mirror of
https://github.com/sqlmapproject/sqlmap.git
synced 2024-11-22 17:46:37 +03:00
one more update regarding last few "unescape" related commits
This commit is contained in:
parent
caaac72029
commit
d2b96a66a2
|
@ -167,6 +167,10 @@ def checkSqlInjection(place, parameter, value):
|
||||||
|
|
||||||
continue
|
continue
|
||||||
|
|
||||||
|
# Force back-end DBMS according to the current
|
||||||
|
# test value for proper payload unescaping
|
||||||
|
Backend.forceDbms(dbms)
|
||||||
|
|
||||||
# Skip test if it does not match the same SQL injection clause
|
# Skip test if it does not match the same SQL injection clause
|
||||||
# already identified by another test
|
# already identified by another test
|
||||||
clauseMatch = False
|
clauseMatch = False
|
||||||
|
@ -359,10 +363,6 @@ def checkSqlInjection(place, parameter, value):
|
||||||
# used afterwards by Agent.forgeInbandQuery()
|
# used afterwards by Agent.forgeInbandQuery()
|
||||||
# method to forge the UNION query payload
|
# method to forge the UNION query payload
|
||||||
|
|
||||||
# Force back-end DBMS according to the current
|
|
||||||
# test value for proper payload unescaping
|
|
||||||
Backend.forceDbms(dbms)
|
|
||||||
|
|
||||||
configUnion(test.request.char, test.request.columns)
|
configUnion(test.request.char, test.request.columns)
|
||||||
|
|
||||||
if not Backend.getIdentifiedDbms():
|
if not Backend.getIdentifiedDbms():
|
||||||
|
@ -384,9 +384,6 @@ def checkSqlInjection(place, parameter, value):
|
||||||
# by unionTest() directly
|
# by unionTest() directly
|
||||||
where = vector[6]
|
where = vector[6]
|
||||||
|
|
||||||
# Reset forced back-end DBMS value
|
|
||||||
Backend.flushForcedDbms()
|
|
||||||
|
|
||||||
# If the injection test was successful feed the injection
|
# If the injection test was successful feed the injection
|
||||||
# object with the test's details
|
# object with the test's details
|
||||||
if injectable is True:
|
if injectable is True:
|
||||||
|
@ -442,6 +439,9 @@ def checkSqlInjection(place, parameter, value):
|
||||||
# boundaries
|
# boundaries
|
||||||
break
|
break
|
||||||
|
|
||||||
|
# Reset forced back-end DBMS value
|
||||||
|
Backend.flushForcedDbms()
|
||||||
|
|
||||||
except KeyboardInterrupt:
|
except KeyboardInterrupt:
|
||||||
warnMsg = "Ctrl+C detected in detection phase"
|
warnMsg = "Ctrl+C detected in detection phase"
|
||||||
logger.warn(warnMsg)
|
logger.warn(warnMsg)
|
||||||
|
@ -458,6 +458,10 @@ def checkSqlInjection(place, parameter, value):
|
||||||
elif test[0] in ("q", "Q"):
|
elif test[0] in ("q", "Q"):
|
||||||
raise sqlmapUserQuitException
|
raise sqlmapUserQuitException
|
||||||
|
|
||||||
|
finally:
|
||||||
|
# Reset forced back-end DBMS value
|
||||||
|
Backend.flushForcedDbms()
|
||||||
|
|
||||||
# Return the injection object
|
# Return the injection object
|
||||||
if injection.place is not None and injection.parameter is not None:
|
if injection.place is not None and injection.parameter is not None:
|
||||||
return injection
|
return injection
|
||||||
|
|
Loading…
Reference in New Issue
Block a user