MCPcopy Index your code
hub / github.com/sqlmapproject/sqlmap / _orderByTest

Function _orderByTest

lib/techniques/union/test.py:63–68  ·  view source on GitHub ↗
(cols)

Source from the content-addressed store, hash-verified

61 @stackedmethod
62 def _orderByTechnique(lowerCount=None, upperCount=None):
63 def _orderByTest(cols):
64 query = agent.prefixQuery("ORDER BY %d" % cols, prefix=prefix)
65 query = agent.suffixQuery(query, suffix=suffix, comment=comment)
66 payload = agent.payload(newValue=query, place=place, parameter=parameter, where=where)
67 page, headers, code = Request.queryPage(payload, place=place, content=True, raise404=False)
68 return not any(re.search(_, page or "", re.I) and not re.search(_, kb.pageTemplate or "", re.I) for _ in ("(warning|error):", "order (by|clause)", "unknown column", "failed")) and not kb.heavilyDynamic and comparison(page, headers, code) or re.search(r"data types cannot be compared or sorted", page or "", re.I) is not None
69
70 if _orderByTest(1 if lowerCount is None else lowerCount) and not _orderByTest(randomInt() if upperCount is None else upperCount + 1):
71 infoMsg = "'ORDER BY' technique appears to be usable. "

Callers 1

_orderByTechniqueFunction · 0.85

Calls 6

comparisonFunction · 0.90
prefixQueryMethod · 0.80
suffixQueryMethod · 0.80
payloadMethod · 0.80
queryPageMethod · 0.80
searchMethod · 0.45

Tested by

no test coverage detected

Used in the wild real call sites across dependent graphs

searching dependent graphs…