PenTest/sqlmap
1
0
Fork 0
mirror of https://github.com/sqlmapproject/sqlmap.git synced 2025-12-06 12:41:30 +00:00
Code Issues Projects Releases Wiki Activity

update of error based injection and bug fix for --roles on MSSQL server

Browse Source
This commit is contained in:
Miroslav Stampar
2010-10-20 06:40:33 +00:00
parent f2dae98448
commit 82f44989ce
2 changed files with 15 additions and 5 deletions
Download Patch File Download Diff File Expand all files Collapse all files

18
lib/request/inject.py
View File

@@ -348,8 +348,17 @@ def __goError(expression, resumeValue=True):
if output and ( expected is None or ( expected == "int" and output.isdigit() ) ):
return output
expressionUnescaped = unescaper.unescape(expression)
if kb.misc.testedDbms != "MySQL":
if kb.dbmsDetected:
_, _, _, _, _, _, fieldToCastStr = agent.getFields(expression)
nulledCastedField = agent.nullAndCastField(fieldToCastStr)
expressionReplaced = expression.replace(fieldToCastStr, nulledCastedField, 1)
expressionUnescaped = unescaper.unescape(expressionReplaced)
else:
expressionUnescaped = unescaper.unescape(expression)
else: #temporary (have to find out what's wrong with that "Subquery with more than 1 row")
expressionUnescaped = unescaper.unescape(expression)
debugMsg = "query: %s" % expressionUnescaped
logger.debug(debugMsg)
@@ -366,8 +375,9 @@ def __goError(expression, resumeValue=True):
if kb.misc.testedDbms == 'MySQL':
output = output[:-1]
infoMsg = "retrieved: %s" % replaceNewlineTabs(output, stdout=True)
logger.info(infoMsg)
if conf.verbose > 0:
infoMsg = "retrieved: %s" % replaceNewlineTabs(output, stdout=True)
logger.info(infoMsg)
return output