Merge branch 'master' of github.com:sqlmapproject/sqlmap

2025-12-09 22:21:30 +00:00 · 2013-01-19 18:28:52 +01:00
parent efe26ac3f8 6a62292a3f
commit 3f4c010370
14 changed files with 669 additions and 35 deletions
--- a/lib/core/agent.py
+++ b/lib/core/agent.py
@@ -535,7 +535,7 @@ class Agent(object):
            elif fieldsNoSelect:
                concatenatedQuery = "CONCAT('%s',%s,'%s')" % (kb.chars.start, concatenatedQuery, kb.chars.stop)

-        elif Backend.getIdentifiedDbms() in (DBMS.PGSQL, DBMS.ORACLE, DBMS.SQLITE, DBMS.DB2):
+        elif Backend.getIdentifiedDbms() in (DBMS.PGSQL, DBMS.ORACLE, DBMS.SQLITE, DBMS.DB2, DBMS.FIREBIRD):
            if fieldsExists:
                concatenatedQuery = concatenatedQuery.replace("SELECT ", "'%s'||" % kb.chars.start, 1)
                concatenatedQuery += "||'%s'" % kb.chars.stop
@@ -822,8 +822,7 @@ class Agent(object):
            limitedQuery += " %s" % limitStr

        elif Backend.getIdentifiedDbms() in (DBMS.ORACLE, DBMS.DB2):
-            if " ORDER BY " in limitedQuery and "(SELECT " in limitedQuery:
-                orderBy = limitedQuery[limitedQuery.index(" ORDER BY "):]
+            if " ORDER BY " in limitedQuery and "SELECT " in limitedQuery:
                limitedQuery = limitedQuery[:limitedQuery.index(" ORDER BY ")]

            if query.startswith("SELECT "):
@@ -831,6 +830,7 @@ class Agent(object):
                limitedQuery = "%s FROM (%s,%s" % (untilFrom, untilFrom.replace(delimiter, ','), limitStr)
            else:
                limitedQuery = "%s FROM (SELECT %s,%s" % (untilFrom, ','.join(f for f in field), limitStr)
+
            limitedQuery = limitedQuery % fromFrom
            limitedQuery += "=%d" % (num + 1)

--- a/lib/core/dump.py
+++ b/lib/core/dump.py
@@ -175,7 +175,8 @@ class Dump(object):
                for setting in settings:
                    self._write("    %s: %s" % (subHeader, setting))

-        self.singleString("")
+        if userSettings:
+            self.singleString("")

    def dbs(self, dbs):
        self.lister("available databases", dbs)
--- a/lib/core/testing.py
+++ b/lib/core/testing.py
@@ -167,6 +167,9 @@ def liveTest():

        result = runCase(switches, parse)

+        test_case_fd = codecs.open(os.path.join(paths.SQLMAP_OUTPUT_PATH, "test_case"), "wb", UNICODE_ENCODING)
+        test_case_fd.write("%s\n" % name)
+
        if result:
            logger.info("test passed")
            cleanCase()
@@ -183,6 +186,7 @@ def liveTest():
                errMsg += " - SQL injection not detected"

            logger.error(errMsg)
+            test_case_fd.write("%s\n" % errMsg)

            if failedParseOn:
                console_output_fd = codecs.open(os.path.join(paths.SQLMAP_OUTPUT_PATH, "console_output"), "wb", UNICODE_ENCODING)
@@ -199,6 +203,7 @@ def liveTest():
            if conf.stopFail is True:
                return retVal

+        test_case_fd.close()
        retVal &= bool(result)

    dataToStdout("\n")