PenTest/sqlmap
1
0
Fork 0
mirror of https://github.com/sqlmapproject/sqlmap.git synced 2025-12-06 12:41:30 +00:00
Code Issues Projects Releases Wiki Activity

major fix for MySQL error based injections

Browse Source
This commit is contained in:
Miroslav Stampar
2010-10-19 15:17:16 +00:00
parent 1fce9683f8
commit d7622bb9cf
1 changed files with 5 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

5
lib/request/inject.py
View File

@@ -355,11 +355,16 @@ def __goError(expression, resumeValue=True):
result = Request.queryPage(urlencode(forgedPayload), content=True) result = Request.queryPage(urlencode(forgedPayload), content=True)
match = re.search(temp.errorRegex, result[0], re.DOTALL | re.IGNORECASE) match = re.search(temp.errorRegex, result[0], re.DOTALL | re.IGNORECASE)
#import pdb
#pdb.set_trace()
if match: if match:
output = match.group('result') output = match.group('result')
if output: if output:
output = output.replace("%c%c%c" % (58, 95, 58), " ").replace("%c%c%c" % (58, 120, 58), "") #':_:' -> EMPTY CHAR, ':x:' -> SPACE CHAR output = output.replace("%c%c%c" % (58, 95, 58), " ").replace("%c%c%c" % (58, 120, 58), "") #':_:' -> EMPTY CHAR, ':x:' -> SPACE CHAR
if kb.dbms == "MySQL":
output = output[:-1]
return output return output