PenTest/sqlmap
1
0
Fork 0
mirror of https://github.com/sqlmapproject/sqlmap.git synced 2025-12-06 12:41:30 +00:00
Code Issues Projects Releases Wiki Activity

improvement for limited queries (more stable to have TOP/LIMIT/OFFSET mechanisms as part of a subquery)

Browse Source
This commit is contained in:
Miroslav Stampar
2011-07-31 23:40:09 +00:00
parent 0627bb02cb
commit 018d7ed646
2 changed files with 12 additions and 13 deletions
Download Patch File Download Diff File Expand all files Collapse all files

6
lib/techniques/union/use.py
View File

@@ -47,7 +47,7 @@ from lib.utils.resume import resume
reqCount = 0
def __oneShotUnionUse(expression, unpack=True):
def __oneShotUnionUse(expression, unpack=True, limited=False):
global reqCount
check = "(?P<result>%s.*%s)" % (kb.misc.start, kb.misc.stop)
@@ -64,7 +64,7 @@ def __oneShotUnionUse(expression, unpack=True):
# Forge the inband SQL injection request
vector = kb.injection.data[PAYLOAD.TECHNIQUE.UNION].vector
query = agent.forgeInbandQuery(expression, vector[0], vector[1], vector[2], vector[3], vector[4], vector[5])
query = agent.forgeInbandQuery(expression, vector[0], vector[1], vector[2], vector[3], vector[4], vector[5], None, limited)
payload = agent.payload(newValue=query, where=where)
# Perform the request
@@ -299,7 +299,7 @@ def unionUse(expression, unpack=True, dump=False):
output = resume(limitedExpr, None)
if not output:
output = __oneShotUnionUse(limitedExpr, unpack)
output = __oneShotUnionUse(limitedExpr, unpack, True)
if not kb.threadContinue:
break