PenTest/sqlmap
1
0
Fork 0
mirror of https://github.com/sqlmapproject/sqlmap.git synced 2025-12-09 22:21:30 +00:00
Code Issues Projects Releases Wiki Activity

Patch for MsSQL column name injection

Browse Source
This commit is contained in:
Miroslav Stampar
2018-09-06 13:59:07 +02:00
parent c37014b8e8
commit 2b56bdfaa6
4 changed files with 19 additions and 8 deletions
Download Patch File Download Diff File Expand all files Collapse all files

14
thirdparty/ansistrm/ansistrm.py vendored
View File

@@ -182,8 +182,8 @@ class ColorizingStreamHandler(logging.StreamHandler):
message = message.replace(counter, ''.join((self.csi, str(self.color_map["yellow"] + 30), 'm', counter, reset)), 1)
if level != "PAYLOAD":
for match in re.finditer(r"[^\w]'([^']+)'", message): # single-quoted
string = match.group(1)
if any(_ in message for _ in ("parsed DBMS error message",)):
string = re.search(r": '(.+)'", message).group(1)
if not message.endswith(self.reset):
reset = self.reset
elif self.bold in message: # bold
@@ -191,6 +191,16 @@ class ColorizingStreamHandler(logging.StreamHandler):
else:
reset = self.reset
message = message.replace("'%s'" % string, "'%s'" % ''.join((self.csi, str(self.color_map["white"] + 30), 'm', string, reset)), 1)
else:
for match in re.finditer(r"[^\w]'([^']+)'", message): # single-quoted
string = match.group(1)
if not message.endswith(self.reset):
reset = self.reset
elif self.bold in message: # bold
reset = self.reset + self.bold
else:
reset = self.reset
message = message.replace("'%s'" % string, "'%s'" % ''.join((self.csi, str(self.color_map["white"] + 30), 'm', string, reset)), 1)
else:
message = ''.join((self.csi, ';'.join(params), 'm', message, self.reset))