Now, if the back-end dbms type has been identified by the detection engine, skips the fingerprint phase.

Major code refactoring and commenting to detection engine. Ask user whether or not to proceed to test remaining parameters after an injection point has been identified. Restore beep at SQL injection find. Avoid reuse of same variable in DBMS handler code. Minor adjustment of payloads XML file.
2025-12-06 12:41:30 +00:00 · 2010-11-30 22:40:25 +00:00
parent fcdebbd55f
commit c8f943f5e4
17 changed files with 210 additions and 118 deletions
--- a/lib/core/agent.py
+++ b/lib/core/agent.py
@@ -126,20 +126,6 @@ class Agent:

        return payload

-    def cleanupPayload(self, payload):
-        randInt = randomInt()
-        randInt1 = randomInt()
-        randStr = randomStr()
-
-        payload = payload.replace("[RANDNUM]", str(randInt))
-        payload = payload.replace("[RANDNUM1]", str(randInt1))
-        payload = payload.replace("[RANDSTR]", randStr)
-        payload = payload.replace("[ERROR_START_CHAR]", ERROR_START_CHAR)
-        payload = payload.replace("[ERROR_END_CHAR]", ERROR_END_CHAR)
-        payload = payload.replace("[SLEEPTIME]", str(conf.timeSec))
-
-        return payload
-
    def prefixQuery(self, string):
        """
        This method defines how the input string has to be escaped
@@ -173,6 +159,28 @@ class Agent:

        return string

+    def cleanupPayload(self, payload):
+        randInt = randomInt()
+        randInt1 = randomInt()
+        randStr = randomStr()
+
+        payload = payload.replace("[RANDNUM]", str(randInt))
+        payload = payload.replace("[RANDNUM1]", str(randInt1))
+        payload = payload.replace("[RANDSTR]", randStr)
+        payload = payload.replace("[ERROR_START_CHAR]", ERROR_START_CHAR)
+        payload = payload.replace("[ERROR_END_CHAR]", ERROR_END_CHAR)
+        payload = payload.replace("[SLEEPTIME]", str(conf.timeSec))
+
+        return payload
+
+    def getComment(self, reqObj):
+        if "comment" in reqObj:
+            comment = reqObj.comment
+        else:
+            comment = ""
+
+        return comment
+
    def nullAndCastField(self, field):
        """
        Take in input a field string and return its processed nulled and