From 04c187c66a1d28c50d7dd34d74e19a3159fd4502 Mon Sep 17 00:00:00 2001 From: Bernardo Damele Date: Mon, 22 Dec 2008 00:51:09 +0000 Subject: [PATCH] Working on a bug (fix for Partial UNION query SQL injection technique both Oracle and Microsoft SQL Server). --- lib/core/agent.py | 5 ++++- 1 file changed, 4 insertions(+), 1 deletion(-) diff --git a/lib/core/agent.py b/lib/core/agent.py index 6a9dcfaec..dc3e8a08a 100644 --- a/lib/core/agent.py +++ b/lib/core/agent.py @@ -456,7 +456,10 @@ class Agent: # TODO: fix for Partial UNION query SQL injection technique both # Oracle and Microsoft SQL Server elif kb.dbms == "Oracle": - limitedQuery = "%s FROM (%s, %s" % (untilFrom, untilFrom, limitStr) + if query.startswith("SELECT "): + limitedQuery = "%s FROM (%s, %s" % (untilFrom, untilFrom, limitStr) + else: + limitedQuery = "%s FROM (SELECT %s, %s" % (untilFrom, ", ".join(field for field in fieldsList), limitStr) limitedQuery = limitedQuery % fromFrom limitedQuery += "=%d" % (num + 1)