From d0081d1188054e6a3369d7cc8dd7da9bccd2ec20 Mon Sep 17 00:00:00 2001
From: malvads <malvarez@redborder.com>
Date: Sun, 19 May 2024 23:57:04 +0100
Subject: [PATCH 1/3] Add multi param

---
 sqlmc/lib/injector.py | 27 +++++++++++++++++++++++++++
 sqlmc/lib/scanner.py  |  2 ++
 2 files changed, 29 insertions(+)
 create mode 100644 sqlmc/lib/injector.py

diff --git a/sqlmc/lib/injector.py b/sqlmc/lib/injector.py
new file mode 100644
index 0000000..29fad73
--- /dev/null
+++ b/sqlmc/lib/injector.py
@@ -0,0 +1,27 @@
+class Injector:
+    @staticmethod
+    def inject(url):
+        query_start = url.find('?')
+        if query_start == -1:
+            return url
+
+        base_url = url[:query_start]
+        query_string = url[query_start+1:]
+        params = query_string.split('&')
+
+        modified_params = []
+        for param in params:
+            key_value = param.split('=')
+            if len(key_value) == 2:
+                key = key_value[0]
+                value = key_value[1]
+                # Add single quotes around the value
+                modified_value = f"{value}'"
+                modified_params.append(f"{key}={modified_value}")
+            else:
+                modified_params.append(param)
+
+        modified_query_string = '&'.join(modified_params)
+        modified_url = f"{base_url}?{modified_query_string}"
+
+        return modified_url
diff --git a/sqlmc/lib/scanner.py b/sqlmc/lib/scanner.py
index 6f38094..1fe1447 100644
--- a/sqlmc/lib/scanner.py
+++ b/sqlmc/lib/scanner.py
@@ -3,6 +3,7 @@
 import logging
 from datetime import datetime
 from sqlmc.lib.error import Checker
+from sqlmc.lib.injector import Injector
 from bs4 import BeautifulSoup
 
 logging.basicConfig(level=logging.INFO)
@@ -29,6 +30,7 @@ async def get_server(self):
                 return response.headers.get('Server', 'Unknown')
 
     async def test_for_sql_injection(self, url):
+        url = Injector.inject(url)
         async with aiohttp.ClientSession() as session:
             async with session.get(url + "'") as response:
                 return self.check(await response.text())

From 218279ac81f9d74ee11f56e418a65e0d3b6ec8fa Mon Sep 17 00:00:00 2001
From: malvads <malvarez@redborder.com>
Date: Mon, 20 May 2024 00:01:17 +0100
Subject: [PATCH 2/3] Ignore UnicodeDecodeError

---
 sqlmc/lib/scanner.py | 2 ++
 1 file changed, 2 insertions(+)

diff --git a/sqlmc/lib/scanner.py b/sqlmc/lib/scanner.py
index 1fe1447..5320056 100644
--- a/sqlmc/lib/scanner.py
+++ b/sqlmc/lib/scanner.py
@@ -62,6 +62,8 @@ async def scan(self, url, depth):
                 await asyncio.gather(*tasks)
         except aiohttp.ClientError:
             pass
+        except UnicodeDecodeError:
+            pass
 
     async def scan_single_link(self, href, depth):
         vulnerable, db = await self.test_for_sql_injection(href)

From 19d10454d2658d142b0c8425629452d356537f90 Mon Sep 17 00:00:00 2001
From: malvads <malvarez@redborder.com>
Date: Mon, 20 May 2024 00:03:01 +0100
Subject: [PATCH 3/3] Bump to v1.1.0

---
 sqlmc/VERSION | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/sqlmc/VERSION b/sqlmc/VERSION
index afaf360..9084fa2 100644
--- a/sqlmc/VERSION
+++ b/sqlmc/VERSION
@@ -1 +1 @@
-1.0.0
\ No newline at end of file
+1.1.0