Wiki Activity

Accept [RANDNUM] as <char> in payloads.xml and handle it accordingly

Browse Source
This commit is contained in:
Bernardo Damele 2011-04-07 11:10:35 +00:00
parent ca009e9fe2
commit c6b9d89d31
2 changed files with 4 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

3
lib/controller/checks.py
View File

@ -94,6 +94,9 @@ def checkSqlInjection(place, parameter, value):
if "[CHAR]" in title: if "[CHAR]" in title:
title = title.replace("[CHAR]", conf.uChar) title = title.replace("[CHAR]", conf.uChar)
if "[RANDNUM]" in title:
title = title.replace("[RANDNUM]", "random number")
# Skip test if the user's wants to test only for a specific # Skip test if the user's wants to test only for a specific
# technique # technique
if conf.tech and isinstance(conf.tech, list) and stype not in conf.tech: if conf.tech and isinstance(conf.tech, list) and stype not in conf.tech:

2
lib/techniques/inband/union/use.py
View File

@ -74,7 +74,7 @@ def __oneShotUnionUse(expression, unpack=True):
def configUnion(char=None, columns=None): def configUnion(char=None, columns=None):
def __configUnionChar(char): def __configUnionChar(char):
if char.isdigit() or char == "NULL": if char.isdigit() or char == "NULL" or char.startswith("[RANDNUM"):
conf.uChar = char conf.uChar = char
elif not char.startswith("'") or not char.endswith("'"): elif not char.startswith("'") or not char.endswith("'"):
conf.uChar = "'%s'" % char conf.uChar = "'%s'" % char