Used in inference - in time-based SQLi if original and retrieved value are not equal there will be a deliberate delay
(idx, value)
| 235 | return None |
| 236 | |
| 237 | def validateChar(idx, value): |
| 238 | """ |
| 239 | Used in inference - in time-based SQLi if original and retrieved value are not equal there will be a deliberate delay |
| 240 | """ |
| 241 | |
| 242 | threadData = getCurrentThreadData() |
| 243 | |
| 244 | validationPayload = re.sub(r"(%s.*?)%s(.*?%s)" % (PAYLOAD_DELIMITER, INFERENCE_GREATER_CHAR, PAYLOAD_DELIMITER), r"\g<1>%s\g<2>" % INFERENCE_NOT_EQUALS_CHAR, payload) |
| 245 | |
| 246 | if "'%s'" % CHAR_INFERENCE_MARK not in payload: |
| 247 | forgedPayload = safeStringFormat(validationPayload, (expressionUnescaped, idx, value)) |
| 248 | else: |
| 249 | # e.g.: ... > '%c' -> ... > ORD(..) |
| 250 | markingValue = "'%s'" % CHAR_INFERENCE_MARK |
| 251 | unescapedCharValue = unescaper.escape("'%s'" % decodeIntToUnicode(value)) |
| 252 | forgedPayload = validationPayload.replace(markingValue, unescapedCharValue) |
| 253 | forgedPayload = safeStringFormat(forgedPayload, (expressionUnescaped, idx)) |
| 254 | |
| 255 | result = not Request.queryPage(forgedPayload, timeBasedCompare=timeBasedCompare, raise404=False) |
| 256 | |
| 257 | if result and timeBasedCompare and getTechniqueData().trueCode: |
| 258 | result = threadData.lastCode == getTechniqueData().trueCode |
| 259 | if not result: |
| 260 | warnMsg = "detected HTTP code '%s' in validation phase is differing from expected '%s'" % (threadData.lastCode, getTechniqueData().trueCode) |
| 261 | singleTimeWarnMessage(warnMsg) |
| 262 | |
| 263 | incrementCounter(getTechnique()) |
| 264 | |
| 265 | return result |
| 266 | |
| 267 | def getChar(idx, charTbl=None, continuousOrder=True, expand=charsetType is None, shiftTable=None, retried=None): |
| 268 | """ |
no test coverage detected
searching dependent graphs…