PenTest/sqlmap
1
0
Fork 0
mirror of https://github.com/sqlmapproject/sqlmap.git synced 2025-12-07 05:01:30 +00:00
Code Issues Projects Releases Wiki Activity

using UNION SELECT for where=..NEGATIVE

Browse Source
This commit is contained in:
Miroslav Stampar
2012-02-22 09:41:58 +00:00
parent c9d570c83b
commit 386e98a0e3
4 changed files with 7 additions and 7 deletions
Download Patch File Download Diff File Expand all files Collapse all files

4
lib/core/agent.py
View File

@@ -528,7 +528,7 @@ class Agent:
return concatenatedQuery
def forgeInbandQuery(self, query, position, count, comment, prefix, suffix, char, multipleUnions=None, limited=False):
def forgeInbandQuery(self, query, position, count, comment, prefix, suffix, char, where, multipleUnions=None, limited=False):
"""
Take in input an query (pseudo query) string and return its
processed UNION ALL SELECT query.
@@ -562,7 +562,7 @@ class Agent:
if query.startswith("SELECT "):
query = query[len("SELECT "):]
inbandQuery = self.prefixQuery("UNION ALL SELECT ", prefix=prefix)
inbandQuery = self.prefixQuery("UNION ALL SELECT " if not (where == PAYLOAD.WHERE.NEGATIVE or multipleUnions) else "UNION SELECT ", prefix=prefix)
if limited:
inbandQuery += ",".join(char if _ != position else '(SELECT %s)' % query for _ in xrange(0, count))