Major enhancement to directly connect to the dbms without passing via a sql injection: adapted code accordingly - see #158. This feature relies on python third-party libraries to be able to connect to the database. For the moment it has been implemented for MySQL (with python-mysqldb module) and PostgreSQL (with python-psycopg2 module).

Minor layout adjustments.
2025-12-10 09:49:06 +00:00 · 2010-03-26 23:23:25 +00:00
parent 4ca1adba2c
commit 1416cd0d86
32 changed files with 791 additions and 122 deletions
--- a/lib/techniques/inband/union/test.py
+++ b/lib/techniques/inband/union/test.py
@@ -200,6 +200,9 @@ def unionTest():
    SQL injection vulnerability. The test is done up to 3*50 times
    """

+    if conf.direct:
+        return
+
    if conf.uTech == "orderby":
        technique = "ORDER BY clause bruteforcing"
    else: