PenTest/sqlmap
1
0
Fork 0
mirror of https://github.com/sqlmapproject/sqlmap.git synced 2025-12-06 12:41:30 +00:00
Code Issues Projects Releases Wiki Activity

Another bug fix for --privileges on PgSQL with UNION query technique

Browse Source
This commit is contained in:
Bernardo Damele
2011-03-11 15:13:09 +00:00
parent 74ef1e53c7
commit 5af7410cb1
1 changed files with 3 additions and 3 deletions
Download Patch File Download Diff File Expand all files Collapse all files

6
lib/core/agent.py
View File

@@ -328,7 +328,7 @@ class Agent:
if not Backend.getDbms():
return fields
if fields.startswith("(CASE") or fields.startswith("SUBSTR"):
if (fields.startswith("(CASE") and "WHEN use" in fields) or fields.startswith("SUBSTR"):
nulledCastedConcatFields = fields
else:
fields = fields.replace(", ", ",")
@@ -555,7 +555,7 @@ class Agent:
inbandQuery += ", "
if element == position:
if " FROM " in query and "(CASE " not in query and "EXISTS(" not in query and not query.startswith("SELECT "):
if " FROM " in query and ("(CASE " not in query or ("(CASE " in query and "WHEN use" in query)) and "EXISTS(" not in query and not query.startswith("SELECT "):
conditionIndex = query.index(" FROM ")
inbandQuery += query[:conditionIndex]
else:
@@ -563,7 +563,7 @@ class Agent:
else:
inbandQuery += char
if " FROM " in query and "(CASE" not in query and "EXISTS(" not in query and not query.startswith("SELECT "):
if " FROM " in query and ("(CASE " not in query or ("(CASE " in query and "WHEN use" in query)) and "EXISTS(" not in query and not query.startswith("SELECT "):
conditionIndex = query.index(" FROM ")
inbandQuery += query[conditionIndex:]