MCPcopy Index your code
hub / github.com/sqlmapproject/sqlmap / _formatInjection

Function _formatInjection

lib/controller/controller.py:144–168  ·  view source on GitHub ↗
(inj)

Source from the content-addressed store, hash-verified

142 kb.injection = kb.injections[index]
143
144def _formatInjection(inj):
145 paramType = conf.method if conf.method not in (None, HTTPMETHOD.GET, HTTPMETHOD.POST) else inj.place
146 data = "Parameter: %s (%s)\n" % (inj.parameter, paramType)
147
148 for stype, sdata in inj.data.items():
149 title = sdata.title
150 vector = sdata.vector
151 comment = sdata.comment
152 payload = agent.adjustLateValues(sdata.payload)
153 if inj.place == PLACE.CUSTOM_HEADER:
154 payload = payload.split(',', 1)[1]
155 if stype == PAYLOAD.TECHNIQUE.UNION:
156 count = re.sub(r"(?i)(\(.+\))|(\blimit[^a-z]+)", "", sdata.payload).count(',') + 1
157 title = re.sub(r"\d+ to \d+", str(count), title)
158 vector = agent.forgeUnionQuery("[QUERY]", vector[0], vector[1], vector[2], None, None, vector[5], vector[6])
159 if count == 1:
160 title = title.replace("columns", "column")
161 elif comment:
162 vector = "%s%s" % (vector, comment)
163 data += " Type: %s\n" % PAYLOAD.SQLINJECTION[stype]
164 data += " Title: %s\n" % title
165 data += " Payload: %s\n" % urldecode(payload, unsafe="&", spaceplus=(inj.place != PLACE.GET and kb.postSpaceToPlus))
166 data += " Vector: %s\n\n" % vector if conf.verbose > 1 else "\n"
167
168 return data
169
170def _showInjections():
171 if conf.wizard and kb.wizardMode:

Callers 1

_showInjectionsFunction · 0.85

Calls 5

urldecodeFunction · 0.90
itemsMethod · 0.80
adjustLateValuesMethod · 0.80
forgeUnionQueryMethod · 0.80
replaceMethod · 0.45

Tested by

no test coverage detected

Used in the wild real call sites across dependent graphs

searching dependent graphs…