This method defines how the input expression has to be escaped to perform the injection depending on the injection type identified as valid
(self, expression, prefix=None, where=None, clause=None)
| 263 | return retVal |
| 264 | |
| 265 | def prefixQuery(self, expression, prefix=None, where=None, clause=None): |
| 266 | """ |
| 267 | This method defines how the input expression has to be escaped |
| 268 | to perform the injection depending on the injection type |
| 269 | identified as valid |
| 270 | """ |
| 271 | |
| 272 | if conf.direct: |
| 273 | return self.payloadDirect(expression) |
| 274 | |
| 275 | if expression is None: |
| 276 | return None |
| 277 | |
| 278 | expression = self.cleanupPayload(expression) |
| 279 | expression = unescaper.escape(expression) |
| 280 | query = None |
| 281 | |
| 282 | if where is None and getTechnique() is not None and getTechnique() in kb.injection.data: |
| 283 | where = getTechniqueData().where |
| 284 | |
| 285 | # If we are replacing (<where>) the parameter original value with |
| 286 | # our payload do not prepend with the prefix |
| 287 | if where == PAYLOAD.WHERE.REPLACE and not conf.prefix: # Note: https://github.com/sqlmapproject/sqlmap/issues/4030 |
| 288 | query = "" |
| 289 | |
| 290 | # If the technique is stacked queries (<stype>) do not put a space |
| 291 | # after the prefix or it is in GROUP BY / ORDER BY (<clause>) |
| 292 | elif getTechnique() == PAYLOAD.TECHNIQUE.STACKED: |
| 293 | query = kb.injection.prefix |
| 294 | elif kb.injection.clause == [2, 3] or kb.injection.clause == [2] or kb.injection.clause == [3]: |
| 295 | query = kb.injection.prefix |
| 296 | elif clause == [2, 3] or clause == [2] or clause == [3]: |
| 297 | query = prefix |
| 298 | |
| 299 | # In any other case prepend with the full prefix |
| 300 | else: |
| 301 | query = kb.injection.prefix or prefix or "" |
| 302 | |
| 303 | if "SELECT '[RANDSTR]'" in query: # escaping of pre-WHERE prefixes |
| 304 | query = query.replace("'[RANDSTR]'", unescaper.escape(randomStr(), quote=False)) |
| 305 | |
| 306 | if not (expression and expression[0] == ';') and not (query and query[-1] in ('(', ')') and expression and expression[0] in ('(', ')')) and not (query and query[-1] == '('): |
| 307 | query += " " |
| 308 | |
| 309 | query = "%s%s" % ((query or "").replace('\\', BOUNDARY_BACKSLASH_MARKER), expression) |
| 310 | |
| 311 | return query |
| 312 | |
| 313 | def suffixQuery(self, expression, comment=None, suffix=None, where=None, trimEmpty=True): |
| 314 | """ |