PenTest/sqlmap
1
0
Fork 0
mirror of https://github.com/sqlmapproject/sqlmap.git synced 2025-12-06 20:51:31 +00:00
Code Issues Projects Releases Wiki Activity

Another update for an Issue #362

Browse Source
This commit is contained in:
Miroslav Stampar
2013-01-20 22:47:26 +01:00
parent 8f955b6364
commit 069c6acabd
3 changed files with 10 additions and 3 deletions
Download Patch File Download Diff File Expand all files Collapse all files

9
lib/techniques/blind/inference.py
View File

@@ -180,7 +180,14 @@ def bisection(payload, expression, length=None, charsetType=None, firstChar=None
value are not equal there will be a deliberate delay). value are not equal there will be a deliberate delay).
""" """
forgedPayload = safeStringFormat(payload.replace(INFERENCE_GREATER_CHAR, INFERENCE_NOT_EQUALS_CHAR), (expressionUnescaped, idx, value)) if CHAR_INFERENCE_MARK not in payload:
forgedPayload = safeStringFormat(payload.replace(INFERENCE_GREATER_CHAR, INFERENCE_NOT_EQUALS_CHAR), (expressionUnescaped, idx, value))
else:
# e.g.: ... > '%c' -> ... > ORD(..)
markingValue = "'%s'" % CHAR_INFERENCE_MARK
unescapedCharValue = unescaper.escape("'%s'" % decodeIntToUnicode(value))
forgedPayload = safeStringFormat(payload.replace(INFERENCE_GREATER_CHAR, INFERENCE_NOT_EQUALS_CHAR), (expressionUnescaped, idx)).replace(markingValue, unescapedCharValue)
result = Request.queryPage(forgedPayload, timeBasedCompare=timeBasedCompare, raise404=False) result = Request.queryPage(forgedPayload, timeBasedCompare=timeBasedCompare, raise404=False)
incrementCounter(kb.technique) incrementCounter(kb.technique)