Minor refactoring/improvement

2025-02-03 05:04:11 +03:00 · 2012-10-28 01:42:08 +02:00 · 2012-10-28 01:42:08 +02:00 · ca427af8b3
commit ca427af8b3
parent 43ddf39bea
2 changed files with 9 additions and 1 deletions
--- a/lib/controller/checks.py
+++ b/lib/controller/checks.py
@ -55,6 +55,7 @@ from lib.core.exception import sqlmapSilentQuitException
 from lib.core.exception import sqlmapUserQuitException
 from lib.core.settings import CONSTANT_RATIO
 from lib.core.settings import FORMAT_EXCEPTION_STRINGS
+from lib.core.settings import HEURISTIC_CHECK_ALPHABET
 from lib.core.settings import SUHOSHIN_MAX_VALUE_LENGTH
 from lib.core.settings import UNKNOWN_DBMS_VERSION
 from lib.core.settings import LOWER_RATIO_BOUND
@ -670,7 +671,11 @@ def heuristicCheckSqlInjection(place, parameter):
        if conf.suffix:
            suffix = conf.suffix

-    payload = "%s%s%s" % (prefix, randomStr(length=10, alphabet=['"', '\'', ')', '(']), suffix)
+    randStr = ""
+    while '\'' not in randStr:
+        randStr = randomStr(length=10, alphabet=HEURISTIC_CHECK_ALPHABET)
+
+    payload = "%s%s%s" % (prefix, randStr, suffix)
    payload = agent.payload(place, parameter, newValue=payload)
    page, _ = Request.queryPage(payload, place, content=True, raise404=False)

--- a/lib/core/settings.py
+++ b/lib/core/settings.py
@ -435,6 +435,9 @@ MAX_DNS_LABEL = 63
 # Alphabet used for prefix and suffix strings of name resolution requests in DNS technique (excluding hexadecimal chars for not mixing with inner content)
 DNS_BOUNDARIES_ALPHABET = re.sub("[a-fA-F]", "", string.letters)

+# Alphabet used for heuristic checks
+HEURISTIC_CHECK_ALPHABET = ('"', '\'', ')', '(', '[', ']', ',', '.')
+
 # Connection chunk size (processing large responses in chunks to avoid MemoryError crashes - e.g. large table dump in full UNION injections)
 MAX_CONNECTION_CHUNK_SIZE = 10 * 1024 * 1024