PenTest/sqlmap
1
0
Fork 0
mirror of https://github.com/sqlmapproject/sqlmap.git synced 2025-12-07 21:21:33 +00:00
Code Issues Projects Releases Wiki Activity

One more step to fully working UNION exploitation after merge into detection phase

Browse Source
This commit is contained in:
Bernardo Damele
2011-01-12 01:13:32 +00:00
parent b5c6f7556f
commit 8a67aea754
9 changed files with 38 additions and 85 deletions
Download Patch File Download Diff File Expand all files Collapse all files

7
lib/techniques/inband/union/use.py
View File

@@ -51,9 +51,6 @@ def unionUse(expression, direct=False, unescape=True, resetCounter=False, nullCh
if resetCounter:
reqCount = 0
if not kb.unionCount:
return
# Prepare expression with delimiters
if unescape:
expression = agent.concatQuery(expression, unpack)
@@ -211,8 +208,8 @@ def unionUse(expression, direct=False, unescape=True, resetCounter=False, nullCh
else:
# Forge the inband SQL injection request
query = unescaper.unescape(expression)
query = agent.cleanupPayload(kb.injection.data[PAYLOAD.TECHNIQUE.UNION].vector, query=query)
vector = kb.injection.data[PAYLOAD.TECHNIQUE.UNION].vector
query = agent.forgeInbandQuery(expression, exprPosition=vector[0], count=vector[1], comment=vector[2], prefix=vector[3], suffix=vector[4])
payload = agent.payload(newValue=query)
# Perform the request