PenTest/sqlmap
1
0
Fork 0
mirror of https://github.com/sqlmapproject/sqlmap.git synced 2025-12-06 12:41:30 +00:00
Code Issues Projects Releases Wiki Activity

we need this because of one pesky little bug going around (when union is recognized and the dbmses are fingerprinted, for those who don't have proper unescaping false TRUE is recognized in form of retrieved: %27%2B%28SELECT%20CAST...). tested on all major DBMSes.

Browse Source
This commit is contained in:
Miroslav Stampar
2011-02-12 10:15:42 +00:00
parent 521635c84d
commit 25a3a64327
1 changed files with 4 additions and 1 deletions
Download Patch File Download Diff File Expand all files Collapse all files

5
lib/request/inject.py
View File

@@ -475,12 +475,15 @@ def getValue(expression, blind=True, inband=True, error=True, time=True, fromUse
if value and expected == EXPECTED.BOOL:
if isinstance(value, basestring):
value = value.strip()
if value.lower() in ("true", "false"):
value = bool(value)
elif value.capitalize() == "None":
value = None
elif value in ("1", "-1"):
value = True
else:
value = value != "0"
value = None
elif isinstance(value, int):
value = bool(value)
elif value == [None]: