Fixes #2481

2025-12-07 05:01:30 +00:00 · 2017-04-14 12:47:24 +02:00
parent 6b48f6ec26
commit a702dafd03
4 changed files with 7 additions and 7 deletions
--- a/lib/techniques/union/use.py
+++ b/lib/techniques/union/use.py
@@ -226,7 +226,7 @@ def unionUse(expression, unpack=True, dump=False):

    if expressionFieldsList and len(expressionFieldsList) > 1 and "ORDER BY" in expression.upper():
        # Removed ORDER BY clause because UNION does not play well with it
-        expression = re.sub("\s*ORDER BY\s+[\w,]+", "", expression, re.I)
+        expression = re.sub("(?i)\s*ORDER BY\s+[\w,]+", "", expression)
        debugMsg = "stripping ORDER BY clause from statement because "
        debugMsg += "it does not play well with UNION query SQL injection"
        singleTimeDebugMessage(debugMsg)