PenTest/sqlmap
1
0
Fork 0
mirror of https://github.com/sqlmapproject/sqlmap.git synced 2025-12-06 20:51:31 +00:00
Code Issues Projects Releases Wiki Activity

One more step to fully working UNION exploitation after merge into detection phase

Browse Source
This commit is contained in:
Bernardo Damele
2011-01-12 01:13:32 +00:00
parent b5c6f7556f
commit 8a67aea754
9 changed files with 38 additions and 85 deletions
Download Patch File Download Diff File Expand all files Collapse all files

5
plugins/dbms/oracle/enumeration.py
View File

@@ -10,6 +10,7 @@ See the file 'doc/COPYING' for copying permission
from lib.core.agent import agent
from lib.core.common import getRange
from lib.core.common import isNumPosStrValue
from lib.core.common import isTechniqueAvailable
from lib.core.data import conf
from lib.core.data import kb
from lib.core.data import logger
@@ -39,7 +40,7 @@ class Enumeration(GenericEnumeration):
# Set containing the list of DBMS administrators
areAdmins = set()
if kb.unionPosition is not None or conf.direct:
if isTechniqueAvailable(PAYLOAD.TECHNIQUE.UNION) or conf.direct:
if query2:
query = rootQuery.inband.query2
condition = rootQuery.inband.condition2
@@ -199,7 +200,7 @@ class Enumeration(GenericEnumeration):
colQuery = colQuery % column
for db in dbs.keys():
if kb.unionPosition is not None or conf.direct:
if isTechniqueAvailable(PAYLOAD.TECHNIQUE.UNION) or conf.direct:
query = rootQuery.inband.query
query += colQuery
values = inject.getValue(query, blind=False, error=False)