sqlmapproject/sqlmap
1
1
Fork 0
mirror of https://github.com/sqlmapproject/sqlmap.git synced 2025-02-16 19:40:37 +03:00
Code Issues Packages Projects Releases Wiki Activity

added BULK to EXCLUDE_UNESCAPE and preventing crashes when output=[]

Browse Source
This commit is contained in:
Miroslav Stampar 2011-02-07 10:22:43 +00:00
parent 008d434325
commit 096efea282
2 changed files with 3 additions and 3 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
lib/core/settings.py
View File

@ -251,4 +251,4 @@ URI_INJECTION_MARK_CHAR = '*'
MYSQL_ERROR_TRIM_LENGTH = 100
# Do not unescape the injected statement if it contains any of the following SQL words
EXCLUDE_UNESCAPE = ("WAITFOR DELAY ", " INTO DUMPFILE ", " INTO OUTFILE ", "CREATE ")
EXCLUDE_UNESCAPE = ("WAITFOR DELAY ", " INTO DUMPFILE ", " INTO OUTFILE ", "CREATE ", "BULK ")

4
lib/takeover/xp_cmdshell.py
View File

@ -123,10 +123,10 @@ class xp_cmdshell:
output = inject.getValue("SELECT %s FROM %s" % (self.tblField, self.cmdTblName), resumeValue=False, sort=False, firstChar=first, lastChar=last)
inject.goStacked("DELETE FROM %s" % self.cmdTblName)
if isinstance(output, (list, tuple)):
if output and isinstance(output, (list, tuple)):
output = output[0]
if isinstance(output, (list, tuple)):
if output and isinstance(output, (list, tuple)):
output = output[0]
return output