PenTest/sqlmap
1
0
Fork 0
mirror of https://github.com/sqlmapproject/sqlmap.git synced 2025-12-07 13:11:29 +00:00
Code Issues Projects Releases Wiki Activity

On my way to properly parse test's <where> tag in exploitation phase

Browse Source
This commit is contained in:
Bernardo Damele
2010-12-01 23:32:58 +00:00
parent 09b265a1ea
commit 283a04e29a
4 changed files with 20 additions and 9 deletions
Download Patch File Download Diff File Expand all files Collapse all files

11
lib/core/agent.py
View File

@@ -76,6 +76,7 @@ class Agent:
paramString = conf.parameters[kb.injection.place]
paramDict = conf.paramDict[kb.injection.place]
value = paramDict[kb.injection.parameter]
newValue = self.cleanupPayload(newValue, value)
if "POSTxml" in conf.paramDict and kb.injection.place == PLACE.POST:
root = ET.XML(paramString)
@@ -155,9 +156,9 @@ class Agent:
string += " %s" % kb.injection.suffix
string = self.cleanupPayload(string)
return string
return string.rstrip()
def cleanupPayload(self, payload):
def cleanupPayload(self, payload, origvalue=None):
if payload is None:
return
@@ -174,6 +175,12 @@ class Agent:
payload = payload.replace("[DELIMITER_STOP]", kb.misc.stop)
payload = payload.replace("[SLEEPTIME]", str(conf.timeSec))
if origvalue is not None:
if not origvalue.isdigit():
origvalue = "'%s'" % origvalue
payload = payload.replace("[ORIGVALUE]", origvalue)
return payload
def getComment(self, reqObj):