mirror of
https://github.com/sqlmapproject/sqlmap.git
synced 2024-11-26 03:23:48 +03:00
update
This commit is contained in:
parent
0c9fa5c550
commit
ec6fa384eb
|
@ -67,6 +67,7 @@ from lib.core.settings import INFERENCE_UNKNOWN_CHAR
|
||||||
from lib.core.settings import UNICODE_ENCODING
|
from lib.core.settings import UNICODE_ENCODING
|
||||||
from lib.core.settings import DBMS_DICT
|
from lib.core.settings import DBMS_DICT
|
||||||
from lib.core.settings import DESCRIPTION
|
from lib.core.settings import DESCRIPTION
|
||||||
|
from lib.core.settings import DUMMY_SQL_INJECTION_CHARS
|
||||||
from lib.core.settings import IS_WIN
|
from lib.core.settings import IS_WIN
|
||||||
from lib.core.settings import PLATFORM
|
from lib.core.settings import PLATFORM
|
||||||
from lib.core.settings import PYVERSION
|
from lib.core.settings import PYVERSION
|
||||||
|
@ -498,6 +499,13 @@ def paramToDict(place, parameters=None):
|
||||||
condition |= parameter in conf.testParameter
|
condition |= parameter in conf.testParameter
|
||||||
|
|
||||||
if condition:
|
if condition:
|
||||||
|
if elem[1].strip(DUMMY_SQL_INJECTION_CHARS) != elem[1]:
|
||||||
|
errMsg = "you have provided parameters with most "
|
||||||
|
errMsg += "probably leftovers from manual sql injection "
|
||||||
|
errMsg += "tests (%s). " % DUMMY_SQL_INJECTION_CHARS
|
||||||
|
errMsg += "please, remove them so sqlmap could be able "
|
||||||
|
errMsg += "to do a valid run."
|
||||||
|
raise sqlmapSyntaxException, errMsg
|
||||||
testableParameters[parameter] = elem[1]
|
testableParameters[parameter] = elem[1]
|
||||||
else:
|
else:
|
||||||
root = ET.XML(parameters)
|
root = ET.XML(parameters)
|
||||||
|
|
|
@ -351,3 +351,6 @@ REFLECTIVE_MISS_THRESHOLD = 20
|
||||||
|
|
||||||
# Regular expression used for extracting HTML title
|
# Regular expression used for extracting HTML title
|
||||||
HTML_TITLE_REGEX = "<title>(?P<result>[^<]+)</title>"
|
HTML_TITLE_REGEX = "<title>(?P<result>[^<]+)</title>"
|
||||||
|
|
||||||
|
# Chars used to quickly distinguish if the user provided tainted parameter values
|
||||||
|
DUMMY_SQL_INJECTION_CHARS = ";()'"
|
||||||
|
|
Loading…
Reference in New Issue
Block a user