sqlmapproject/sqlmap
1
1
Fork 0
mirror of https://github.com/sqlmapproject/sqlmap.git synced 2025-01-23 15:54:24 +03:00
Code Issues Packages Projects Releases Wiki Activity

minor update

Browse Source
This commit is contained in:
Miroslav Stampar 2010-12-06 18:44:42 +00:00
parent d77ddbee47
commit d336f1df23
1 changed files with 3 additions and 2 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

5
lib/controller/checks.py
View File

@ -272,6 +272,7 @@ def checkSqlInjection(place, parameter, value):
kb.pageTemplate, _ = Request.queryPage(agent.payload(place, parameter, value, origValue), place, content=True) kb.pageTemplate, _ = Request.queryPage(agent.payload(place, parameter, value, origValue), place, content=True)
elif where == 3: elif where == 3:
origValue = "" origValue = ""
kb.pageTemplate = kb.originalPage
# Forge request payload by prepending with boundary's # Forge request payload by prepending with boundary's
# prefix and appending the boundary's suffix to the # prefix and appending the boundary's suffix to the
@ -330,9 +331,9 @@ def checkSqlInjection(place, parameter, value):
output = extractRegexResult(check, reqBody, re.DOTALL | re.IGNORECASE) output = extractRegexResult(check, reqBody, re.DOTALL | re.IGNORECASE)
if output: if output:
output = output.replace(ERROR_SPACE, " ").replace(ERROR_EMPTY_CHAR, "") result = output.replace(ERROR_SPACE, " ").replace(ERROR_EMPTY_CHAR, "") == "1"
if output == "1": if result:
infoMsg = "%s parameter '%s' is '%s' injectable " % (place, parameter, title) infoMsg = "%s parameter '%s' is '%s' injectable " % (place, parameter, title)
logger.info(infoMsg) logger.info(infoMsg)