Thanks to visit codestin.com
Credit goes to github.com

Skip to content

Commit 0f565c9

Browse files
stamparmstamparm
committed
bug fix and proper warning message
1 parent e105e1e commit 0f565c9

1 file changed

Lines changed: 14 additions & 0 deletions

File tree

lib/controller/checks.py

Lines changed: 14 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -20,6 +20,7 @@
2020
from lib.core.common import getCompiledRegex
2121
from lib.core.common import getErrorParsedDBMSes
2222
from lib.core.common import getErrorParsedDBMSesFormatted
23+
from lib.core.common import getIdentifiedDBMS
2324
from lib.core.common import getInjectionTests
2425
from lib.core.common import getUnicode
2526
from lib.core.common import popValue
@@ -379,6 +380,17 @@ def checkSqlInjection(place, parameter, value):
379380
# NOTE: vector is set to a tuple with 6 elements,
380381
# used afterwards by Agent.forgeInbandQuery()
381382
# method to forge the UNION query payload
383+
384+
# Set current fingeprinted DBMS according to the
385+
# current test settings for proper unescaping
386+
kb.misc.fpDbms = dbms
387+
388+
if not getIdentifiedDBMS():
389+
warnMsg = "using unescaped version of the test "
390+
warnMsg += "because of zero knowledge of the "
391+
warnMsg += "back-end DBMS"
392+
logger.warn(warnMsg)
393+
382394
configUnion(test.request.char, test.request.columns)
383395
dbmsToUnescape = dbms if dbms is not None else injection.dbms
384396
reqPayload, vector = unionTest(comment, place, parameter, value, prefix, suffix, dbmsToUnescape)
@@ -393,6 +405,8 @@ def checkSqlInjection(place, parameter, value):
393405
# in unionTest()'s vector (1 or 2)
394406
where = vector[6]
395407

408+
kb.misc.fpDbms = None
409+
396410
# If the injection test was successful feed the injection
397411
# object with the test's details
398412
if injectable is True:

0 commit comments

Comments
 (0)