Thanks to visit codestin.com
Credit goes to github.com

Skip to content

Commit a4d62af

Browse files
bdamelebdamele
committed
Minor layout adjustments to --union-tech
1 parent 9340bf5 commit a4d62af

4 files changed

Lines changed: 17 additions & 13 deletions

File tree

lib/core/option.py

Lines changed: 9 additions & 6 deletions
Original file line numberDiff line numberDiff line change
@@ -240,21 +240,24 @@ def __setGoogleDorking():
240240

241241

242242
def __setUnionTech():
243-
if not conf.uTech:
244-
conf.uTech = "bf"
243+
if conf.uTech == None:
244+
conf.uTech = "NULL"
245245

246246
return
247247

248-
if conf.uTech and conf.uTech not in ( "bf", "ob" ):
248+
uTechOriginal = conf.uTech
249+
conf.uTech = conf.uTech.lower()
250+
251+
if conf.uTech and conf.uTech not in ( "null", "orderby" ):
249252
infoMsg = "resetting the UNION query detection technique to "
250-
infoMsg += "'bf', '%s' is not a valid technique" % conf.uTech
253+
infoMsg += "'NULL', '%s' is not a valid technique" % uTechOriginal
251254
logger.info(infoMsg)
252255

253-
conf.uTech = "bf"
256+
conf.uTech = "NULL"
254257

255258
else:
256259
debugMsg = "setting UNION query detection technique to "
257-
debugMsg += "'%s'" % conf.uTech
260+
debugMsg += "'%s'" % uTechOriginal
258261
logger.debug(debugMsg)
259262

260263

lib/core/settings.py

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -30,7 +30,7 @@
3030

3131

3232
# sqlmap version and site
33-
VERSION = "0.6.4-rc2"
33+
VERSION = "0.6.4-rc3"
3434
VERSION_STRING = "sqlmap/%s" % VERSION
3535
SITE = "http://sqlmap.sourceforge.net"
3636

lib/techniques/inband/union/test.py

Lines changed: 4 additions & 3 deletions
Original file line numberDiff line numberDiff line change
@@ -97,6 +97,7 @@ def __unionTestByOrderBy(comment):
9797

9898
if seqMatcher >= 0.6:
9999
columns = count
100+
100101
elif columns:
101102
value = __forgeUserFriendlyValue(prevPayload)
102103

@@ -113,8 +114,8 @@ def unionTest():
113114
SQL injection vulnerability. The test is done up to 3*50 times
114115
"""
115116

116-
if conf.uTech == "ob":
117-
technique = "ORDER BY clause"
117+
if conf.uTech == "orderby":
118+
technique = "ORDER BY clause bruteforcing"
118119
else:
119120
technique = "NULL bruteforcing"
120121

@@ -126,7 +127,7 @@ def unionTest():
126127
columns = None
127128

128129
for comment in (queries[kb.dbms].comment, ""):
129-
if conf.uTech == "ob":
130+
if conf.uTech == "orderby":
130131
value, columns = __unionTestByOrderBy(comment)
131132
else:
132133
value, columns = __unionTestByNULLBruteforce(comment)

sqlmap.conf

Lines changed: 3 additions & 3 deletions
Original file line numberDiff line numberDiff line change
@@ -144,9 +144,9 @@ unionTest = False
144144
# Technique to test for UNION query SQL injection
145145
# The possible techniques are by NULL bruteforcing (bf) or by ORDER BY
146146
# clause (ob)
147-
# Valid: bf, ob
148-
# Default: bf
149-
uTech = bf
147+
# Valid: NULL, OrderBy
148+
# Default: NULL
149+
uTech = NULL
150150

151151
# Use the UNION query (inband) SQL injection to retrieve the queries
152152
# output. No need to go blind.

0 commit comments

Comments
 (0)