PenTest/sqlmap
1
0
Fork 0
mirror of https://github.com/sqlmapproject/sqlmap.git synced 2025-12-07 13:11:29 +00:00
Code Issues Projects Releases Wiki Activity

Store and resume also UNION char to session file (--union-char)

Browse Source
This commit is contained in:
Bernardo Damele
2010-12-01 10:59:58 +00:00
parent 025361c970
commit c00ea7f5e5
2 changed files with 23 additions and 9 deletions
Download Patch File Download Diff File Expand all files Collapse all files

14
lib/techniques/inband/union/test.py
View File

@@ -138,26 +138,24 @@ def unionTest():
infoMsg += "'%s' with %s technique" % (kb.injection.parameter, technique)
logger.info(infoMsg)
validPayload = None
comment = queries[kb.dbms].comment.query
validPayload = __unionTestByCharBruteforce(comment)
if validPayload:
validPayload = agent.removePayloadDelimiters(validPayload, False)
setUnion(char=conf.uChar)
setUnion(comment=comment)
setUnion(payload=validPayload)
if isinstance(kb.unionPosition, int):
infoMsg = "the target url is affected by an exploitable "
if kb.unionTest is not None:
infoMsg = "the target url is affected by an exploitable "
infoMsg += "inband sql injection vulnerability "
infoMsg += "on parameter '%s' with %d columns" % (kb.injection.parameter, kb.unionCount)
logger.info(infoMsg)
else:
infoMsg = "the target url is not affected by an exploitable "
infoMsg = "the target url is not affected by an exploitable "
infoMsg += "inband sql injection vulnerability "
infoMsg += "on parameter '%s'" % kb.injection.parameter
logger.info(infoMsg)
validPayload = agent.removePayloadDelimiters(validPayload, False)
setUnion(payload=validPayload)
return kb.unionTest