PenTest/sqlmap
1
0
Fork 0
mirror of https://github.com/sqlmapproject/sqlmap.git synced 2025-12-06 20:51:31 +00:00
Code Issues Projects Releases Wiki Activity

Bug fix (OR boolean based blind caused trouble to UNION with negative logic)

Browse Source
This commit is contained in:
Miroslav Stampar
2018-12-17 23:25:23 +01:00
parent 9727f0d691
commit daafe9b74a
3 changed files with 20 additions and 4 deletions
Download Patch File Download Diff File Expand all files Collapse all files

18
lib/techniques/union/test.py
View File

@@ -318,8 +318,24 @@ def unionTest(comment, place, parameter, value, prefix, suffix):
if conf.direct:
return
negativeLogic = kb.negativeLogic
kb.technique = PAYLOAD.TECHNIQUE.UNION
validPayload, vector = _unionTestByCharBruteforce(comment, place, parameter, value, prefix, suffix)
try:
if negativeLogic:
pushValue(kb.negativeLogic)
pushValue(conf.string)
pushValue(conf.code)
kb.negativeLogic = False
conf.string = conf.code = None
validPayload, vector = _unionTestByCharBruteforce(comment, place, parameter, value, prefix, suffix)
finally:
if negativeLogic:
conf.code = popValue()
conf.string = popValue()
kb.negativeLogic = popValue()
if validPayload:
validPayload = agent.removePayloadDelimiters(validPayload)