mirror of
https://github.com/sqlmapproject/sqlmap.git
synced 2025-03-03 11:45:46 +03:00
major fix for MySQL error based injections
This commit is contained in:
parent
1fce9683f8
commit
d7622bb9cf
|
@ -355,11 +355,16 @@ def __goError(expression, resumeValue=True):
|
|||
result = Request.queryPage(urlencode(forgedPayload), content=True)
|
||||
|
||||
match = re.search(temp.errorRegex, result[0], re.DOTALL | re.IGNORECASE)
|
||||
#import pdb
|
||||
#pdb.set_trace()
|
||||
if match:
|
||||
output = match.group('result')
|
||||
if output:
|
||||
output = output.replace("%c%c%c" % (58, 95, 58), " ").replace("%c%c%c" % (58, 120, 58), "") #':_:' -> EMPTY CHAR, ':x:' -> SPACE CHAR
|
||||
|
||||
if kb.dbms == "MySQL":
|
||||
output = output[:-1]
|
||||
|
||||
return output
|
||||
|
||||
|
||||
|
|
Loading…
Reference in New Issue
Block a user