PenTest/sqlmap
1
0
Fork 0
mirror of https://github.com/sqlmapproject/sqlmap.git synced 2025-12-06 12:41:30 +00:00
Code Issues Projects Releases Wiki Activity

Patch related to the --hex and --technique=E (potential patch for #2837)

Browse Source
This commit is contained in:
Miroslav Stampar
2017-12-20 14:51:15 +01:00
parent 574074e171
commit 0b24a80387
4 changed files with 9 additions and 6 deletions
Download Patch File Download Diff File Expand all files Collapse all files

5
lib/techniques/error/use.py
View File

@@ -76,7 +76,10 @@ def _oneShotErrorUse(expression, field=None, chunkTest=False):
current = MAX_ERROR_CHUNK_LENGTH
while current >= MIN_ERROR_CHUNK_LENGTH:
testChar = str(current % 10)
testQuery = "SELECT %s('%s',%d)" % ("REPEAT" if Backend.isDbms(DBMS.MYSQL) else "REPLICATE", testChar, current)
testQuery = "%s('%s',%d)" % ("REPEAT" if Backend.isDbms(DBMS.MYSQL) else "REPLICATE", testChar, current)
testQuery = "SELECT %s" % (agent.hexConvertField(testQuery) if conf.hexConvert else testQuery)
result = unArrayizeValue(_oneShotErrorUse(testQuery, chunkTest=True))
if (result or "").startswith(testChar):