sqlmapproject/sqlmap
1
1
Fork 0
mirror of https://github.com/sqlmapproject/sqlmap.git synced 2025-01-24 08:14:24 +03:00
Code Issues Packages Projects Releases Wiki Activity

Fixed annoying bug that prevented proper checkBooleanExpression() function to work with direct connection (-d). Now DBMS fingerprint should work properly with -d

Browse Source
This commit is contained in:
Bernardo Damele 2012-02-14 17:29:00 +00:00
parent 23cc8b6974
commit 1c44d6d3c7
1 changed files with 12 additions and 9 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

19
lib/request/inject.py
View File

@ -404,7 +404,18 @@ def getValue(expression, blind=True, inband=True, error=True, time=True, fromUse
getCurrentThreadData().disableStdOut = suppressOutput getCurrentThreadData().disableStdOut = suppressOutput
try: try:
if expected == EXPECTED.BOOL:
forgeCaseExpression = booleanExpression = expression
if expression.upper().startswith("SELECT "):
booleanExpression = expression[len("SELECT "):]
else:
forgeCaseExpression = agent.forgeCaseStatement(expression)
if conf.direct: if conf.direct:
if expected == EXPECTED.BOOL:
value = direct(forgeCaseExpression)
else:
value = direct(expression) value = direct(expression)
elif any(map(isTechniqueAvailable, getPublicTypeMembers(PAYLOAD.TECHNIQUE, onlyValues=True))): elif any(map(isTechniqueAvailable, getPublicTypeMembers(PAYLOAD.TECHNIQUE, onlyValues=True))):
@ -418,14 +429,6 @@ def getValue(expression, blind=True, inband=True, error=True, time=True, fromUse
count = 0 count = 0
if expected == EXPECTED.BOOL:
forgeCaseExpression = booleanExpression = expression
if expression.upper().startswith("SELECT "):
booleanExpression = expression[len("SELECT "):]
else:
forgeCaseExpression = agent.forgeCaseStatement(expression)
if inband and isTechniqueAvailable(PAYLOAD.TECHNIQUE.UNION): if inband and isTechniqueAvailable(PAYLOAD.TECHNIQUE.UNION):
kb.technique = PAYLOAD.TECHNIQUE.UNION kb.technique = PAYLOAD.TECHNIQUE.UNION