sqlmapproject/sqlmap
1
1
Fork 0
mirror of https://github.com/sqlmapproject/sqlmap.git synced 2025-05-07 09:13:43 +03:00
Code Issues Packages Projects Releases Wiki Activity

further update regarding bugtrace's report

Browse Source
This commit is contained in:
Miroslav Stampar 2010-12-11 17:32:15 +00:00
parent 5d18c98ec2
commit e32fa9df43
1 changed files with 33 additions and 33 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

66
lib/request/inject.py
View File

@ -103,35 +103,20 @@ def __goBooleanProxy(expression, resumeValue=True):
vector = kb.injection.data[kb.technique].vector vector = kb.injection.data[kb.technique].vector
if kb.technique == PAYLOAD.TECHNIQUE.ERROR: kb.pageTemplate = getPageTemplate(kb.injection.data[kb.technique].templatePayload, kb.injection.place)
if not expression.upper().startswith("SELECT "): vector = vector.replace("[INFERENCE]", "(%s)" % expression)
expression = agent.forgeCaseStatement(expression) vector = agent.cleanupPayload(vector)
output = __goError(expression, resumeValue)
query = agent.prefixQuery(vector)
query = agent.suffixQuery(query)
payload = agent.payload(newValue=query)
if resumeValue:
output = resume(expression, payload)
else: else:
kb.pageTemplate = getPageTemplate(kb.injection.data[kb.technique].templatePayload, kb.injection.place) output = None
vector = vector.replace("[INFERENCE]", "(%s)" % expression)
vector = agent.cleanupPayload(vector) if not output:
output = Request.queryPage(payload)
query = agent.prefixQuery(vector)
query = agent.suffixQuery(query)
payload = agent.payload(newValue=query)
if resumeValue:
output = resume(expression, payload)
else:
output = None
if not output:
output = Request.queryPage(payload)
if output:
if isinstance(output, basestring):
output = output.lower()
if output in ("true", "false"):
output = bool(output)
else:
output = output != "0"
elif isinstance(output, int):
output = bool(output)
conf.verbose = popValue() conf.verbose = popValue()
@ -434,13 +419,18 @@ def getValue(expression, blind=True, inband=True, error=True, time=True, fromUse
query = query.replace("DISTINCT ", "") query = query.replace("DISTINCT ", "")
if expected == EXPECTED.BOOL: if expected == EXPECTED.BOOL:
booleanExpression = expression forgeCaseExpression = booleanExpression = expression
if booleanExpression.upper().startswith("SELECT "): if expression.upper().startswith("SELECT "):
booleanExpression = booleanExpression[len("SELECT "):] booleanExpression = expression[len("SELECT "):]
else:
forgeCaseExpression = agent.forgeCaseStatement(expression)
if inband and kb.unionTest is not None: if inband and kb.unionTest is not None:
kb.technique = PAYLOAD.TECHNIQUE.UNION kb.technique = PAYLOAD.TECHNIQUE.UNION
value = __goInband(query, expected, sort, resumeValue, unpack, dump) if expected == EXPECTED.BOOL:
value = __goInband(forgeCaseExpression, expected, sort, resumeValue, unpack, dump)
else:
value = __goInband(query, expected, sort, resumeValue, unpack, dump)
found = value or (value is None and expectingNone) found = value or (value is None and expectingNone)
if not found: if not found:
@ -455,7 +445,7 @@ def getValue(expression, blind=True, inband=True, error=True, time=True, fromUse
if error and kb.errorTest and not found: if error and kb.errorTest and not found:
kb.technique = PAYLOAD.TECHNIQUE.ERROR kb.technique = PAYLOAD.TECHNIQUE.ERROR
if expected == EXPECTED.BOOL: if expected == EXPECTED.BOOL:
value = __goBooleanProxy(booleanExpression, resumeValue) value = __goError(forgeCaseExpression, resumeValue)
else: else:
value = __goError(query, resumeValue) value = __goError(query, resumeValue)
found = value or (value is None and expectingNone) found = value or (value is None and expectingNone)
@ -491,6 +481,16 @@ def getValue(expression, blind=True, inband=True, error=True, time=True, fromUse
if suppressOutput: if suppressOutput:
conf.verbose = popValue() conf.verbose = popValue()
if value and expected == EXPECTED.BOOL:
if isinstance(value, basestring):
value = value.lower()
if value in ("true", "false"):
value = bool(value)
else:
value = value != "0"
elif isinstance(value, int):
value = bool(value)
return value return value
def goStacked(expression, silent=False): def goStacked(expression, silent=False):