@@ -741,18 +741,22 @@ def checkFilteredChars(injection):
741741 kb .injection = injection
742742 randInt = randomInt ()
743743
744- if not checkBooleanExpression ("(%d)=%d" % (randInt , randInt )):
745- warnMsg = "it appears that some non-alphanumeric characters (i.e. ()) are "
746- warnMsg += "filtered by the back-end server. There is a strong "
747- warnMsg += "possibility that sqlmap won't be able to properly "
748- warnMsg += "exploit this vulnerability"
749- logger .critical (warnMsg )
744+ # all other techniques are already using parentheses in tests
745+ if len (injection .data ) == 1 and PAYLOAD .TECHNIQUE .BOOLEAN in injection .data :
746+ if not checkBooleanExpression ("(%d)=%d" % (randInt , randInt )):
747+ warnMsg = "it appears that some non-alphanumeric characters (i.e. ()) are "
748+ warnMsg += "filtered by the back-end server. There is a strong "
749+ warnMsg += "possibility that sqlmap won't be able to properly "
750+ warnMsg += "exploit this vulnerability"
751+ logger .critical (warnMsg )
750752
751- if not checkBooleanExpression ("%d>%d" % (randInt + 1 , randInt )):
752- warnMsg = "it appears that the character '>' is "
753- warnMsg += "filtered by the back-end server. You are strongly "
754- warnMsg += "advised to rerun with the '--tamper=between'"
755- logger .warn (warnMsg )
753+ # inference techniques depend on character '>'
754+ if not any (_ in injection .data for _ in (PAYLOAD .TECHNIQUE .ERROR , PAYLOAD .TECHNIQUE .UNION , PAYLOAD .TECHNIQUE .QUERY )):
755+ if not checkBooleanExpression ("%d>%d" % (randInt + 1 , randInt )):
756+ warnMsg = "it appears that the character '>' is "
757+ warnMsg += "filtered by the back-end server. You are strongly "
758+ warnMsg += "advised to rerun with the '--tamper=between'"
759+ logger .warn (warnMsg )
756760
757761 kb .injection = popValue ()
758762
0 commit comments