MCPcopy Index your code
hub / github.com/sqlmapproject/sqlmap / prefixQuery

Method prefixQuery

lib/core/agent.py:265–311  ·  view source on GitHub ↗

This method defines how the input expression has to be escaped to perform the injection depending on the injection type identified as valid

(self, expression, prefix=None, where=None, clause=None)

Source from the content-addressed store, hash-verified

263 return retVal
264
265 def prefixQuery(self, expression, prefix=None, where=None, clause=None):
266 """
267 This method defines how the input expression has to be escaped
268 to perform the injection depending on the injection type
269 identified as valid
270 """
271
272 if conf.direct:
273 return self.payloadDirect(expression)
274
275 if expression is None:
276 return None
277
278 expression = self.cleanupPayload(expression)
279 expression = unescaper.escape(expression)
280 query = None
281
282 if where is None and getTechnique() is not None and getTechnique() in kb.injection.data:
283 where = getTechniqueData().where
284
285 # If we are replacing (<where>) the parameter original value with
286 # our payload do not prepend with the prefix
287 if where == PAYLOAD.WHERE.REPLACE and not conf.prefix: # Note: https://github.com/sqlmapproject/sqlmap/issues/4030
288 query = ""
289
290 # If the technique is stacked queries (<stype>) do not put a space
291 # after the prefix or it is in GROUP BY / ORDER BY (<clause>)
292 elif getTechnique() == PAYLOAD.TECHNIQUE.STACKED:
293 query = kb.injection.prefix
294 elif kb.injection.clause == [2, 3] or kb.injection.clause == [2] or kb.injection.clause == [3]:
295 query = kb.injection.prefix
296 elif clause == [2, 3] or clause == [2] or clause == [3]:
297 query = prefix
298
299 # In any other case prepend with the full prefix
300 else:
301 query = kb.injection.prefix or prefix or ""
302
303 if "SELECT '[RANDSTR]'" in query: # escaping of pre-WHERE prefixes
304 query = query.replace("'[RANDSTR]'", unescaper.escape(randomStr(), quote=False))
305
306 if not (expression and expression[0] == ';') and not (query and query[-1] in ('(', ')') and expression and expression[0] in ('(', ')')) and not (query and query[-1] == '('):
307 query += " "
308
309 query = "%s%s" % ((query or "").replace('\\', BOUNDARY_BACKSLASH_MARKER), expression)
310
311 return query
312
313 def suffixQuery(self, expression, comment=None, suffix=None, where=None, trimEmpty=True):
314 """

Callers 15

forgeUnionQueryMethod · 0.95
checkSqlInjectionFunction · 0.80
genCmpPayloadFunction · 0.80
_goInferenceProxyFunction · 0.80
_goBooleanProxyFunction · 0.80
goStackedFunction · 0.80
_webFileInjectMethod · 0.80
_orderByTestFunction · 0.80
_fuzzUnionColsFunction · 0.80
dnsUseFunction · 0.80
bisectionFunction · 0.80
_oneShotErrorUseFunction · 0.80

Calls 7

payloadDirectMethod · 0.95
cleanupPayloadMethod · 0.95
getTechniqueFunction · 0.90
getTechniqueDataFunction · 0.90
randomStrFunction · 0.90
escapeMethod · 0.45
replaceMethod · 0.45

Tested by 2

_orderByTestFunction · 0.64
_fuzzUnionColsFunction · 0.64