PenTest/sqlmap
1
0
Fork 0
mirror of https://github.com/sqlmapproject/sqlmap.git synced 2025-12-07 05:01:30 +00:00
Code Issues Projects Releases Wiki Activity

world premiere of "forced-error blind stacked" payloads (spent 3 hours on pgsql)

Browse Source
This commit is contained in:
Miroslav Stampar
2011-01-21 18:32:10 +00:00
parent 79e4b1efd5
commit 7c4c79477d
2 changed files with 67 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

6
lib/controller/checks.py
View File

@@ -50,6 +50,7 @@ from lib.core.exception import sqlmapUserQuitException
from lib.core.session import setDynamicMarkings
from lib.core.settings import CONSTANT_RATIO
from lib.core.settings import UNKNOWN_DBMS_VERSION
from lib.core.settings import LOWER_RATIO_BOUND
from lib.core.settings import UPPER_RATIO_BOUND
from lib.core.threads import getCurrentThreadData
from lib.core.unescaper import unescaper
@@ -315,6 +316,11 @@ def checkSqlInjection(place, parameter, value):
kb.matchRatio = None
_ = Request.queryPage(cmpPayload, place, raise404=False)
# If in the comparing stage there was an error
# then anything non-error will be considered as True
if kb.errorIsNone and kb.matchRatio is None:
kb.matchRatio = LOWER_RATIO_BOUND
# Perform the test's True request
trueResult = Request.queryPage(reqPayload, place, raise404=False)