PenTest/sqlmap
1
0
Fork 0
mirror of https://github.com/sqlmapproject/sqlmap.git synced 2025-12-06 20:51:31 +00:00
Code Issues Projects Releases Wiki Activity

Major bug fix to make it work properly with MSSQL custom limited (SELECT

Browse Source 
TOP ...) queries with both inferential blind and Full UNION query
injection
This commit is contained in:
Bernardo Damele
2009-01-02 23:26:45 +00:00
parent 2cc3bb2f6a
commit 9c42a883be
5 changed files with 60 additions and 20 deletions
Download Patch File Download Diff File Expand all files Collapse all files

10
lib/techniques/blind/inference.py
View File

@@ -54,12 +54,12 @@ def bisection(payload, expression, length=None):
finalValue = ""
if kb.dbmsDetected:
_, _, _, _, fieldToCastStr = agent.getFields(expression)
nulledCastedField = agent.nullAndCastField(fieldToCastStr)
expressionReplaced = expression.replace(fieldToCastStr, nulledCastedField, 1)
expressionUnescaped = unescaper.unescape(expressionReplaced)
_, _, _, _, _, fieldToCastStr = agent.getFields(expression)
nulledCastedField = agent.nullAndCastField(fieldToCastStr)
expressionReplaced = expression.replace(fieldToCastStr, nulledCastedField, 1)
expressionUnescaped = unescaper.unescape(expressionReplaced)
else:
expressionUnescaped = unescaper.unescape(expression)
expressionUnescaped = unescaper.unescape(expression)
infoMsg = "query: %s" % expressionUnescaped
logger.info(infoMsg)