PenTest/sqlmap
1
0
Fork 0
mirror of https://github.com/sqlmapproject/sqlmap.git synced 2026-01-21 13:49:04 +00:00
Code Issues Projects Releases Wiki Activity

Couple of patches

Browse Source
This commit is contained in:
Miroslav Stampar
2026-01-17 22:29:20 +01:00
parent 264095aa97
commit 648752c508
5 changed files with 21 additions and 14 deletions
Download Patch File Download Diff File Expand all files Collapse all files

18
lib/techniques/blind/inference.py
View File

@@ -471,13 +471,16 @@ def bisection(payload, expression, length=None, charsetType=None, firstChar=None
bit = 0
while len(candidates) > 1:
bits = {}
maxCandidate = max(candidates)
maxBits = maxCandidate.bit_length() if maxCandidate > 0 else 1
for candidate in candidates:
bit = 0
while candidate:
for bit in xrange(maxBits):
bits.setdefault(bit, 0)
bits[bit] += 1 if candidate & 1 else -1
candidate >>= 1
bit += 1
if candidate & (1 << bit):
bits[bit] += 1
else:
bits[bit] -= 1
choice = sorted(bits.items(), key=lambda _: abs(_[1]))[0][0]
mask = 1 << choice
@@ -499,7 +502,10 @@ def bisection(payload, expression, length=None, charsetType=None, firstChar=None
incrementCounter(getTechnique())
if result:
return decodeIntToUnicode(candidates[0])
if candidates[0] == 0: # Trailing zeros
return None
else:
return decodeIntToUnicode(candidates[0])
# Go multi-threading (--threads > 1)
if numThreads > 1 and isinstance(length, int) and length > 1:

5
lib/techniques/union/use.py
View File

@@ -121,9 +121,10 @@ def _oneShotUnionUse(expression, unpack=True, limited=False):
fields = list(json_data[0].keys())
if fields:
retVal = ""
parts = []
for row in json_data:
retVal += "%s%s%s" % (kb.chars.start, kb.chars.delimiter.join(getUnicode(row.get(field) or NULL) for field in fields), kb.chars.stop)
parts.append("%s%s%s" % (kb.chars.start, kb.chars.delimiter.join(getUnicode(row.get(field) or NULL) for field in fields), kb.chars.stop))
retVal = "".join(parts)
except:
retVal = None
else: