MCPcopy Index your code
hub / github.com/sqlmapproject/sqlmap / payload

Method payload

lib/core/agent.py:89–263  ·  view source on GitHub ↗

This method replaces the affected parameter with the SQL injection statement to request

(self, place=None, parameter=None, value=None, newValue=None, where=None)

Source from the content-addressed store, hash-verified

87 return query
88
89 def payload(self, place=None, parameter=None, value=None, newValue=None, where=None):
90 """
91 This method replaces the affected parameter with the SQL
92 injection statement to request
93 """
94
95 if conf.direct:
96 return self.payloadDirect(newValue)
97
98 retVal = ""
99
100 if kb.forceWhere:
101 where = kb.forceWhere
102 elif where is None and isTechniqueAvailable(getTechnique()):
103 where = getTechniqueData().where
104
105 if kb.injection.place is not None:
106 place = kb.injection.place
107
108 if kb.injection.parameter is not None:
109 parameter = kb.injection.parameter
110
111 paramString = conf.parameters[place]
112 paramDict = conf.paramDict[place]
113 origValue = getUnicode(paramDict[parameter])
114 newValue = getUnicode(newValue) if newValue else newValue
115 base64Encoding = re.sub(r" \(.+", "", parameter) in conf.base64Parameter
116
117 if place == PLACE.URI or BOUNDED_INJECTION_MARKER in origValue:
118 paramString = origValue
119 if place == PLACE.URI:
120 origValue = origValue.split(kb.customInjectionMark)[0]
121 else:
122 try:
123 origValue = filterNone(re.search(_, origValue.split(BOUNDED_INJECTION_MARKER)[0]) for _ in (r"\w+\Z", r"[^\"&#x27;><]+\Z", r"[^ ]+\Z"))[0].group(0)
124 except IndexError:
125 pass
126 origValue = origValue[origValue.rfind('/') + 1:]
127 for char in ('?', '=', ':', ',', '&'):
128 if char in origValue:
129 origValue = origValue[origValue.rfind(char) + 1:]
130 elif place == PLACE.CUSTOM_POST:
131 paramString = origValue
132 origValue = origValue.split(kb.customInjectionMark)[0]
133 if kb.postHint in (POST_HINT.SOAP, POST_HINT.XML):
134 origValue = re.split(r"['\">]", origValue)[-1]
135 elif kb.postHint in (POST_HINT.JSON, POST_HINT.JSON_LIKE):
136 match = re.search(r"['\"]", origValue)
137 quote = match.group(0) if match else '"'
138 origValue = extractRegexResult(r"%s\s*:\s*(?P<result>\d+)\Z" % quote, origValue) or extractRegexResult(r"(?P<result>[^%s]*)\Z" % quote, origValue)
139 else:
140 _ = extractRegexResult(r"(?s)(?P<result>[^\s<>{}();'\"&]+\Z)", origValue) or ""
141 origValue = _.split('=', 1)[1] if '=' in _ else _
142 elif place == PLACE.CUSTOM_HEADER:
143 paramString = origValue
144 origValue = origValue[origValue.find(',') + 1:]
145 origValue = origValue.split(kb.customInjectionMark)[0]
146 match = re.search(r"([^;]+)=(?P<value>[^;]*);?\Z", origValue)

Callers 15

checkSqlInjectionFunction · 0.80
genCmpPayloadFunction · 0.80
checkDynParamFunction · 0.80
_goInferenceProxyFunction · 0.80
_goBooleanProxyFunction · 0.80
goStackedFunction · 0.80
_webFileInjectMethod · 0.80
_orderByTestFunction · 0.80
_findUnionCharCountFunction · 0.80
_fuzzUnionColsFunction · 0.80
_unionPositionFunction · 0.80

Calls 15

payloadDirectMethod · 0.95
cleanupPayloadMethod · 0.95
adjustLateValuesMethod · 0.95
addPayloadDelimitersMethod · 0.95
isTechniqueAvailableFunction · 0.90
getTechniqueFunction · 0.90
getTechniqueDataFunction · 0.90
getUnicodeFunction · 0.90
filterNoneFunction · 0.90
extractRegexResultFunction · 0.90
randomIntFunction · 0.90
randomStrFunction · 0.90

Tested by 4

_orderByTestFunction · 0.64
_findUnionCharCountFunction · 0.64
_fuzzUnionColsFunction · 0.64
_unionPositionFunction · 0.64