From ce6573304357fbd887b732f2b0e7262dd0f630ca Mon Sep 17 00:00:00 2001 From: Miroslav Stampar Date: Wed, 27 Nov 2019 12:09:51 +0100 Subject: [PATCH] Minor patch (problem reported via email) --- lib/core/settings.py | 5 ++++- lib/techniques/union/test.py | 4 ++++ 2 files changed, 8 insertions(+), 1 deletion(-) diff --git a/lib/core/settings.py b/lib/core/settings.py index aa62de0ca..03664d18f 100644 --- a/lib/core/settings.py +++ b/lib/core/settings.py @@ -18,7 +18,7 @@ from lib.core.enums import OS from thirdparty.six import unichr as _unichr # sqlmap version (...) -VERSION = "1.3.11.106" +VERSION = "1.3.11.107" TYPE = "dev" if VERSION.count('.') > 2 and VERSION.split('.')[-1] != '0' else "stable" TYPE_COLORS = {"dev": 33, "stable": 90, "pip": 34} VERSION_STRING = "sqlmap/%s#%s" % ('.'.join(VERSION.split('.')[:-1]) if VERSION.count('.') > 2 and VERSION.split('.')[-1] == '0' else VERSION, TYPE) @@ -601,6 +601,9 @@ PARSE_HEADERS_LIMIT = 3 # Step used in ORDER BY technique used for finding the right number of columns in UNION query injections ORDER_BY_STEP = 10 +# Maximum value used in ORDER BY technique used for finding the right number of columns in UNION query injections +ORDER_BY_MAX = 1000 + # Maximum number of times for revalidation of a character in inference (as required) MAX_REVALIDATION_STEPS = 5 diff --git a/lib/techniques/union/test.py b/lib/techniques/union/test.py index 5e223575d..30b58c94b 100644 --- a/lib/techniques/union/test.py +++ b/lib/techniques/union/test.py @@ -38,6 +38,7 @@ from lib.core.settings import MIN_RATIO from lib.core.settings import MIN_STATISTICAL_RANGE from lib.core.settings import MIN_UNION_RESPONSES from lib.core.settings import NULL +from lib.core.settings import ORDER_BY_MAX from lib.core.settings import ORDER_BY_STEP from lib.core.settings import UNION_MIN_RESPONSE_CHARS from lib.core.settings import UNION_STDEV_COEFF @@ -74,6 +75,9 @@ def _findUnionCharCount(comment, place, parameter, value, prefix, suffix, where= if not conf.uCols and _orderByTest(highCols): lowCols = highCols highCols += ORDER_BY_STEP + + if highCols > ORDER_BY_MAX: + break else: while not found: mid = highCols - (highCols - lowCols) // 2