This method tests if the target URL is affected by an union SQL injection vulnerability. The test is done up to 3*50 times
(comment, place, parameter, value, prefix, suffix)
| 369 | |
| 370 | @stackedmethod |
| 371 | def unionTest(comment, place, parameter, value, prefix, suffix): |
| 372 | """ |
| 373 | This method tests if the target URL is affected by an union |
| 374 | SQL injection vulnerability. The test is done up to 3*50 times |
| 375 | """ |
| 376 | |
| 377 | if conf.direct: |
| 378 | return |
| 379 | |
| 380 | negativeLogic = kb.negativeLogic |
| 381 | setTechnique(PAYLOAD.TECHNIQUE.UNION) |
| 382 | |
| 383 | try: |
| 384 | if negativeLogic: |
| 385 | pushValue(kb.negativeLogic) |
| 386 | pushValue(conf.string) |
| 387 | pushValue(conf.code) |
| 388 | |
| 389 | kb.negativeLogic = False |
| 390 | conf.string = conf.code = None |
| 391 | |
| 392 | validPayload, vector = _unionTestByCharBruteforce(comment, place, parameter, value, prefix, suffix) |
| 393 | finally: |
| 394 | if negativeLogic: |
| 395 | conf.code = popValue() |
| 396 | conf.string = popValue() |
| 397 | kb.negativeLogic = popValue() |
| 398 | |
| 399 | if validPayload: |
| 400 | validPayload = agent.removePayloadDelimiters(validPayload) |
| 401 | |
| 402 | return validPayload, vector |
no test coverage detected
searching dependent graphs…