PenTest/sqlmap
1
0
Fork 0
mirror of https://github.com/sqlmapproject/sqlmap.git synced 2025-12-07 05:01:30 +00:00
Code Issues Projects Releases Wiki Activity

Got rid of unreliable 'ORDER BY' technique to detect UNION query SQL injection, consequently switch --union-tech has gone now.

Browse Source 
Minor code refactoring too.
This commit is contained in:
Bernardo Damele
2010-11-29 17:18:38 +00:00
parent e9291932e5
commit 8b9706656e
6 changed files with 25 additions and 79 deletions
Download Patch File Download Diff File Expand all files Collapse all files

18
lib/core/option.py
View File

@@ -499,24 +499,6 @@ def __setWriteFile():
conf.wFileType = getFileType(conf.wFile)
def __setUnion():
if isinstance(conf.uTech, basestring):
debugMsg = "setting the UNION query SQL injection detection technique"
logger.debug(debugMsg)
uTechOriginal = conf.uTech
conf.uTech = conf.uTech.lower()
if conf.uTech and conf.uTech not in ( "char", "orderby" ):
infoMsg = "resetting the UNION query detection technique to "
infoMsg += "'char', '%s' is not a valid technique" % uTechOriginal
logger.info(infoMsg)
conf.uTech = "char"
else:
debugMsg = "setting UNION query detection technique to "
debugMsg += "'%s'" % uTechOriginal
logger.debug(debugMsg)
if isinstance(conf.uCols, basestring) and conf.uChar != "1-20":
debugMsg = "setting the UNION query SQL injection range of columns"
logger.debug(debugMsg)