PenTest/sqlmap
1
0
Fork 0
mirror of https://github.com/sqlmapproject/sqlmap.git synced 2025-12-06 04:31:30 +00:00
Code Issues Projects Releases Wiki Activity

Unescaping is renamed to escaping

Browse Source
This commit is contained in:
Miroslav Stampar
2013-01-18 15:40:37 +01:00
parent c717de9c9d
commit 601eb1e49a
37 changed files with 51 additions and 287 deletions
Download Patch File Download Diff File Expand all files Collapse all files

4
lib/takeover/udf.py
View File

@@ -84,7 +84,7 @@ class UDF:
if udfName is None:
udfName = "sys_exec"
cmd = unescaper.unescape(self.udfForgeCmd(cmd))
cmd = unescaper.escape(self.udfForgeCmd(cmd))
return inject.goStacked("SELECT %s(%s)" % (udfName, cmd), silent)
@@ -103,7 +103,7 @@ class UDF:
output = new_output
else:
cmd = unescaper.unescape(self.udfForgeCmd(cmd))
cmd = unescaper.escape(self.udfForgeCmd(cmd))
inject.goStacked("INSERT INTO %s(%s) VALUES (%s(%s))" % (self.cmdTblName, self.tblField, udfName, cmd))
output = unArrayizeValue(inject.getValue("SELECT %s FROM %s" % (self.tblField, self.cmdTblName), resumeValue=False, firstChar=first, lastChar=last, safeCharEncode=False))