PenTest/sqlmap
1
0
Fork 0
mirror of https://github.com/sqlmapproject/sqlmap.git synced 2025-12-07 13:11:29 +00:00
Code Issues Projects Releases Wiki Activity

Bug fix (stacked queries as in PgSQL and MsSQL DNS tunneling queries MUST end with the comment - not the recognized underlying technique's suffix)

Browse Source
This commit is contained in:
Miroslav Stampar
2013-12-25 22:18:57 +01:00
parent 2c2667b2be
commit ab64d385d6
1 changed files with 1 additions and 1 deletions
Download Patch File Download Diff File Expand all files Collapse all files

2
lib/techniques/dns/use.py
View File

@@ -70,7 +70,7 @@ def dnsUse(payload, expression):
if Backend.getIdentifiedDbms() in (DBMS.MSSQL, DBMS.PGSQL): if Backend.getIdentifiedDbms() in (DBMS.MSSQL, DBMS.PGSQL):
query = agent.prefixQuery("; %s" % expressionUnescaped) query = agent.prefixQuery("; %s" % expressionUnescaped)
query = agent.suffixQuery(query) query = "%s%s" % (query, queries[Backend.getIdentifiedDbms()].comment.query)
forgedPayload = agent.payload(newValue=query) forgedPayload = agent.payload(newValue=query)
else: else:
forgedPayload = safeStringFormat(payload, (expressionUnescaped, randomInt(1), randomInt(3))) forgedPayload = safeStringFormat(payload, (expressionUnescaped, randomInt(1), randomInt(3)))