sqlmapproject/sqlmap
1
1
Fork 0
mirror of https://github.com/sqlmapproject/sqlmap.git synced 2024-11-26 11:33:47 +03:00
Code Issues Packages Projects Releases Wiki Activity

minor improvement

Browse Source
This commit is contained in:
Miroslav Stampar 2011-01-23 11:35:24 +00:00
parent f5ff78d40c
commit ff7707579f
1 changed files with 10 additions and 2 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

12
lib/techniques/inband/union/test.py
View File

@ -7,6 +7,7 @@ Copyright (c) 2006-2010 sqlmap developers (http://sqlmap.sourceforge.net/)
See the file 'doc/COPYING' for copying permission See the file 'doc/COPYING' for copying permission
""" """
import re
import time import time
from lib.core.agent import agent from lib.core.agent import agent
@ -17,6 +18,7 @@ from lib.core.common import extractRegexResult
from lib.core.common import getUnicode from lib.core.common import getUnicode
from lib.core.common import parseUnionPage from lib.core.common import parseUnionPage
from lib.core.common import randomStr from lib.core.common import randomStr
from lib.core.common import wasLastRequestDBMSError
from lib.core.data import conf from lib.core.data import conf
from lib.core.data import kb from lib.core.data import kb
from lib.core.data import logger from lib.core.data import logger
@ -48,7 +50,10 @@ def __unionPosition(comment, place, parameter, value, prefix, suffix, count, whe
# Perform the request # Perform the request
resultPage, _ = Request.queryPage(payload, place=place, content=True, raise404=False) resultPage, _ = Request.queryPage(payload, place=place, content=True, raise404=False)
if resultPage and randQuery in resultPage and not extractRegexResult('(?P<result>UNION ALL SELECT)', resultPage, re.I): if wasLastRequestDBMSError() or extractRegexResult('(?P<result>UNION ALL SELECT)', resultPage, re.I):
continue
if resultPage and randQuery in resultPage:
validPayload = payload validPayload = payload
vector = (position, count, comment, prefix, suffix, conf.uChar, where) vector = (position, count, comment, prefix, suffix, conf.uChar, where)
@ -65,7 +70,10 @@ def __unionPosition(comment, place, parameter, value, prefix, suffix, count, whe
# Perform the request # Perform the request
resultPage, _ = Request.queryPage(payload, place=place, content=True, raise404=False) resultPage, _ = Request.queryPage(payload, place=place, content=True, raise404=False)
if resultPage and not extractRegexResult('(?P<result>UNION ALL SELECT)', resultPage, re.I) and ((randQuery in resultPage and randQuery2 not in resultPage) or (randQuery not in resultPage and randQuery2 in resultPage)): if wasLastRequestDBMSError() or extractRegexResult('(?P<result>UNION ALL SELECT)', resultPage, re.I):
continue
if resultPage and ((randQuery in resultPage and randQuery2 not in resultPage) or (randQuery not in resultPage and randQuery2 in resultPage)):
vector = (position, count, comment, prefix, suffix, conf.uChar, 2) vector = (position, count, comment, prefix, suffix, conf.uChar, 2)
break break