Proper support for --union-cols

2025-12-06 12:41:30 +00:00 · 2011-01-17 22:57:33 +00:00
parent 35fb50a6ee
commit c2a358561f
3 changed files with 93 additions and 37 deletions
--- a/lib/controller/checks.py
+++ b/lib/controller/checks.py
@@ -55,8 +55,8 @@ from lib.core.threads import getCurrentThreadData
 from lib.core.unescaper import unescaper
 from lib.request.connect import Connect as Request
 from lib.request.templates import getPageTemplate
-from lib.techniques.inband.union.use import configUnion
 from lib.techniques.inband.union.test import unionTest
+from lib.techniques.inband.union.use import configUnion

 def unescape(string, dbms):
    if string is None:
@@ -100,6 +100,14 @@ def checkSqlInjection(place, parameter, value):
            stype = test.stype
            clause = test.clause

+            if stype == 3 and test.request.columns == "[COLSTART]-[COLSTOP]":
+                if conf.uCols is None:
+                    continue
+                else:
+                    configUnion()
+                    title = title.replace("[COLSTART]", str(conf.uColsStart))
+                    title = title.replace("[COLSTOP]", str(conf.uColsStop))
+
            # Skip test if the user's wants to test only for a specific
            # technique
            if conf.technique and isinstance(conf.technique, int) and stype != conf.technique:
@@ -383,13 +391,20 @@ def checkSqlInjection(place, parameter, value):
                            # current test settings for proper unescaping
                            kb.misc.forcedDbms = dbms

+                            if conf.uCols is not None and test.request.columns != "[COLSTART]-[COLSTOP]":
+                                debugMsg = "skipping test '%s' because custom " % title
+                                debugMsg += "UNION columns range was provided"
+                                logger.debug(debugMsg)
+                                continue
+
+                            configUnion(test.request.char, test.request.columns)
+
                            if not getIdentifiedDBMS():
                                warnMsg = "using unescaped version of the test "
                                warnMsg += "because of zero knowledge of the "
                                warnMsg += "back-end DBMS"
                                logger.warn(warnMsg)

-                            configUnion(test.request.char, test.request.columns)
                            reqPayload, vector = unionTest(comment, place, parameter, value, prefix, suffix)

                            if isinstance(reqPayload, basestring):