PenTest/sqlmap
1
0
Fork 0
mirror of https://github.com/sqlmapproject/sqlmap.git synced 2025-12-06 12:41:30 +00:00
Code Issues Projects Releases Wiki Activity

Important bug fix.

Browse Source 
Minor code restyling.
This commit is contained in:
Bernardo Damele
2011-01-13 09:41:55 +00:00
parent 1b3717c79c
commit be6e2d6a31
4 changed files with 14 additions and 14 deletions
Download Patch File Download Diff File Expand all files Collapse all files

14
lib/core/agent.py
View File

@@ -478,7 +478,7 @@ class Agent:
return concatenatedQuery
def forgeInbandQuery(self, query, exprPosition=None, count=None, comment=None, prefix=None, suffix=None, multipleUnions=None):
def forgeInbandQuery(self, query, position, count, comment, prefix, suffix, char, multipleUnions=None):
"""
Take in input an query (pseudo query) string and return its
processed UNION ALL SELECT query.
@@ -501,9 +501,9 @@ class Agent:
forged within an UNION ALL SELECT statement
@type query: C{str}
@param exprPosition: it is the NULL position where it is possible
@param position: it is the NULL position where it is possible
to inject the query
@type exprPosition: C{int}
@type position: C{int}
@return: UNION ALL SELECT query string forged
@rtype: C{str}
@@ -532,14 +532,14 @@ class Agent:
if element > 0:
inbandQuery += ", "
if element == exprPosition:
if element == position:
if " FROM " in query and not query.startswith("SELECT ") and "(CASE WHEN (" not in query:
conditionIndex = query.index(" FROM ")
inbandQuery += query[:conditionIndex]
else:
inbandQuery += query
else:
inbandQuery += conf.uChar
inbandQuery += char
if " FROM " in query and not query.startswith("SELECT ") and "(CASE WHEN (" not in query:
conditionIndex = query.index(" FROM ")
@@ -559,10 +559,10 @@ class Agent:
if element > 0:
inbandQuery += ", "
if element == exprPosition:
if element == position:
inbandQuery += multipleUnions
else:
inbandQuery += conf.uChar
inbandQuery += char
if kb.dbms == DBMS.ORACLE:
inbandQuery += " FROM DUAL"