PenTest/sqlmap
1
0
Fork 0
mirror of https://github.com/sqlmapproject/sqlmap.git synced 2025-12-07 21:21:33 +00:00
Code Issues Projects Releases Wiki Activity

Got rid of unreliable 'ORDER BY' technique to detect UNION query SQL injection, consequently switch --union-tech has gone now.

Browse Source 
Minor code refactoring too.
This commit is contained in:
Bernardo Damele
2010-11-29 17:18:38 +00:00
parent e9291932e5
commit 8b9706656e
6 changed files with 25 additions and 79 deletions
Download Patch File Download Diff File Expand all files Collapse all files

46
lib/controller/controller.py
View File

@@ -45,29 +45,6 @@ from lib.core.session import setTimeBased
from lib.core.target import initTargetEnv
from lib.core.target import setupTargetEnv
def __saveToSessionFile():
for inj in kb.injections:
setInjection(inj)
place = inj.place
parameter = inj.parameter
for stype, sdata in inj.data.items():
payload = sdata[0]
if stype == 1:
kb.booleanTest = payload
setBooleanBased(place, parameter, payload)
elif stype == 2:
kb.errorTest = payload
setError(place, parameter, payload)
elif stype == 4:
kb.stackedTest = payload
setStacked(place, parameter, payload)
elif stype == 5:
kb.timeTest = payload
setTimeBased(place, parameter, payload)
def __selectInjection():
"""
Selection function for injection place, parameters and type.
@@ -144,6 +121,29 @@ def __showInjections():
dumper.technic(header, data)
def __saveToSessionFile():
for inj in kb.injections:
setInjection(inj)
place = inj.place
parameter = inj.parameter
for stype, sdata in inj.data.items():
payload = sdata[0]
if stype == 1:
kb.booleanTest = payload
setBooleanBased(place, parameter, payload)
elif stype == 2:
kb.errorTest = payload
setError(place, parameter, payload)
elif stype == 4:
kb.stackedTest = payload
setStacked(place, parameter, payload)
elif stype == 5:
kb.timeTest = payload
setTimeBased(place, parameter, payload)
def start():
"""
This function calls a function that performs checks on both URL