PenTest/sqlmap
1
0
Fork 0
mirror of https://github.com/sqlmapproject/sqlmap.git synced 2025-12-09 14:11:29 +00:00
Code Issues Projects Releases Wiki Activity

adding WHERE enum for payloads

Browse Source
This commit is contained in:
Miroslav Stampar
2011-02-02 13:34:09 +00:00
parent d6c9515f78
commit 8134c2154a
6 changed files with 22 additions and 16 deletions
Download Patch File Download Diff File Expand all files Collapse all files

10
lib/techniques/inband/union/test.py
View File

@@ -37,7 +37,7 @@ from lib.parse.html import htmlParser
from lib.request.comparison import comparison
from lib.request.connect import Connect as Request
def __findUnionCharCount(comment, place, parameter, value, prefix, suffix, where=1):
def __findUnionCharCount(comment, place, parameter, value, prefix, suffix, where=PAYLOAD.WHERE.ORIGINAL):
"""
Finds number of columns affected by UNION based injection
"""
@@ -83,7 +83,7 @@ def __findUnionCharCount(comment, place, parameter, value, prefix, suffix, where
return retVal
def __unionPosition(comment, place, parameter, value, prefix, suffix, count, where=1):
def __unionPosition(comment, place, parameter, value, prefix, suffix, count, where=PAYLOAD.WHERE.ORIGINAL):
validPayload = None
vector = None
@@ -109,7 +109,7 @@ def __unionPosition(comment, place, parameter, value, prefix, suffix, count, whe
validPayload = payload
vector = (position, count, comment, prefix, suffix, conf.uChar, where)
if where == 1:
if where == PAYLOAD.WHERE.ORIGINAL:
# Prepare expression with delimiters
randQuery2 = randomStr()
phrase2 = "%s%s%s" % (kb.misc.start, randQuery2, kb.misc.stop)
@@ -118,14 +118,14 @@ def __unionPosition(comment, place, parameter, value, prefix, suffix, count, whe
# Confirm that it is a full inband SQL injection
query = agent.forgeInbandQuery(randQueryUnescaped, position, count, comment, prefix, suffix, conf.uChar, multipleUnions=randQueryUnescaped2)
payload = agent.payload(place=place, parameter=parameter, newValue=query, where=2)
payload = agent.payload(place=place, parameter=parameter, newValue=query, where=PAYLOAD.WHERE.NEGATIVE)
# Perform the request
page, headers = Request.queryPage(payload, place=place, content=True, raise404=False)
content = "%s%s" % (page or "", listToStrValue(headers.headers if headers else None) or "")
if content and ((phrase in content and phrase2 not in content) or (phrase not in content and phrase2 in content)):
vector = (position, count, comment, prefix, suffix, conf.uChar, 2)
vector = (position, count, comment, prefix, suffix, conf.uChar, PAYLOAD.WHERE.NEGATIVE)
break