PenTest/sqlmap
1
0
Fork 0
mirror of https://github.com/sqlmapproject/sqlmap.git synced 2025-12-08 13:41:29 +00:00
Code Issues Projects Releases Wiki Activity

Another bug fix for --privileges on PgSQL with UNION query technique

Browse Source
This commit is contained in:
Bernardo Damele
2011-03-11 15:13:09 +00:00
parent 74ef1e53c7
commit 5af7410cb1
1 changed files with 3 additions and 3 deletions
Download Patch File Download Diff File Expand all files Collapse all files

6
lib/core/agent.py
View File

@@ -328,7 +328,7 @@ class Agent:
if not Backend.getDbms(): if not Backend.getDbms():
return fields return fields
if fields.startswith("(CASE") or fields.startswith("SUBSTR"): if (fields.startswith("(CASE") and "WHEN use" in fields) or fields.startswith("SUBSTR"):
nulledCastedConcatFields = fields nulledCastedConcatFields = fields
else: else:
fields = fields.replace(", ", ",") fields = fields.replace(", ", ",")
@@ -555,7 +555,7 @@ class Agent:
inbandQuery += ", " inbandQuery += ", "
if element == position: if element == position:
if " FROM " in query and "(CASE " not in query and "EXISTS(" not in query and not query.startswith("SELECT "): if " FROM " in query and ("(CASE " not in query or ("(CASE " in query and "WHEN use" in query)) and "EXISTS(" not in query and not query.startswith("SELECT "):
conditionIndex = query.index(" FROM ") conditionIndex = query.index(" FROM ")
inbandQuery += query[:conditionIndex] inbandQuery += query[:conditionIndex]
else: else:
@@ -563,7 +563,7 @@ class Agent:
else: else:
inbandQuery += char inbandQuery += char
if " FROM " in query and "(CASE" not in query and "EXISTS(" not in query and not query.startswith("SELECT "): if " FROM " in query and ("(CASE " not in query or ("(CASE " in query and "WHEN use" in query)) and "EXISTS(" not in query and not query.startswith("SELECT "):
conditionIndex = query.index(" FROM ") conditionIndex = query.index(" FROM ")
inbandQuery += query[conditionIndex:] inbandQuery += query[conditionIndex:]