Patch related to the #3282

2025-12-06 12:41:30 +00:00 · 2018-10-12 00:16:42 +02:00
parent e005ba3f77
commit 5efe3228f8
3 changed files with 6 additions and 3 deletions
--- a/lib/core/agent.py
+++ b/lib/core/agent.py
@@ -246,6 +246,9 @@ class Agent(object):
        else:
            query = kb.injection.prefix or prefix or ""

+            if "SELECT '[RANDSTR]'" in query:  # escaping of pre-WHERE prefixes
+                query = query.replace("'[RANDSTR]'", unescaper.escape(randomStr(), quote=False))
+
            if not (expression and expression[0] == ';') and not (query and query[-1] in ('(', ')') and expression and expression[0] in ('(', ')')) and not (query and query[-1] == '('):
                query += " "