PenTest/sqlmap
1
0
Fork 0
mirror of https://github.com/sqlmapproject/sqlmap.git synced 2025-12-06 04:31:30 +00:00
Code Issues Projects Releases Wiki Activity

urllib2 doesn't play well with '\n' when non unescaped chars used

Browse Source
This commit is contained in:
Miroslav Stampar
2010-12-11 21:17:54 +00:00
parent e6c66fa37c
commit 6a24048aa6
2 changed files with 6 additions and 1 deletions
Download Patch File Download Diff File Expand all files Collapse all files

2
lib/core/common.py
View File

@@ -1724,6 +1724,8 @@ def isDBMSVersionAtLeast(version):
value = float(value.replace("<=", "")) value = float(value.replace("<=", ""))
elif value.startswith(">"): elif value.startswith(">"):
value = float(value.replace("<", "")) - 0.01 value = float(value.replace("<", "")) - 0.01
else:
value = float(value)
retVal = value >= version retVal = value >= version
return retVal return retVal

5
lib/techniques/blind/inference.py
View File

@@ -155,6 +155,9 @@ def bisection(payload, expression, length=None, charsetType=None, firstChar=None
# Used for gradual expanding into unicode charspace # Used for gradual expanding into unicode charspace
shiftTable = [5, 4] shiftTable = [5, 4]
if CHAR_INFERENCE_MARK in payload and ord('\n') in charTbl:
charTbl.remove(ord('\n'))
if len(charTbl) == 1: if len(charTbl) == 1:
forgedPayload = safeStringFormat(payload.replace('%3E', '%3D'), (expressionUnescaped, idx, charTbl[0])) forgedPayload = safeStringFormat(payload.replace('%3E', '%3D'), (expressionUnescaped, idx, charTbl[0]))
queriesCount[0] += 1 queriesCount[0] += 1
@@ -216,7 +219,7 @@ def bisection(payload, expression, length=None, charsetType=None, firstChar=None
return None return None
else: else:
retVal = minValue + 1 retVal = minValue + 1
if retVal in originalTbl: if retVal in originalTbl or (retVal == ord('\n') and CHAR_INFERENCE_MARK in payload):
return chr(retVal) if retVal < 128 else unichr(retVal) return chr(retVal) if retVal < 128 else unichr(retVal)
else: else:
return None return None