PenTest/sqlmap
1
0
Fork 0
mirror of https://github.com/sqlmapproject/sqlmap.git synced 2025-12-06 12:41:30 +00:00
Code Issues Projects Releases Wiki Activity

OR based inference works for the first time in history and fingerprint of 4 major DBMSes is now injection based (instead of AND)

Browse Source
This commit is contained in:
Miroslav Stampar
2010-12-06 18:20:57 +00:00
parent e4b51dd549
commit d77ddbee47
8 changed files with 36 additions and 40 deletions
Download Patch File Download Diff File Expand all files Collapse all files

5
lib/request/inject.py
View File

@@ -100,8 +100,10 @@ def __goInferenceProxy(expression, fromUser=False, expected=None, batch=False, r
if kb.injection.data[1].vector is not None:
vector = agent.cleanupPayload(kb.injection.data[1].vector)
kb.pageTemplate = kb.injection.data[1].pageTemplate
else:
vector = queries[kb.misc.testedDbms].inference.query
kb.pageTemplate = kb.originalPage
query = agent.prefixQuery(vector)
query = agent.suffixQuery(query)
@@ -441,3 +443,6 @@ def goStacked(expression, silent=False):
page, _ = Request.queryPage(payload, content=True, silent=silent)
return payload, page
def checkBooleanExpression(expression):
return getValue(agent.forgeCaseStatement(expression), expected="int", charsetType=1) == "1"