PenTest/sqlmap
1
0
Fork 0
mirror of https://github.com/sqlmapproject/sqlmap.git synced 2025-12-09 06:01:29 +00:00
Code Issues Projects Releases Wiki Activity

code review part 3

Browse Source
This commit is contained in:
Miroslav Stampar
2011-01-15 13:15:10 +00:00
parent 1fa8f0cba7
commit 5bdb50c224
7 changed files with 6 additions and 10 deletions
Download Patch File Download Diff File Expand all files Collapse all files

4
lib/controller/checks.py
View File

@@ -301,7 +301,6 @@ def checkSqlInjection(place, parameter, value):
boundPayload = agent.suffixQuery(boundPayload, comment, suffix)
boundPayload = agent.cleanupPayload(boundPayload, value)
reqPayload = agent.payload(place, parameter, newValue=boundPayload, where=where)
unionVector = None
# Perform the test's request and check whether or not the
# payload was successful
@@ -474,7 +473,7 @@ def checkSqlInjection(place, parameter, value):
else:
return None
def heuristicCheckSqlInjection(place, parameter, value):
def heuristicCheckSqlInjection(place, parameter):
if kb.nullConnection:
debugMsg = "heuristic checking skipped "
debugMsg += "because NULL connection used"
@@ -518,7 +517,6 @@ def simpletonCheckSqlInjection(place, parameter, value):
result = False
randInt = randomInt()
randStr = randomStr()
if value.isdigit():
payload = "%s AND %d=%d" % (value, randInt, randInt)

4
lib/controller/controller.py
View File

@@ -282,7 +282,7 @@ def start():
if __paramDict:
conf.paramDict[PLACE.COOKIE] = __paramDict
# TODO: consider the following line in __setRequestParams()
__testableParameters = True
# __testableParameters = True
if (len(kb.injections) == 0 or (len(kb.injections) == 1 and kb.injections[0].place is None)) \
and (kb.injection.place is None or kb.injection.parameter is None):
@@ -344,7 +344,7 @@ def start():
kb.testedParams.add(paramKey)
if testSqlInj:
check = heuristicCheckSqlInjection(place, parameter, value)
check = heuristicCheckSqlInjection(place, parameter)
if not check and conf.realTest and\
not simpletonCheckSqlInjection(place, parameter, value):
continue