PenTest/sqlmap
1
0
Fork 0
mirror of https://github.com/sqlmapproject/sqlmap.git synced 2025-12-07 05:01:30 +00:00
Code Issues Projects Releases Wiki Activity

Limited custom query now works also on Oracle in inferential blind SQL

Browse Source 
injection technique
This commit is contained in:
Bernardo Damele
2008-12-23 23:34:50 +00:00
parent 24ddbdc89d
commit c83593c044
1 changed files with 8 additions and 1 deletions
Download Patch File Download Diff File Expand all files Collapse all files

9
lib/request/inject.py
View File

@@ -77,11 +77,18 @@ def __goInferenceFields(expression, expressionFields, expressionFieldsList, payl
for field in expressionFieldsList: for field in expressionFieldsList:
output = None output = None
if field.startswith("ROWNUM "):
continue
if isinstance(num, int): if isinstance(num, int):
origExpr = expression origExpr = expression
expression = agent.limitQuery(num, expression, field) expression = agent.limitQuery(num, expression, field)
expressionReplaced = expression.replace(expressionFields, field, 1) if "ROWNUM" in expressionFieldsList:
expressionReplaced = expression.replace(expressionFields, field, 1)
else:
expressionReplaced = expression
output = resume(expressionReplaced, payload) output = resume(expressionReplaced, payload)
if not output or ( expected == "int" and not output.isdigit() ): if not output or ( expected == "int" and not output.isdigit() ):