PenTest/sqlmap
1
0
Fork 0
mirror of https://github.com/sqlmapproject/sqlmap.git synced 2025-12-28 02:19:05 +00:00
Code Issues Projects Releases Wiki Activity

several MySQL fixes/enhancements pointed out by Anton Mogilin

Browse Source
This commit is contained in:
Miroslav Stampar
2010-10-24 22:05:14 +00:00
parent 52f910f752
commit aa931efd4d
4 changed files with 10 additions and 10 deletions
Download Patch File Download Diff File Expand all files Collapse all files

8
lib/parse/cmdline.py
View File

@@ -212,6 +212,10 @@ def cmdLineParser():
help="Test for stacked queries (multiple "
"statements) support")
techniques.add_option("--error-test", dest="errorTest",
action="store_true", default=False,
help="Test for error based SQL injection support (beta)")
techniques.add_option("--time-test", dest="timeTest",
action="store_true", default=False,
help="Test for time based blind SQL injection")
@@ -492,10 +496,6 @@ def cmdLineParser():
parser.add_option("--profile", dest="profile", action="store_true",
default=False, help=SUPPRESS_HELP)
parser.add_option("--error-test", dest="errorTest",
action="store_true", default=False,
help=SUPPRESS_HELP)
parser.add_option("--cpu-throttle", dest="cpuThrottle", type="int", default=10,
help=SUPPRESS_HELP)

2
lib/techniques/error/use.py
View File

@@ -51,7 +51,7 @@ def errorUse(expression):
nulledCastedField = agent.nullAndCastField(fieldToCastStr)
if kb.dbms == "MySQL":
nulledCastedField = nulledCastedField.replace("CHAR(10000)", "CHAR(255)") #fix for that 'Subquery returns more than 1 row'
nulledCastedField = nulledCastedField.replace("AS CHAR)", "AS CHAR(255))") #fix for that 'Subquery returns more than 1 row'
expressionReplaced = expression.replace(fieldToCastStr, nulledCastedField, 1)
expressionUnescaped = unescaper.unescape(expressionReplaced)