PenTest/sqlmap
1
0
Fork 0
mirror of https://github.com/sqlmapproject/sqlmap.git synced 2025-12-07 13:11:29 +00:00
Code Issues Projects Releases Wiki Activity

Major bug fix to make it work properly with MSSQL custom limited (SELECT

Browse Source 
TOP ...) queries with both inferential blind and Full UNION query
injection
This commit is contained in:
Bernardo Damele
2009-01-02 23:26:45 +00:00
parent 2cc3bb2f6a
commit 9c42a883be
5 changed files with 60 additions and 20 deletions
Download Patch File Download Diff File Expand all files Collapse all files

16
lib/techniques/inband/union/use.py
View File

@@ -159,7 +159,7 @@ def unionUse(expression, direct=False, unescape=True, resetCounter=False):
conf.paramNegative = True
if conf.paramNegative == True and direct == False:
_, _, _, expressionFieldsList, expressionFields = agent.getFields(origExpr)
_, _, _, _, expressionFieldsList, expressionFields = agent.getFields(origExpr)
if len(expressionFieldsList) > 1:
infoMsg = "the SQL query provided has more than a field. "
@@ -187,7 +187,17 @@ def unionUse(expression, direct=False, unescape=True, resetCounter=False):
stopLimit = limitRegExp.group(int(limitGroupStop))
limitCond = int(stopLimit) > 1
elif kb.dbms in ( "Oracle", "Microsoft SQL Server" ):
elif kb.dbms == "Microsoft SQL Server":
limitGroupStart = queries[kb.dbms].limitgroupstart
limitGroupStop = queries[kb.dbms].limitgroupstop
if limitGroupStart.isdigit():
startLimit = int(limitRegExp.group(int(limitGroupStart)))
stopLimit = limitRegExp.group(int(limitGroupStop))
limitCond = int(stopLimit) > 1
elif kb.dbms == "Oracle":
limitCond = False
else:
limitCond = True
@@ -287,7 +297,7 @@ def unionUse(expression, direct=False, unescape=True, resetCounter=False):
else:
# Forge the inband SQL injection request
query = agent.forgeInbandQuery(expression)
query = agent.forgeInbandQuery(expression)
payload = agent.payload(newValue=query)
infoMsg = "query: %s" % query