PenTest/sqlmap
1
0
Fork 0
mirror of https://github.com/sqlmapproject/sqlmap.git synced 2025-12-27 01:49:04 +00:00
Code Issues Projects Releases Wiki Activity

Added new switch --union-char to be able to provide the character used in union-test and exploit (default is still NULL, but can be any)

Browse Source
This commit is contained in:
Bernardo Damele
2010-11-19 14:56:20 +00:00
parent c6545f5c9f
commit ad17e9ed2a
8 changed files with 33 additions and 12 deletions
Download Patch File Download Diff File Expand all files Collapse all files

5
lib/core/agent.py
View File

@@ -425,7 +425,7 @@ class Agent:
return concatenatedQuery
def forgeInbandQuery(self, query, exprPosition=None, nullChar="NULL", count=None, comment=None):
def forgeInbandQuery(self, query, exprPosition=None, nullChar=None, count=None, comment=None):
"""
Take in input an query (pseudo query) string and return its
processed UNION ALL SELECT query.
@@ -456,6 +456,9 @@ class Agent:
@rtype: C{str}
"""
if nullChar is None:
nullChar = conf.uChar
if count is None:
count = kb.unionCount

11
lib/core/option.py
View File

@@ -487,7 +487,14 @@ def __setWriteFile():
conf.wFileType = getFileType(conf.wFile)
def __setUnionTech():
def __setUnion():
if isinstance(conf.uChar, basestring) and conf.uChar != "NULL" and not conf.uChar.isdigit():
if not conf.uChar.startswith("'") or not conf.uChar.endswith("'"):
debugMsg = "setting the UNION query SQL injection character to '%s'" % conf.uChar
logger.debug(debugMsg)
conf.uChar = "'%s'" % conf.uChar
if conf.uTech is None:
conf.uTech = "NULL"
@@ -1341,7 +1348,7 @@ def init(inputOptions=advancedDict()):
__setHTTPAuthentication()
__setHTTPProxy()
__setSafeUrl()
__setUnionTech()
__setUnion()
__setGoogleDorking()
__urllib2Opener()
__findPageForms()

3
lib/core/optiondict.py
View File

@@ -79,7 +79,8 @@ optDict = {
"timeSec": "integer",
"unionTest": "boolean",
"uTech": "string",
"uCols": "integer"
"uCols": "integer",
"uChar": "string"
},
"Fingerprint": {