PenTest/sqlmap
1
0
Fork 0
mirror of https://github.com/sqlmapproject/sqlmap.git synced 2025-12-06 12:41:30 +00:00
Code Issues Projects Releases Wiki Activity

More bug fixes to properly distinguish between full inband and single-entry inband sql injections

Browse Source
This commit is contained in:
Bernardo Damele
2010-12-22 15:47:52 +00:00
parent b3da473840
commit c1f2534e9a
2 changed files with 35 additions and 1 deletions
Download Patch File Download Diff File Expand all files Collapse all files

18
lib/core/agent.py
View File

@@ -483,7 +483,7 @@ class Agent:
return concatenatedQuery
def forgeInbandQuery(self, query, exprPosition=None, nullChar=None, count=None, comment=None):
def forgeInbandQuery(self, query, exprPosition=None, nullChar=None, count=None, comment=None, multipleUnions=None):
"""
Take in input an query (pseudo query) string and return its
processed UNION ALL SELECT query.
@@ -569,6 +569,22 @@ class Agent:
if intoRegExp:
inbandQuery += intoRegExp
if multipleUnions:
inbandQuery += " UNION ALL SELECT "
for element in range(count):
if element > 0:
inbandQuery += ", "
if element == exprPosition:
inbandQuery += multipleUnions
else:
inbandQuery += nullChar
if kb.dbms == DBMS.ORACLE:
inbandQuery += " FROM DUAL"
inbandQuery = self.suffixQuery(inbandQuery, comment)
return inbandQuery