PenTest/sqlmap
1
0
Fork 0
mirror of https://github.com/sqlmapproject/sqlmap.git synced 2025-12-06 12:41:30 +00:00
Code Issues Projects Releases Wiki Activity

Search for --string and --regexp matches also in HTTP response headers

Browse Source
This commit is contained in:
Bernardo Damele
2011-08-12 15:33:37 +00:00
parent 6d22d09a61
commit fff4c34e33
4 changed files with 25 additions and 24 deletions
Download Patch File Download Diff File Expand all files Collapse all files

4
lib/techniques/union/test.py
View File

@@ -108,8 +108,8 @@ def __findUnionCharCount(comment, place, parameter, value, prefix, suffix, where
for count in range(lowerCount, upperCount+1):
query = agent.forgeInbandQuery('', -1, count, comment, prefix, suffix, kb.uChar)
payload = agent.payload(place=place, parameter=parameter, newValue=query, where=where)
page, _ = Request.queryPage(payload, place=place, content=True, raise404=False)
ratio = comparison(page, True) or MIN_RATIO
page, headers = Request.queryPage(payload, place=place, content=True, raise404=False)
ratio = comparison(page, headers, True) or MIN_RATIO
ratios.append(ratio)
min_, max_ = min(min_, ratio), max(max_, ratio)
items.append((count, ratio))