Minor bug fix to properly deal --prefix and --suffix and parameter replace payloads

2025-12-06 20:51:31 +00:00 · 2011-01-24 12:25:45 +00:00
parent 8d0c2efbe2
commit e1db2700f0
3 changed files with 59 additions and 48 deletions
--- a/lib/core/option.py
+++ b/lib/core/option.py
@@ -785,6 +785,32 @@ def __setPrefixSuffix():
        errMsg += "the payload prefix"
        raise sqlmapSyntaxException, errMsg

+    if conf.prefix is not None and conf.suffix is not None:
+        # Create a custom boundary object for user's supplied prefix
+        # and suffix
+        boundary = advancedDict()
+
+        boundary.level = 1
+        boundary.clause = [ 0 ]
+        boundary.where = [ 1, 2, 3 ]
+        boundary.prefix = conf.prefix
+        boundary.suffix = conf.suffix
+
+        if " like" in boundary.suffix.lower():
+            if "'" in boundary.suffix.lower():
+                boundary.ptype = 3
+            elif '"' in boundary.suffix.lower():
+                boundary.ptype = 5
+        elif "'" in boundary.suffix:
+            boundary.ptype = 2
+        elif '"' in boundary.suffix:
+            boundary.ptype = 4
+        else:
+            boundary.ptype = 1
+
+        # Prepend user's provided boundaries to all others boundaries
+        conf.boundaries.insert(0, boundary)
+
 def __setHTTPAuthentication():
    """
    Check and set the HTTP(s) authentication method (Basic, Digest, NTLM or Certificate),
@@ -1415,7 +1441,6 @@ def init(inputOptions=advancedDict()):
        __setHTTPAuthentication()
        __setHTTPProxy()
        __setSafeUrl()
-        __setPrefixSuffix()
        __setGoogleDorking()
        __urllib2Opener()
        __findPageForms()
@@ -1428,5 +1453,6 @@ def init(inputOptions=advancedDict()):
    __setMetasploit()

    loadPayloads()
+    __setPrefixSuffix()
    update()
    __loadQueries()