MCPcopy Index your code
hub / github.com/sqlmapproject/sqlmap / unionTest

Function unionTest

lib/techniques/union/test.py:371–402  ·  view source on GitHub ↗

This method tests if the target URL is affected by an union SQL injection vulnerability. The test is done up to 3*50 times

(comment, place, parameter, value, prefix, suffix)

Source from the content-addressed store, hash-verified

369
370@stackedmethod
371def unionTest(comment, place, parameter, value, prefix, suffix):
372 """
373 This method tests if the target URL is affected by an union
374 SQL injection vulnerability. The test is done up to 3*50 times
375 """
376
377 if conf.direct:
378 return
379
380 negativeLogic = kb.negativeLogic
381 setTechnique(PAYLOAD.TECHNIQUE.UNION)
382
383 try:
384 if negativeLogic:
385 pushValue(kb.negativeLogic)
386 pushValue(conf.string)
387 pushValue(conf.code)
388
389 kb.negativeLogic = False
390 conf.string = conf.code = None
391
392 validPayload, vector = _unionTestByCharBruteforce(comment, place, parameter, value, prefix, suffix)
393 finally:
394 if negativeLogic:
395 conf.code = popValue()
396 conf.string = popValue()
397 kb.negativeLogic = popValue()
398
399 if validPayload:
400 validPayload = agent.removePayloadDelimiters(validPayload)
401
402 return validPayload, vector

Callers 1

checkSqlInjectionFunction · 0.90

Calls 5

setTechniqueFunction · 0.90
pushValueFunction · 0.90
popValueFunction · 0.90

Tested by

no test coverage detected

Used in the wild real call sites across dependent graphs

searching dependent graphs…