mirror of
https://github.com/sqlmapproject/sqlmap.git
synced 2024-11-25 11:03:47 +03:00
Adding a switch --invalid-string
This commit is contained in:
parent
f88f6dcd7e
commit
f97fcb7bb3
|
@ -329,11 +329,14 @@ def checkSqlInjection(place, parameter, value):
|
||||||
# one as we are changing parameters value, which
|
# one as we are changing parameters value, which
|
||||||
# will likely result in a different content
|
# will likely result in a different content
|
||||||
kb.data.setdefault("randomInt", str(randomInt(10)))
|
kb.data.setdefault("randomInt", str(randomInt(10)))
|
||||||
|
kb.data.setdefault("randomStr", str(randomStr(10)))
|
||||||
if conf.invalidLogical:
|
if conf.invalidLogical:
|
||||||
_ = int(kb.data.randomInt[:2])
|
_ = int(kb.data.randomInt[:2])
|
||||||
origValue = "%s AND %s=%s" % (value, _, _ + 1)
|
origValue = "%s AND %s=%s" % (value, _, _ + 1)
|
||||||
elif conf.invalidBignum:
|
elif conf.invalidBignum:
|
||||||
origValue = kb.data.randomInt[:6]
|
origValue = kb.data.randomInt[:6]
|
||||||
|
elif conf.invalidString:
|
||||||
|
origValue = kb.data.randomStr[:6]
|
||||||
else:
|
else:
|
||||||
origValue = "-%s" % kb.data.randomInt[:4]
|
origValue = "-%s" % kb.data.randomInt[:4]
|
||||||
templatePayload = agent.payload(place, parameter, value="", newValue=origValue, where=where)
|
templatePayload = agent.payload(place, parameter, value="", newValue=origValue, where=where)
|
||||||
|
|
|
@ -122,6 +122,8 @@ class Agent(object):
|
||||||
value = "%s%s AND %s=%s" % (origValue, match.group() if match else "", _, _ + 1)
|
value = "%s%s AND %s=%s" % (origValue, match.group() if match else "", _, _ + 1)
|
||||||
elif conf.invalidBignum:
|
elif conf.invalidBignum:
|
||||||
value = randomInt(6)
|
value = randomInt(6)
|
||||||
|
elif conf.invalidString:
|
||||||
|
value = randomStr(6)
|
||||||
else:
|
else:
|
||||||
if newValue.startswith("-"):
|
if newValue.startswith("-"):
|
||||||
value = ""
|
value = ""
|
||||||
|
|
|
@ -72,6 +72,7 @@ optDict = {
|
||||||
"os": "string",
|
"os": "string",
|
||||||
"invalidBignum": "boolean",
|
"invalidBignum": "boolean",
|
||||||
"invalidLogical": "boolean",
|
"invalidLogical": "boolean",
|
||||||
|
"invalidString": "boolean",
|
||||||
"noCast": "boolean",
|
"noCast": "boolean",
|
||||||
"noEscape": "boolean",
|
"noEscape": "boolean",
|
||||||
"prefix": "string",
|
"prefix": "string",
|
||||||
|
|
|
@ -239,6 +239,10 @@ def cmdLineParser():
|
||||||
action="store_true",
|
action="store_true",
|
||||||
help="Use logical operations for invalidating values")
|
help="Use logical operations for invalidating values")
|
||||||
|
|
||||||
|
injection.add_option("--invalid-string", dest="invalidString",
|
||||||
|
action="store_true",
|
||||||
|
help="Use random strings for invalidating values")
|
||||||
|
|
||||||
injection.add_option("--no-cast", dest="noCast",
|
injection.add_option("--no-cast", dest="noCast",
|
||||||
action="store_true",
|
action="store_true",
|
||||||
help="Turn off payload casting mechanism")
|
help="Turn off payload casting mechanism")
|
||||||
|
|
|
@ -233,6 +233,10 @@ invalidBignum = False
|
||||||
# Valid: True or False
|
# Valid: True or False
|
||||||
invalidLogical = False
|
invalidLogical = False
|
||||||
|
|
||||||
|
# Use random strings for invalidating values.
|
||||||
|
# Valid: True or False
|
||||||
|
invalidString = False
|
||||||
|
|
||||||
# Turn off payload casting mechanism
|
# Turn off payload casting mechanism
|
||||||
# Valid: True or False
|
# Valid: True or False
|
||||||
noCast = False
|
noCast = False
|
||||||
|
|
Loading…
Reference in New Issue
Block a user