mirror of
https://github.com/sqlmapproject/sqlmap.git
synced 2024-11-26 03:23:48 +03:00
Fixing mess with template payloads and URI/JSON/XML/custom cases
This commit is contained in:
parent
3d88dc0a51
commit
ef8530af5b
|
@ -426,11 +426,14 @@ def checkSqlInjection(place, parameter, value):
|
||||||
templatePayload = None
|
templatePayload = None
|
||||||
vector = None
|
vector = None
|
||||||
|
|
||||||
|
origValue = value
|
||||||
|
if kb.customInjectionMark in origValue:
|
||||||
|
origValue = origValue.split(kb.customInjectionMark)[0]
|
||||||
|
origValue = re.search(r"(\w*)\Z", origValue).group(1)
|
||||||
|
|
||||||
# Threat the parameter original value according to the
|
# Threat the parameter original value according to the
|
||||||
# test's <where> tag
|
# test's <where> tag
|
||||||
if where == PAYLOAD.WHERE.ORIGINAL or conf.prefix:
|
if where == PAYLOAD.WHERE.ORIGINAL or conf.prefix:
|
||||||
origValue = value
|
|
||||||
|
|
||||||
if kb.tamperFunctions:
|
if kb.tamperFunctions:
|
||||||
templatePayload = agent.payload(place, parameter, value="", newValue=origValue, where=where)
|
templatePayload = agent.payload(place, parameter, value="", newValue=origValue, where=where)
|
||||||
elif where == PAYLOAD.WHERE.NEGATIVE:
|
elif where == PAYLOAD.WHERE.NEGATIVE:
|
||||||
|
@ -440,7 +443,7 @@ def checkSqlInjection(place, parameter, value):
|
||||||
|
|
||||||
if conf.invalidLogical:
|
if conf.invalidLogical:
|
||||||
_ = int(kb.data.randomInt[:2])
|
_ = int(kb.data.randomInt[:2])
|
||||||
origValue = "%s AND %s LIKE %s" % (value, _, _ + 1)
|
origValue = "%s AND %s LIKE %s" % (origValue, _, _ + 1)
|
||||||
elif conf.invalidBignum:
|
elif conf.invalidBignum:
|
||||||
origValue = kb.data.randomInt[:6]
|
origValue = kb.data.randomInt[:6]
|
||||||
elif conf.invalidString:
|
elif conf.invalidString:
|
||||||
|
|
|
@ -19,7 +19,7 @@ from lib.core.enums import DBMS_DIRECTORY_NAME
|
||||||
from lib.core.enums import OS
|
from lib.core.enums import OS
|
||||||
|
|
||||||
# sqlmap version (<major>.<minor>.<month>.<monthly commit>)
|
# sqlmap version (<major>.<minor>.<month>.<monthly commit>)
|
||||||
VERSION = "1.3.1.68"
|
VERSION = "1.3.1.69"
|
||||||
TYPE = "dev" if VERSION.count('.') > 2 and VERSION.split('.')[-1] != '0' else "stable"
|
TYPE = "dev" if VERSION.count('.') > 2 and VERSION.split('.')[-1] != '0' else "stable"
|
||||||
TYPE_COLORS = {"dev": 33, "stable": 90, "pip": 34}
|
TYPE_COLORS = {"dev": 33, "stable": 90, "pip": 34}
|
||||||
VERSION_STRING = "sqlmap/%s#%s" % ('.'.join(VERSION.split('.')[:-1]) if VERSION.count('.') > 2 and VERSION.split('.')[-1] == '0' else VERSION, TYPE)
|
VERSION_STRING = "sqlmap/%s#%s" % ('.'.join(VERSION.split('.')[:-1]) if VERSION.count('.') > 2 and VERSION.split('.')[-1] == '0' else VERSION, TYPE)
|
||||||
|
|
|
@ -23,7 +23,7 @@ fb6be55d21a70765e35549af2484f762 extra/sqlharvest/__init__.py
|
||||||
fb6be55d21a70765e35549af2484f762 extra/wafdetectify/__init__.py
|
fb6be55d21a70765e35549af2484f762 extra/wafdetectify/__init__.py
|
||||||
aec73042403993076f478da48066a79e extra/wafdetectify/wafdetectify.py
|
aec73042403993076f478da48066a79e extra/wafdetectify/wafdetectify.py
|
||||||
ec782b9cdb8d857a80b6ecf0f32db7f4 lib/controller/action.py
|
ec782b9cdb8d857a80b6ecf0f32db7f4 lib/controller/action.py
|
||||||
11132dd6114b3f76922bb36cff16eceb lib/controller/checks.py
|
9f12e798cb9b194a61f8e278c689fb22 lib/controller/checks.py
|
||||||
b37a93767459162b30798bd9732a12a3 lib/controller/controller.py
|
b37a93767459162b30798bd9732a12a3 lib/controller/controller.py
|
||||||
c1da277517c7ec4c23e953a51b51e203 lib/controller/handler.py
|
c1da277517c7ec4c23e953a51b51e203 lib/controller/handler.py
|
||||||
fb6be55d21a70765e35549af2484f762 lib/controller/__init__.py
|
fb6be55d21a70765e35549af2484f762 lib/controller/__init__.py
|
||||||
|
@ -49,7 +49,7 @@ fe370021c6bc99daf44b2bfc0d1effb3 lib/core/patch.py
|
||||||
7d8a22c582ad201f65b73225e4456170 lib/core/replication.py
|
7d8a22c582ad201f65b73225e4456170 lib/core/replication.py
|
||||||
3179d34f371e0295dd4604568fb30bcd lib/core/revision.py
|
3179d34f371e0295dd4604568fb30bcd lib/core/revision.py
|
||||||
d6269c55789f78cf707e09a0f5b45443 lib/core/session.py
|
d6269c55789f78cf707e09a0f5b45443 lib/core/session.py
|
||||||
83f405c564cb10f99610ae30bbbbcf70 lib/core/settings.py
|
9485ff3bee749146260aebe26c903a21 lib/core/settings.py
|
||||||
4483b4a5b601d8f1c4281071dff21ecc lib/core/shell.py
|
4483b4a5b601d8f1c4281071dff21ecc lib/core/shell.py
|
||||||
10fd19b0716ed261e6d04f311f6f527c lib/core/subprocessng.py
|
10fd19b0716ed261e6d04f311f6f527c lib/core/subprocessng.py
|
||||||
9c7b5c6397fb3da33e7a4d7876d159c6 lib/core/target.py
|
9c7b5c6397fb3da33e7a4d7876d159c6 lib/core/target.py
|
||||||
|
|
Loading…
Reference in New Issue
Block a user