sqlmapproject/sqlmap
1
1
Fork 0
mirror of https://github.com/sqlmapproject/sqlmap.git synced 2025-02-18 04:20:35 +03:00
Code Issues Packages Projects Releases Wiki Activity

Bug fix for --union-test

Browse Source
This commit is contained in:
Bernardo Damele 2010-12-03 14:57:30 +00:00
parent 072835e04b
commit 126a1479d8
2 changed files with 9 additions and 4 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

9
lib/core/agent.py
View File

@ -155,12 +155,13 @@ class Agent:
# payload, do not put a space after the prefix # payload, do not put a space after the prefix
if kb.technique == 4: if kb.technique == 4:
query = kb.injection.prefix query = kb.injection.prefix
elif (kb.technique and kb.technique in kb.injection.data) or \ elif kb.technique and kb.technique in kb.injection.data:
(kb.injection.clause == [2, 3] or kb.injection.clause == [ 2 ]):
where = kb.injection.data[kb.technique].where where = kb.injection.data[kb.technique].where
if where == 3 or (kb.injection.clause == [2, 3] or \ if where == 3:
kb.injection.clause == [ 2 ]): query = kb.injection.prefix
elif kb.injection.clause == [2, 3] or kb.injection.clause == [ 2 ]:
if kb.technique != 3:
query = kb.injection.prefix query = kb.injection.prefix
if query is None: if query is None:

4
lib/techniques/inband/union/test.py
View File

@ -129,6 +129,9 @@ def unionTest():
if kb.unionTest is not None: if kb.unionTest is not None:
return kb.unionTest return kb.unionTest
oldTechnique = kb.technique
kb.technique = 3
if conf.uChar == "NULL": if conf.uChar == "NULL":
technique = "NULL bruteforcing" technique = "NULL bruteforcing"
else: else:
@ -157,5 +160,6 @@ def unionTest():
infoMsg += "inband sql injection vulnerability " infoMsg += "inband sql injection vulnerability "
infoMsg += "on parameter '%s'" % kb.injection.parameter infoMsg += "on parameter '%s'" % kb.injection.parameter
logger.info(infoMsg) logger.info(infoMsg)
kb.technique = oldTechnique
return kb.unionTest return kb.unionTest