PenTest/sqlmap
1
0
Fork 0
mirror of https://github.com/sqlmapproject/sqlmap.git synced 2025-12-07 13:11:29 +00:00
Code Issues Projects Releases Wiki Activity

Introducing extra validation property in case of time-based SQLi (HTTP code) - Issue #1973

Browse Source
This commit is contained in:
Miroslav Stampar
2016-09-27 10:20:36 +02:00
parent 556b4d289e
commit 09617c8243
6 changed files with 21 additions and 9 deletions
Download Patch File Download Diff File Expand all files Collapse all files

3
lib/controller/checks.py
View File

@@ -156,6 +156,7 @@ def checkSqlInjection(place, parameter, value):
kb.testType = stype = test.stype
clause = test.clause
unionExtended = False
trueCode = None
if stype == PAYLOAD.TECHNIQUE.UNION:
configUnion(test.request.char)
@@ -556,6 +557,7 @@ def checkSqlInjection(place, parameter, value):
elif method == PAYLOAD.METHOD.TIME:
# Perform the test's request
trueResult = Request.queryPage(reqPayload, place, timeBasedCompare=True, raise404=False)
trueCode = threadData.lastCode
if trueResult:
# Confirm test's results
@@ -668,6 +670,7 @@ def checkSqlInjection(place, parameter, value):
injection.data[stype].comment = comment
injection.data[stype].templatePayload = templatePayload
injection.data[stype].matchRatio = kb.matchRatio
injection.data[stype].trueCode = trueCode
injection.conf.textOnly = conf.textOnly
injection.conf.titles = conf.titles