From 9f69eec5fe5760963f086d3a329bc0807ced8088 Mon Sep 17 00:00:00 2001 From: lisun Date: Thu, 10 May 2018 17:21:58 +0800 Subject: [PATCH 1/3] Parse the plus sign by space Parse the plus sign by space --- src/libinjection_sqli.c | 9 +++++++-- 1 file changed, 7 insertions(+), 2 deletions(-) diff --git a/src/libinjection_sqli.c b/src/libinjection_sqli.c index cecbbea3..a7cd7b7e 100644 --- a/src/libinjection_sqli.c +++ b/src/libinjection_sqli.c @@ -358,7 +358,8 @@ static size_t parse_operator1(struct libinjection_sqli_state * sf) { const char *cs = sf->s; size_t pos = sf->pos; - + if (cs[pos] == '+') + return pos + 1; st_assign_char(sf->current, TYPE_OPERATOR, pos, 1, cs[pos]); return pos + 1; } @@ -1483,7 +1484,11 @@ int libinjection_sqli_fold(struct libinjection_sqli_state * sf) * "foo" "bar" is valid SQL * just ignore second string */ - if (sf->tokenvec[left].type == TYPE_STRING && sf->tokenvec[left+1].type == TYPE_STRING) { + if (sf->tokenvec[left].type == TYPE_NUMBER && sf->tokenvec[left+1].type == TYPE_STRING) { + pos -= 1; + sf->stats_folds += 1; + continue; + } else if (sf->tokenvec[left].type == TYPE_STRING && sf->tokenvec[left+1].type == TYPE_STRING) { pos -= 1; sf->stats_folds += 1; continue; From d8ee0a68468d9fefb0fc0768aa3d1fa4cb369982 Mon Sep 17 00:00:00 2001 From: lisun Date: Thu, 10 May 2018 18:16:23 +0800 Subject: [PATCH 2/3] Parse the plus sign by space Parse the plus sign by space --- src/libinjection_sqli.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/src/libinjection_sqli.c b/src/libinjection_sqli.c index a7cd7b7e..62e68037 100644 --- a/src/libinjection_sqli.c +++ b/src/libinjection_sqli.c @@ -1484,7 +1484,7 @@ int libinjection_sqli_fold(struct libinjection_sqli_state * sf) * "foo" "bar" is valid SQL * just ignore second string */ - if (sf->tokenvec[left].type == TYPE_NUMBER && sf->tokenvec[left+1].type == TYPE_STRING) { + if (sf->tokenvec[left].type == TYPE_NUMBER && sf->tokenvec[left+1].type == TYPE_NUMBER) { pos -= 1; sf->stats_folds += 1; continue; From b32125f0e7c5997a6f64acecdbc06af3870093e2 Mon Sep 17 00:00:00 2001 From: lisun Date: Thu, 10 May 2018 19:02:18 +0800 Subject: [PATCH 3/3] Restore the previous version Restore the previous version --- src/libinjection_sqli.c | 9 ++------- 1 file changed, 2 insertions(+), 7 deletions(-) diff --git a/src/libinjection_sqli.c b/src/libinjection_sqli.c index 62e68037..cecbbea3 100644 --- a/src/libinjection_sqli.c +++ b/src/libinjection_sqli.c @@ -358,8 +358,7 @@ static size_t parse_operator1(struct libinjection_sqli_state * sf) { const char *cs = sf->s; size_t pos = sf->pos; - if (cs[pos] == '+') - return pos + 1; + st_assign_char(sf->current, TYPE_OPERATOR, pos, 1, cs[pos]); return pos + 1; } @@ -1484,11 +1483,7 @@ int libinjection_sqli_fold(struct libinjection_sqli_state * sf) * "foo" "bar" is valid SQL * just ignore second string */ - if (sf->tokenvec[left].type == TYPE_NUMBER && sf->tokenvec[left+1].type == TYPE_NUMBER) { - pos -= 1; - sf->stats_folds += 1; - continue; - } else if (sf->tokenvec[left].type == TYPE_STRING && sf->tokenvec[left+1].type == TYPE_STRING) { + if (sf->tokenvec[left].type == TYPE_STRING && sf->tokenvec[left+1].type == TYPE_STRING) { pos -= 1; sf->stats_folds += 1; continue;