sqlmapproject/sqlmap
1
1
Fork 0
mirror of https://github.com/sqlmapproject/sqlmap.git synced 2025-03-03 11:45:46 +03:00
Code Issues Packages Projects Releases Wiki Activity

minor update

Browse Source
This commit is contained in:
Miroslav Stampar 2011-02-02 13:03:24 +00:00
parent 847b648e4a
commit d6c9515f78
2 changed files with 9 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

3
lib/core/settings.py
View File

@ -77,6 +77,9 @@ METADB_SUFFIX = "_masterdb"
# minimum time response set needed for time-comparison based on standard deviation # minimum time response set needed for time-comparison based on standard deviation
MIN_TIME_RESPONSES = 15 MIN_TIME_RESPONSES = 15
# minimum comparison ratio set needed for searching valid union column number based on standard deviation
MIN_UNION_RESPONSES = 5
# after these number of blanks at the end inference should stop (just in case) # after these number of blanks at the end inference should stop (just in case)
INFERENCE_BLANK_BREAK = 15 INFERENCE_BLANK_BREAK = 15

7
lib/techniques/inband/union/test.py
View File

@ -31,6 +31,7 @@ from lib.core.enums import DBMS
from lib.core.enums import PAYLOAD from lib.core.enums import PAYLOAD
from lib.core.settings import FROM_TABLE from lib.core.settings import FROM_TABLE
from lib.core.settings import UNION_STDEV_COEFF from lib.core.settings import UNION_STDEV_COEFF
from lib.core.settings import MIN_UNION_RESPONSES
from lib.core.unescaper import unescaper from lib.core.unescaper import unescaper
from lib.parse.html import htmlParser from lib.parse.html import htmlParser
from lib.request.comparison import comparison from lib.request.comparison import comparison
@ -45,9 +46,13 @@ def __findUnionCharCount(comment, place, parameter, value, prefix, suffix, where
pushValue(kb.errorIsNone) pushValue(kb.errorIsNone)
items, ratios = [], [] items, ratios = [], []
kb.errorIsNone = False kb.errorIsNone = False
lowerCount, upperCount = conf.uColsStart, conf.uColsStop
if abs(upperCount - lowerCount) < MIN_UNION_RESPONSES:
upperCount = lowerCount + MIN_UNION_RESPONSES
min_, max_ = None, None min_, max_ = None, None
for count in range(conf.uColsStart, conf.uColsStop+1): for count in range(lowerCount, upperCount+1):
query = agent.forgeInbandQuery('', -1, count, comment, prefix, suffix, conf.uChar) query = agent.forgeInbandQuery('', -1, count, comment, prefix, suffix, conf.uChar)
payload = agent.payload(place=place, parameter=parameter, newValue=query, where=where) payload = agent.payload(place=place, parameter=parameter, newValue=query, where=where)
page, _ = Request.queryPage(payload, place=place, content=True, raise404=False) page, _ = Request.queryPage(payload, place=place, content=True, raise404=False)