Thanks to visit codestin.com
Credit goes to github.com

Skip to content

Commit aa21550

Browse files
committed
Minor patch for integer casting heuristics (circumvent auto-casting by DBMS itself)
1 parent 66061e8 commit aa21550

2 files changed

Lines changed: 3 additions & 2 deletions

File tree

lib/controller/checks.py

Lines changed: 2 additions & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -7,6 +7,7 @@
77

88
import copy
99
import httplib
10+
import random
1011
import re
1112
import socket
1213
import time
@@ -906,7 +907,7 @@ def _(page):
906907

907908
if not result:
908909
randStr = randomStr()
909-
payload = "%s%s%s" % (prefix, "%s%s" % (origValue, randStr), suffix)
910+
payload = "%s%s%s" % (prefix, "%s.%d%s" % (origValue, random.randint(1, 9), randStr), suffix)
910911
payload = agent.payload(place, parameter, newValue=payload, where=PAYLOAD.WHERE.REPLACE)
911912
casting = Request.queryPage(payload, place, raise404=False)
912913

lib/core/settings.py

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -20,7 +20,7 @@
2020
from lib.core.revision import getRevisionNumber
2121

2222
# sqlmap version (<major>.<minor>.<month>.<monthly commit>)
23-
VERSION = "1.0.4.18"
23+
VERSION = "1.0.4.19"
2424
REVISION = getRevisionNumber()
2525
STABLE = VERSION.count('.') <= 2
2626
VERSION_STRING = "sqlmap/%s#%s" % (VERSION, "stable" if STABLE else "dev")

0 commit comments

Comments
 (0)