sqlmapproject/sqlmap
1
1
Fork 0
mirror of https://github.com/sqlmapproject/sqlmap.git synced 2024-11-22 09:36:35 +03:00
Code Issues Packages Projects Releases Wiki Activity

Proper fix for #1053

Browse Source
This commit is contained in:
Miroslav Stampar 2014-12-19 09:26:01 +01:00
parent 6972020faf
commit cf3b02ee04
2 changed files with 6 additions and 5 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

4
lib/core/common.py
View File

@ -1564,8 +1564,8 @@ def safeStringFormat(format_, params):
""" """
Avoids problems with inappropriate string format strings Avoids problems with inappropriate string format strings
>>> safeStringFormat('foobar%d%s', ('1', 2)) >>> safeStringFormat('SELECT foo FROM %s LIMIT %d', ('bar', '1'))
u'foobar12' u'SELECT foo FROM bar LIMIT 1'
""" """
if format_.count(PAYLOAD_DELIMITER) == 2: if format_.count(PAYLOAD_DELIMITER) == 2:

7
tamper/unmagicquotes.py
View File

@ -26,7 +26,7 @@ def tamper(payload, **kwargs):
* http://shiflett.org/blog/2006/jan/addslashes-versus-mysql-real-escape-string * http://shiflett.org/blog/2006/jan/addslashes-versus-mysql-real-escape-string
>>> tamper("1' AND 1=1") >>> tamper("1' AND 1=1")
'1%bf%27 AND 1=1-- ' '1%bf%27-- '
""" """
retVal = payload retVal = payload
@ -44,9 +44,10 @@ def tamper(payload, **kwargs):
continue continue
if found: if found:
_ = re.sub("(?i)\s*(AND|OR)[\s(]+'[^']+'\s*(=|LIKE)\s*'.*", "", retVal) _ = re.sub(r"(?i)\s*(AND|OR)[\s(]+([^\s]+)\s*(=|LIKE)\s*\2", "", retVal)
if _ != retVal: if _ != retVal:
retVal = _ retVal = _
retVal += "-- " retVal += "-- "
elif not any(_ in retVal for _ in ('#', '--', '/*')):
retVal += "-- "
return retVal return retVal