PenTest/sqlmap
1
0
Fork 0
mirror of https://github.com/sqlmapproject/sqlmap.git synced 2025-12-06 12:41:30 +00:00
Code Issues Projects Releases Wiki Activity

removed queriesfile.py, implemented XMLObject approach (still shell.py and udf.py TODO)

Browse Source
This commit is contained in:
Miroslav Stampar
2010-10-21 13:13:12 +00:00
parent be443c6947
commit bc79eec702
16 changed files with 169 additions and 401 deletions
Download Patch File Download Diff File Expand all files Collapse all files

13
lib/techniques/error/use.py
View File

@@ -30,14 +30,15 @@ from lib.core.settings import ERROR_EMPTY_CHAR
from lib.core.settings import ERROR_START_CHAR
from lib.core.settings import ERROR_END_CHAR
def errorUse(expression, resumeValue=True):
def errorUse(expression):
"""
Retrieve the output of a SQL query taking advantage of an error SQL
injection vulnerability on the affected parameter.
"""
output = None
logic = conf.logic
randInt = randomInt(1)
query = agent.prefixQuery(" %s" % queries[kb.misc.testedDbms].error)
query = agent.prefixQuery(" %s" % queries[kb.misc.testedDbms].error.query)
query = agent.postfixQuery(query)
payload = agent.payload(newValue=query)
startLimiter = ""
@@ -45,14 +46,6 @@ def errorUse(expression, resumeValue=True):
expressionUnescaped = expression
if resumeValue:
output = resume(expression, payload)
else:
output = None
if output:
return output
if kb.dbmsDetected:
_, _, _, _, _, _, fieldToCastStr = agent.getFields(expression)
nulledCastedField = agent.nullAndCastField(fieldToCastStr)