PenTest/sqlmap
1
0
Fork 0
mirror of https://github.com/sqlmapproject/sqlmap.git synced 2025-12-08 05:31:32 +00:00
Code Issues Projects Releases Wiki Activity

Bug fix (--where in case of boolean-based blind)

Browse Source
This commit is contained in:
Miroslav Stampar
2019-11-17 19:27:19 +01:00
parent c817a7065e
commit afb3cec133
2 changed files with 10 additions and 3 deletions
Download Patch File Download Diff File Expand all files Collapse all files

11
lib/core/agent.py
View File

@@ -1115,7 +1115,12 @@ class Agent(object):
def whereQuery(self, query):
if conf.dumpWhere and query:
prefix, suffix = query.split(" ORDER BY ") if " ORDER BY " in query else (query, "")
match = re.search(r" (LIMIT|ORDER).+", query, re.I)
if match:
suffix = match.group(0)
prefix = query[:-len(suffix)]
else:
prefix, suffix = query, ""
if conf.tbl and "%s)" % conf.tbl.upper() in prefix.upper():
prefix = re.sub(r"(?i)%s\)" % re.escape(conf.tbl), "%s WHERE %s)" % (conf.tbl, conf.dumpWhere), prefix)
@@ -1124,7 +1129,9 @@ class Agent(object):
else:
prefix += " WHERE %s" % conf.dumpWhere
query = "%s ORDER BY %s" % (prefix, suffix) if suffix else prefix
query = prefix
if suffix:
query += suffix
return query