Cleaning a mess with stacked queries and pre-WHERE boundaries

2025-12-06 04:31:30 +00:00 · 2018-09-14 10:30:58 +02:00
parent a5e3dce26f
commit 35d9ed8476
6 changed files with 89 additions and 49 deletions
--- a/lib/parse/payloads.py
+++ b/lib/parse/payloads.py
@@ -6,6 +6,7 @@ See the file 'LICENSE' for copying permission
 """

 import os
+import re

 from xml.etree import ElementTree as et

@@ -17,6 +18,9 @@ from lib.core.exception import SqlmapInstallationException
 from lib.core.settings import PAYLOAD_XML_FILES

 def cleanupVals(text, tag):
+    if tag == "clause" and '-' in text:
+        text = re.sub(r"(\d+)-(\d+)", lambda match: ','.join(str(_) for _ in xrange(int(match.group(1)), int(match.group(2)) + 1)), text)
+
    if tag in ("clause", "where"):
        text = text.split(',')