PenTest/sqlmap
1
0
Fork 0
mirror of https://github.com/sqlmapproject/sqlmap.git synced 2025-12-06 12:41:30 +00:00
Code Issues Projects Releases Wiki Activity

some fixes :)

Browse Source
This commit is contained in:
Miroslav Stampar
2010-11-09 22:32:05 +00:00
parent 1cc99e2247
commit fef60d5cb7
4 changed files with 18 additions and 4 deletions
Download Patch File Download Diff File Expand all files Collapse all files

12
lib/controller/checks.py
View File

@@ -63,6 +63,8 @@ def checkSqlInjection(place, parameter, value, parenthesis):
postfix = conf.postfix
for case in kb.injections.root.case:
conf.matchRatio = None
positive = case.test.positive
negative = case.test.negative
@@ -73,12 +75,22 @@ def checkSqlInjection(place, parameter, value, parenthesis):
infoMsg += "on %s parameter '%s'" % (place, parameter)
logger.info(infoMsg)
payload = agent.payload(place, parameter, value, negative.format % eval(negative.params))
_ = Request.queryPage(payload, place)
payload = agent.payload(place, parameter, value, positive.format % eval(positive.params))
trueResult = Request.queryPage(payload, place)
if trueResult is True:
infoMsg = "confirming %s (%s) injection " % (case.desc, logic)
infoMsg += "on %s parameter '%s'" % (place, parameter)
logger.info(infoMsg)
payload = agent.payload(place, parameter, value, negative.format % eval(negative.params))
randInt = randomInt()
randStr = randomStr()
falseResult = Request.queryPage(payload, place)
if falseResult is False: