PenTest/sqlmap
1
0
Fork 0
mirror of https://github.com/sqlmapproject/sqlmap.git synced 2025-12-06 12:41:30 +00:00
Code Issues Projects Releases Wiki Activity

introduced safe string formatting

Browse Source
This commit is contained in:
Miroslav Stampar
2010-01-15 16:06:59 +00:00
parent dcf0b2a3c1
commit 5f171340f5
5 changed files with 31 additions and 9 deletions
Download Patch File Download Diff File Expand all files Collapse all files

3
lib/techniques/blind/inference.py
View File

@@ -31,6 +31,7 @@ from lib.core.common import dataToSessionFile
from lib.core.common import dataToStdout
from lib.core.common import getCharset
from lib.core.common import replaceNewlineTabs
from lib.core.common import safeStringFormat
from lib.core.data import conf
from lib.core.data import kb
from lib.core.data import logger
@@ -117,7 +118,7 @@ def bisection(payload, expression, length=None, charsetType=None, firstChar=None
queriesCount[0] += 1
position = (len(asciiTbl) / 2)
posValue = asciiTbl[position]
forgedPayload = payload % (expressionUnescaped, idx, posValue)
forgedPayload = safeStringFormat(payload, (expressionUnescaped, idx, posValue))
result = Request.queryPage(forgedPayload)
if result: