PenTest/sqlmap
1
0
Fork 0
mirror of https://github.com/sqlmapproject/sqlmap.git synced 2025-12-06 12:41:30 +00:00
Code Issues Projects Releases Wiki Activity

added randInt to error injection vectors

Browse Source
This commit is contained in:
Miroslav Stampar
2010-10-20 08:56:58 +00:00
parent dabbcf9e23
commit b032fdbf74
2 changed files with 8 additions and 6 deletions
Download Patch File Download Diff File Expand all files Collapse all files

5
lib/request/inject.py
View File

@@ -19,6 +19,7 @@ from lib.core.common import expandAsteriskForColumns
from lib.core.common import parseUnionPage
from lib.core.common import popValue
from lib.core.common import pushValue
from lib.core.common import randomInt
from lib.core.common import readInput
from lib.core.common import replaceNewlineTabs
from lib.core.common import safeStringFormat
@@ -337,6 +338,8 @@ def __goError(expression, resumeValue=True):
Retrieve the output of a SQL query taking advantage of an error SQL
injection vulnerability on the affected parameter.
"""
logic = conf.logic
randInt = randomInt(1)
query = agent.prefixQuery(" %s" % queries[kb.misc.testedDbms].error)
query = agent.postfixQuery(query)
payload = agent.payload(newValue=query)
@@ -362,7 +365,7 @@ def __goError(expression, resumeValue=True):
debugMsg = "query: %s" % expressionUnescaped
logger.debug(debugMsg)
forgedPayload = safeStringFormat(payload, expressionUnescaped)
forgedPayload = safeStringFormat(payload, (logic, randInt, expressionUnescaped))
result = Request.queryPage(urlencode(forgedPayload), content=True)
match = re.search(queries[kb.misc.testedDbms].errorRegex, result[0], re.DOTALL | re.IGNORECASE)