sqlmapproject/sqlmap
1
1
Fork 0
mirror of https://github.com/sqlmapproject/sqlmap.git synced 2025-04-25 11:23:44 +03:00
Code Issues Packages Projects Releases Wiki Activity

Working on a bug (fix for Partial UNION query SQL injection technique

Browse Source 
both Oracle and Microsoft SQL Server).
This commit is contained in:
Bernardo Damele 2008-12-22 00:51:09 +00:00
parent 2f406b3e56
commit 04c187c66a
1 changed files with 4 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

5
lib/core/agent.py
View File

@ -456,7 +456,10 @@ class Agent:
# TODO: fix for Partial UNION query SQL injection technique both # TODO: fix for Partial UNION query SQL injection technique both
# Oracle and Microsoft SQL Server # Oracle and Microsoft SQL Server
elif kb.dbms == "Oracle": elif kb.dbms == "Oracle":
limitedQuery = "%s FROM (%s, %s" % (untilFrom, untilFrom, limitStr) if query.startswith("SELECT "):
limitedQuery = "%s FROM (%s, %s" % (untilFrom, untilFrom, limitStr)
else:
limitedQuery = "%s FROM (SELECT %s, %s" % (untilFrom, ", ".join(field for field in fieldsList), limitStr)
limitedQuery = limitedQuery % fromFrom limitedQuery = limitedQuery % fromFrom
limitedQuery += "=%d" % (num + 1) limitedQuery += "=%d" % (num + 1)