PenTest/sqlmap
1
0
Fork 0
mirror of https://github.com/sqlmapproject/sqlmap.git synced 2025-12-07 05:01:30 +00:00
Code Issues Projects Releases Wiki Activity

Major bug fix.

Browse Source 
Minor code refactoring.
This commit is contained in:
Bernardo Damele
2011-01-16 01:17:09 +00:00
parent c0d5daee99
commit 0fc4ebdc1b
4 changed files with 24 additions and 32 deletions
Download Patch File Download Diff File Expand all files Collapse all files

11
lib/controller/checks.py
View File

@@ -72,11 +72,13 @@ def unescapeDbms(payload, injection, dbms):
# provided a DBMS (conf.dbms), unescape the strings between single
# quotes in the payload
if injection.dbms is not None:
payload = unescape(payload, injection.dbms)
payload = unescape(payload, dbms=injection.dbms)
elif dbms is not None:
payload = unescape(payload, dbms)
payload = unescape(payload, dbms=dbms)
elif conf.dbms is not None:
payload = unescape(payload, conf.dbms)
payload = unescape(payload, dbms=conf.dbms)
elif getIdentifiedDBMS() is not None:
payload = unescape(payload, dbms=getIdentifiedDBMS())
return payload
@@ -387,8 +389,7 @@ def checkSqlInjection(place, parameter, value):
logger.warn(warnMsg)
configUnion(test.request.char, test.request.columns)
dbmsToUnescape = kb.misc.fpDbms if kb.misc.fpDbms is not None else injection.dbms
reqPayload, vector = unionTest(comment, place, parameter, value, prefix, suffix, dbmsToUnescape)
reqPayload, vector = unionTest(comment, place, parameter, value, prefix, suffix)
if isinstance(reqPayload, basestring):
infoMsg = "%s parameter '%s' is '%s' injectable" % (place, parameter, title)