PenTest/sqlmap
1
0
Fork 0
mirror of https://github.com/sqlmapproject/sqlmap.git synced 2025-12-06 12:41:30 +00:00
Code Issues Projects Releases Wiki Activity

Properly deal with partial (single entry) UNION injections.

Browse Source 
Got rid of kb.union*, now it's all stored/used from kb.injection.
Minor bug fix with where=2 detection phase.
This commit is contained in:
Bernardo Damele
2011-01-12 12:01:32 +00:00
parent d7a7993e0d
commit af9725214a
6 changed files with 25 additions and 34 deletions
Download Patch File Download Diff File Expand all files Collapse all files

5
lib/request/inject.py
View File

@@ -425,9 +425,6 @@ def getValue(expression, blind=True, inband=True, error=True, time=True, fromUse
count += 1
found = (value is not None) or (value is None and expectingNone) or count >= MAX_TECHNIQUES_PER_VALUE
oldUnionNegative = kb.unionNegative
kb.unionNegative = False
if error and isTechniqueAvailable(PAYLOAD.TECHNIQUE.ERROR) and not found:
kb.technique = PAYLOAD.TECHNIQUE.ERROR
@@ -461,8 +458,6 @@ def getValue(expression, blind=True, inband=True, error=True, time=True, fromUse
else:
value = __goInferenceProxy(query, fromUser, expected, batch, resumeValue, unpack, charsetType, firstChar, lastChar)
kb.unionNegative = oldUnionNegative
if value and isinstance(value, basestring):
value = value.strip()
else: