PenTest/sqlmap
1
0
Fork 0
mirror of https://github.com/sqlmapproject/sqlmap.git synced 2026-01-29 17:49:09 +00:00
Code Issues Projects Releases Wiki Activity

Minor update

Browse Source
This commit is contained in:
Miroslav Stampar
2026-01-28 18:56:12 +01:00
parent cd6e2f1c8a
commit 0ce9d4aeb7
3 changed files with 11 additions and 3 deletions
Download Patch File Download Diff File Expand all files Collapse all files

8
lib/core/common.py
View File

@@ -1477,10 +1477,18 @@ def cleanQuery(query):
"""
retVal = query
queryLower = query.lower()
for sqlStatements in SQL_STATEMENTS.values():
for sqlStatement in sqlStatements:
candidate = sqlStatement.replace("(", "").replace(")", "").strip()
# OPTIMIZATION: Skip expensive regex compilation/search if the keyword
# isn't even present in the string. This makes the function O(K) instead of O(N*K)
# for the expensive regex part (where K is num keywords).
if not candidate or candidate.lower() not in queryLower:
continue
queryMatch = re.search(r"(?i)\b(%s)\b" % candidate, query)
if queryMatch and "sys_exec" not in query: