PenTest/sqlmap
1
0
Fork 0
mirror of https://github.com/sqlmapproject/sqlmap.git synced 2025-12-06 12:41:30 +00:00
Code Issues Projects Releases Wiki Activity

OR based inference works for the first time in history and fingerprint of 4 major DBMSes is now injection based (instead of AND)

Browse Source
This commit is contained in:
Miroslav Stampar
2010-12-06 18:20:57 +00:00
parent e4b51dd549
commit d77ddbee47
8 changed files with 36 additions and 40 deletions
Download Patch File Download Diff File Expand all files Collapse all files

6
plugins/dbms/oracle/fingerprint.py
View File

@@ -80,8 +80,7 @@ class Fingerprint(GenericFingerprint):
if conf.direct:
result = True
else:
payload = agent.fullPayload("AND ROWNUM=ROWNUM")
result = Request.queryPage(payload)
result = inject.checkBooleanExpression("ROWNUM=ROWNUM")
if result:
logMsg = "confirming Oracle"
@@ -92,8 +91,7 @@ class Fingerprint(GenericFingerprint):
if conf.direct:
result = True
else:
payload = agent.fullPayload("AND LENGTH(SYSDATE)=LENGTH(SYSDATE)")
result = Request.queryPage(payload)
result = inject.checkBooleanExpression("LENGTH(SYSDATE)=LENGTH(SYSDATE)")
if not result:
warnMsg = "the back-end DBMS is not Oracle"