PenTest/sqlmap
1
0
Fork 0
mirror of https://github.com/sqlmapproject/sqlmap.git synced 2025-12-06 12:41:30 +00:00
Code Issues Projects Releases Wiki Activity

nice refactoring

Browse Source
This commit is contained in:
Miroslav Stampar
2010-10-20 09:46:57 +00:00
parent 5d3cbec457
commit e24bff0497
3 changed files with 13 additions and 9 deletions
Download Patch File Download Diff File Expand all files Collapse all files

6
lib/techniques/error/use.py
View File

@@ -40,6 +40,8 @@ def errorUse(expression, resumeValue=True):
query = agent.prefixQuery(" %s" % queries[kb.misc.testedDbms].error)
query = agent.postfixQuery(query)
payload = agent.payload(newValue=query)
startLimiter = ""
endLimiter = ""
if resumeValue:
output = resume(expression, payload)
@@ -56,13 +58,15 @@ def errorUse(expression, resumeValue=True):
nulledCastedField = nulledCastedField.replace("CHAR(10000)", "CHAR(255)") #fix for that 'Subquery returns more than 1 row'
expressionReplaced = expression.replace(fieldToCastStr, nulledCastedField, 1)
expressionUnescaped = unescaper.unescape(expressionReplaced)
startLimiter = unescaper.unescape("'%s'" % ERROR_START_CHAR)
endLimiter = unescaper.unescape("'%s'" % ERROR_END_CHAR)
else:
expressionUnescaped = unescaper.unescape(expression)
debugMsg = "query: %s" % expressionUnescaped
logger.debug(debugMsg)
forgedPayload = safeStringFormat(payload, (logic, randInt, expressionUnescaped))
forgedPayload = safeStringFormat(payload, (logic, randInt, startLimiter, expressionUnescaped, endLimiter))
result = Request.queryPage(urlencode(forgedPayload), content=True)
match = re.search('%s(?P<result>.+?)%s' % (ERROR_START_CHAR, ERROR_END_CHAR), result[0], re.DOTALL | re.IGNORECASE)