sqlmapproject/sqlmap
1
1
Fork 0
mirror of https://github.com/sqlmapproject/sqlmap.git synced 2024-11-23 01:56:36 +03:00
Code Issues Packages Projects Releases Wiki Activity

fix for Feature #157

Browse Source
This commit is contained in:
Miroslav Stampar 2010-05-13 11:17:24 +00:00
parent ca3e12ae73
commit d96723a135
1 changed files with 7 additions and 15 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

10
lib/techniques/blind/inference.py
View File

@ -161,27 +161,19 @@ def bisection(payload, expression, length=None, charsetType=None, firstChar=None
if not conf.useBetween or kb.dbms == "SQLite": if not conf.useBetween or kb.dbms == "SQLite":
forgedPayload = safeStringFormat(payload, (expressionUnescaped, idx, posValue)) forgedPayload = safeStringFormat(payload, (expressionUnescaped, idx, posValue))
else: else:
forgedPayload = safeStringFormat(payload.replace('%3E', 'BETWEEN 0 AND'), (expressionUnescaped, idx, posValue)) forgedPayload = safeStringFormat(payload.replace('%3E', 'NOT BETWEEN 0 AND'), (expressionUnescaped, idx, posValue))
result = Request.queryPage(urlencode(forgedPayload)) result = Request.queryPage(urlencode(forgedPayload))
if kb.dbms == "SQLite": if kb.dbms == "SQLite":
posValue = posValueOld posValue = posValueOld
if not conf.useBetween or kb.dbms == "SQLite": #normal
if result: if result:
minValue = posValue minValue = posValue
asciiTbl = asciiTbl[position:] asciiTbl = asciiTbl[position:]
else: else:
maxValue = posValue maxValue = posValue
asciiTbl = asciiTbl[:position] asciiTbl = asciiTbl[:position]
else: #reversed
if result:
maxValue = posValue
asciiTbl = asciiTbl[:position]
else:
minValue = posValue
asciiTbl = asciiTbl[position:]
if len(asciiTbl) == 1: if len(asciiTbl) == 1:
if maxValue == 1: if maxValue == 1: