Fixing mess with template payloads and URI/JSON/XML/custom cases

This commit is contained in:
Miroslav Stampar 2019-01-22 11:08:57 +01:00
parent 3d88dc0a51
commit ef8530af5b
3 changed files with 9 additions and 6 deletions

View File

@ -426,11 +426,14 @@ def checkSqlInjection(place, parameter, value):
templatePayload = None templatePayload = None
vector = None vector = None
origValue = value
if kb.customInjectionMark in origValue:
origValue = origValue.split(kb.customInjectionMark)[0]
origValue = re.search(r"(\w*)\Z", origValue).group(1)
# Threat the parameter original value according to the # Threat the parameter original value according to the
# test's <where> tag # test's <where> tag
if where == PAYLOAD.WHERE.ORIGINAL or conf.prefix: if where == PAYLOAD.WHERE.ORIGINAL or conf.prefix:
origValue = value
if kb.tamperFunctions: if kb.tamperFunctions:
templatePayload = agent.payload(place, parameter, value="", newValue=origValue, where=where) templatePayload = agent.payload(place, parameter, value="", newValue=origValue, where=where)
elif where == PAYLOAD.WHERE.NEGATIVE: elif where == PAYLOAD.WHERE.NEGATIVE:
@ -440,7 +443,7 @@ def checkSqlInjection(place, parameter, value):
if conf.invalidLogical: if conf.invalidLogical:
_ = int(kb.data.randomInt[:2]) _ = int(kb.data.randomInt[:2])
origValue = "%s AND %s LIKE %s" % (value, _, _ + 1) origValue = "%s AND %s LIKE %s" % (origValue, _, _ + 1)
elif conf.invalidBignum: elif conf.invalidBignum:
origValue = kb.data.randomInt[:6] origValue = kb.data.randomInt[:6]
elif conf.invalidString: elif conf.invalidString:

View File

@ -19,7 +19,7 @@ from lib.core.enums import DBMS_DIRECTORY_NAME
from lib.core.enums import OS from lib.core.enums import OS
# sqlmap version (<major>.<minor>.<month>.<monthly commit>) # sqlmap version (<major>.<minor>.<month>.<monthly commit>)
VERSION = "1.3.1.68" VERSION = "1.3.1.69"
TYPE = "dev" if VERSION.count('.') > 2 and VERSION.split('.')[-1] != '0' else "stable" TYPE = "dev" if VERSION.count('.') > 2 and VERSION.split('.')[-1] != '0' else "stable"
TYPE_COLORS = {"dev": 33, "stable": 90, "pip": 34} TYPE_COLORS = {"dev": 33, "stable": 90, "pip": 34}
VERSION_STRING = "sqlmap/%s#%s" % ('.'.join(VERSION.split('.')[:-1]) if VERSION.count('.') > 2 and VERSION.split('.')[-1] == '0' else VERSION, TYPE) VERSION_STRING = "sqlmap/%s#%s" % ('.'.join(VERSION.split('.')[:-1]) if VERSION.count('.') > 2 and VERSION.split('.')[-1] == '0' else VERSION, TYPE)

View File

@ -23,7 +23,7 @@ fb6be55d21a70765e35549af2484f762 extra/sqlharvest/__init__.py
fb6be55d21a70765e35549af2484f762 extra/wafdetectify/__init__.py fb6be55d21a70765e35549af2484f762 extra/wafdetectify/__init__.py
aec73042403993076f478da48066a79e extra/wafdetectify/wafdetectify.py aec73042403993076f478da48066a79e extra/wafdetectify/wafdetectify.py
ec782b9cdb8d857a80b6ecf0f32db7f4 lib/controller/action.py ec782b9cdb8d857a80b6ecf0f32db7f4 lib/controller/action.py
11132dd6114b3f76922bb36cff16eceb lib/controller/checks.py 9f12e798cb9b194a61f8e278c689fb22 lib/controller/checks.py
b37a93767459162b30798bd9732a12a3 lib/controller/controller.py b37a93767459162b30798bd9732a12a3 lib/controller/controller.py
c1da277517c7ec4c23e953a51b51e203 lib/controller/handler.py c1da277517c7ec4c23e953a51b51e203 lib/controller/handler.py
fb6be55d21a70765e35549af2484f762 lib/controller/__init__.py fb6be55d21a70765e35549af2484f762 lib/controller/__init__.py
@ -49,7 +49,7 @@ fe370021c6bc99daf44b2bfc0d1effb3 lib/core/patch.py
7d8a22c582ad201f65b73225e4456170 lib/core/replication.py 7d8a22c582ad201f65b73225e4456170 lib/core/replication.py
3179d34f371e0295dd4604568fb30bcd lib/core/revision.py 3179d34f371e0295dd4604568fb30bcd lib/core/revision.py
d6269c55789f78cf707e09a0f5b45443 lib/core/session.py d6269c55789f78cf707e09a0f5b45443 lib/core/session.py
83f405c564cb10f99610ae30bbbbcf70 lib/core/settings.py 9485ff3bee749146260aebe26c903a21 lib/core/settings.py
4483b4a5b601d8f1c4281071dff21ecc lib/core/shell.py 4483b4a5b601d8f1c4281071dff21ecc lib/core/shell.py
10fd19b0716ed261e6d04f311f6f527c lib/core/subprocessng.py 10fd19b0716ed261e6d04f311f6f527c lib/core/subprocessng.py
9c7b5c6397fb3da33e7a4d7876d159c6 lib/core/target.py 9c7b5c6397fb3da33e7a4d7876d159c6 lib/core/target.py