PenTest/sqlmap
1
0
Fork 0
mirror of https://github.com/sqlmapproject/sqlmap.git synced 2025-12-09 22:21:30 +00:00
Code Issues Projects Releases Wiki Activity

More adjustments related to unescape() and cleanupPayload().

Browse Source 
Minor code cleanup related to error-based payload.
This commit is contained in:
Bernardo Damele
2011-02-06 23:27:56 +00:00
parent 6a71629575
commit 061f56daf9
3 changed files with 13 additions and 17 deletions
Download Patch File Download Diff File Expand all files Collapse all files

14
lib/controller/checks.py
View File

@@ -166,10 +166,6 @@ def checkSqlInjection(place, parameter, value):
continue
# Force back-end DBMS according to the current
# test value for proper payload unescaping
Backend.forceDbms(dbms)
# Skip test if it does not match the same SQL injection clause
# already identified by another test
clauseMatch = False
@@ -196,9 +192,13 @@ def checkSqlInjection(place, parameter, value):
infoMsg = "testing '%s'" % title
logger.info(infoMsg)
# Force back-end DBMS according to the current
# test value for proper payload unescaping
Backend.forceDbms(dbms)
# Parse test's <request>
comment = agent.getComment(test.request)
fstPayload = agent.cleanupPayload(test.request.payload, value)
fstPayload = agent.cleanupPayload(test.request.payload, origValue=value)
for boundary in conf.boundaries:
injectable = False
@@ -279,11 +279,11 @@ def checkSqlInjection(place, parameter, value):
# payload was successful
# Parse test's <response>
for method, check in test.response.items():
check = agent.cleanupPayload(check, value)
check = agent.cleanupPayload(check, origValue=value)
# In case of boolean-based blind SQL injection
if method == PAYLOAD.METHOD.COMPARISON:
sndPayload = agent.cleanupPayload(test.response.comparison, value)
sndPayload = agent.cleanupPayload(test.response.comparison, origValue=value)
# Forge response payload by prepending with
# boundary's prefix and appending the boundary's