PenTest/sqlmap
1
0
Fork 0
mirror of https://github.com/sqlmapproject/sqlmap.git synced 2025-12-06 20:51:31 +00:00
Code Issues Projects Releases Wiki Activity

OR based inference works for the first time in history and fingerprint of 4 major DBMSes is now injection based (instead of AND)

Browse Source
This commit is contained in:
Miroslav Stampar
2010-12-06 18:20:57 +00:00
parent e4b51dd549
commit d77ddbee47
8 changed files with 36 additions and 40 deletions
Download Patch File Download Diff File Expand all files Collapse all files

20
lib/core/agent.py
View File

@@ -209,13 +209,17 @@ class Agent:
payload = payload.replace("[ORIGVALUE]", origvalue)
if kb.dbms is not None:
inferenceQuery = queries[kb.dbms].inference.query
payload = payload.replace("[INFERENCE]", inferenceQuery)
elif "[INFERENCE]" in payload:
errMsg = "invalid usage of inference payload without knowledge "
errMsg += "of underlying DBMS"
raise sqlmapNoneDataException, errMsg
if "[INFERENCE]" in payload:
if kb.dbms is not None:
inferenceQuery = queries[kb.dbms].inference.query
payload = payload.replace("[INFERENCE]", inferenceQuery)
elif kb.misc.testedDbms is not None:
inferenceQuery = queries[kb.misc.testedDbms].inference.query
payload = payload.replace("[INFERENCE]", inferenceQuery)
else:
errMsg = "invalid usage of inference payload without knowledge "
errMsg += "of underlying DBMS"
raise sqlmapNoneDataException, errMsg
return payload
@@ -659,7 +663,7 @@ class Agent:
@rtype: C{str}
"""
return queries[kb.dbms].case.query % expression
return queries[kb.dbms if kb.dbms else kb.misc.testedDbms].case.query % expression
def addPayloadDelimiters(self, inpStr):
"""