PenTest/sqlmap
1
0
Fork 0
mirror of https://github.com/sqlmapproject/sqlmap.git synced 2025-12-29 19:09:02 +00:00
Code Issues Projects Releases Wiki Activity

introduced safe string formatting

Browse Source
This commit is contained in:
Miroslav Stampar
2010-01-15 16:06:59 +00:00
parent dcf0b2a3c1
commit 5f171340f5
5 changed files with 31 additions and 9 deletions
Download Patch File Download Diff File Expand all files Collapse all files

5
lib/techniques/inband/union/test.py
View File

@@ -24,6 +24,7 @@ Franklin St, Fifth Floor, Boston, MA 02110-1301 USA
from lib.core.agent import agent
from lib.core.common import randomStr
from lib.core.common import safeStringFormat
from lib.core.data import conf
from lib.core.data import kb
from lib.core.data import logger
@@ -121,7 +122,7 @@ def __forgeUserFriendlyValue(payload):
value = ""
if kb.injPlace == "GET":
value = "%s?%s" % (conf.url, payload)
value = safeStringFormat("%s?%s", (conf.url, payload))
elif kb.injPlace == "POST":
value = "URL:\t'%s'" % conf.url
value += "\nPOST:\t'%s'\n" % payload
@@ -202,7 +203,7 @@ def unionTest():
technique = "NULL bruteforcing"
infoMsg = "testing inband sql injection on parameter "
infoMsg += "'%s' with %s technique" % (kb.injParameter, technique)
infoMsg += safeStringFormat("'%s' with %s technique", (kb.injParameter, technique))
logger.info(infoMsg)
value = ""

1
lib/techniques/inband/union/use.py
View File

@@ -27,6 +27,7 @@ import time
from lib.core.agent import agent
from lib.core.common import parseUnionPage
from lib.core.common import safeStringFormat
from lib.core.data import conf
from lib.core.data import kb
from lib.core.data import logger