PenTest/sqlmap
1
0
Fork 0
mirror of https://github.com/sqlmapproject/sqlmap.git synced 2025-12-06 12:41:30 +00:00
Code Issues Projects Releases Wiki Activity

Major bug fix to properly prepare UNION technique statement for --os-pwn and --is-dba

Browse Source
This commit is contained in:
Bernardo Damele
2011-02-21 16:00:56 +00:00
parent 90582ed7dc
commit 3e8c204121
5 changed files with 11 additions and 8 deletions
Download Patch File Download Diff File Expand all files Collapse all files

9
lib/core/agent.py
View File

@@ -328,7 +328,7 @@ class Agent:
if not Backend.getDbms():
return fields
if fields.startswith("(CASE"):
if fields.startswith("(CASE") or fields.startswith("SUBSTR"):
nulledCastedConcatFields = fields
else:
fields = fields.replace(", ", ",")
@@ -368,9 +368,12 @@ class Agent:
fieldsSelectFrom = re.search("\ASELECT%s\s+(.+?)\s+FROM\s+" % prefixRegex, query, re.I)
fieldsExists = re.search("EXISTS(.*)", query, re.I)
fieldsSelect = re.search("\ASELECT%s\s+(.*)" % prefixRegex, query, re.I)
fieldsSubstr = re.search("\ASUBSTR", query, re.I)
fieldsNoSelect = query
if fieldsExists:
if fieldsSubstr:
fieldsToCastStr = query
elif fieldsExists:
fieldsToCastStr = fieldsSelect.groups()[0]
elif fieldsSelectTop:
fieldsToCastStr = fieldsSelectTop.groups()[0]
@@ -386,7 +389,7 @@ class Agent:
fieldsToCastStr = fieldsNoSelect
# Function
if re.search("\A\w+\(.*\)", fieldsToCastStr, re.I) or fieldsSelectCase:
if re.search("\A\w+\(.*\)", fieldsToCastStr, re.I) or fieldsSelectCase or fieldsSubstr:
fieldsToCastList = [fieldsToCastStr]
else:
fieldsToCastList = fieldsToCastStr.replace(", ", ",")