PenTest/sqlmap
1
0
Fork 0
mirror of https://github.com/sqlmapproject/sqlmap.git synced 2026-01-10 00:29:02 +00:00
Code Issues Projects Releases Wiki Activity

Patch for MsSQL column name injection

Browse Source
This commit is contained in:
Miroslav Stampar
2018-09-06 13:59:07 +02:00
parent c37014b8e8
commit 2b56bdfaa6
4 changed files with 19 additions and 8 deletions
Download Patch File Download Diff File Expand all files Collapse all files

4
xml/boundaries.xml
View File

@@ -513,8 +513,8 @@ Formats:
<clause>8</clause>
<where>1</where>
<ptype>6</ptype>
<prefix>]=[[ORIGINAL]]</prefix>
<suffix> AND [[ORIGINAL]]=[[ORIGINAL]</suffix>
<prefix>]-(SELECT 0 WHERE [RANDNUM]=[RANDNUM]</prefix>
<suffix>)|[[ORIGINAL]</suffix>
</boundary>
<!-- End of escaped column name boundaries -->