PenTest/sqlmap
1
0
Fork 0
mirror of https://github.com/sqlmapproject/sqlmap.git synced 2025-12-06 20:51:31 +00:00
Code Issues Projects Releases Wiki Activity

now showing trimmed output in for of warning message (UNION and ERROR techniques affected)

Browse Source
This commit is contained in:
Miroslav Stampar
2011-04-20 12:41:58 +00:00
parent 7993f3f12d
commit 1286cc0913
2 changed files with 24 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

10
lib/techniques/inband/union/use.py
View File

@@ -44,6 +44,7 @@ def __oneShotUnionUse(expression, unpack=True):
global reqCount
check = "(?P<result>%s.*%s)" % (kb.misc.start, kb.misc.stop)
trimcheck = "%s(?P<result>.*?)</" % (kb.misc.start)
# Prepare expression with delimiters
expression = agent.concatQuery(expression, unpack)
@@ -72,6 +73,15 @@ def __oneShotUnionUse(expression, unpack=True):
if output:
output = getUnicode(output, kb.pageEncoding)
else:
trimmed = extractRegexResult(trimcheck, removeReflectiveValues(page, payload), re.DOTALL | re.IGNORECASE) \
or extractRegexResult(trimcheck, removeReflectiveValues(listToStrValue(headers.headers \
if headers else None), payload, True), re.DOTALL | re.IGNORECASE)
if trimmed:
warnMsg = "trimmed output output detected: "
warnMsg += trimmed
logger.warn(warnMsg)
return output