first successfull run of error based sqlmap in history :). tested --banner, --current-user, --current-db on 4 major DBMSes. still hidden from users (turn on flag error in getValue() in inject.py)

2025-12-07 13:11:29 +00:00 · 2010-10-19 12:02:04 +00:00
parent 0c286d8db2
commit 6a8b1046d4
4 changed files with 58 additions and 4 deletions
--- a/lib/parse/queriesfile.py
+++ b/lib/parse/queriesfile.py
@@ -95,6 +95,13 @@ class queriesHandler(ContentHandler):
            data = sanitizeStr(attrs.get("query"))
            self.__queries.case = data

+        elif name == "error":
+            data = sanitizeStr(attrs.get("query"))
+            self.__queries.error = data
+
+            data = sanitizeStr(attrs.get("regex"))
+            self.__queries.errorRegex = data
+
        elif name == "inference":
            data = sanitizeStr(attrs.get("query"))
            self.__queries.inference = data