PenTest/sqlmap
1
0
Fork 0
mirror of https://github.com/sqlmapproject/sqlmap.git synced 2025-12-06 04:31:30 +00:00
Code Issues Projects Releases Wiki Activity

Bug fixes for search (safeStringFormat should not replace all if given scalar values)

Browse Source
This commit is contained in:
Miroslav Stampar
2013-02-05 11:37:49 +01:00
parent 31230c5a42
commit e836629215
2 changed files with 3 additions and 3 deletions
Download Patch File Download Diff File Expand all files Collapse all files

4
lib/core/common.py
View File

@@ -1374,9 +1374,9 @@ def safeStringFormat(format_, params):
retVal = format_.replace("%d", "%s")
if isinstance(params, basestring):
retVal = retVal.replace("%s", params)
retVal = retVal.replace("%s", params, 1)
elif not isListLike(params):
retVal = retVal.replace("%s", str(params))
retVal = retVal.replace("%s", str(params), 1)
else:
count, index = 0, 0
while index != -1:

2
plugins/generic/search.py
View File

@@ -314,7 +314,7 @@ class Search:
query = agent.limitQuery(index, query)
foundTbl = unArrayizeValue(inject.getValue(query, union=False, error=False))
if not isNoneValue(foundTbls[db]):
if not isNoneValue(foundTbl):
kb.hintValue = foundTbl
foundTbl = safeSQLIdentificatorNaming(foundTbl, True)
foundTbls[db].append(foundTbl)