sqlmapproject/sqlmap
1
1
Fork 0
mirror of https://github.com/sqlmapproject/sqlmap.git synced 2025-03-03 19:55:47 +03:00
Code Issues Packages Projects Releases Wiki Activity

Fix for an Issue #500

Browse Source
This commit is contained in:
Miroslav Stampar 2013-08-13 20:40:36 +02:00
parent 38ee95e2c9
commit 1f2c8fbf59
1 changed files with 3 additions and 3 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

6
lib/core/common.py
View File

@ -1227,14 +1227,14 @@ def expandAsteriskForColumns(expression):
the SQL query string (expression) the SQL query string (expression)
""" """
asterisk = re.search("^SELECT\s+\*\s+FROM\s+([\w\.\_]+)\s*", expression, re.I) asterisk = re.search("^SELECT(\s+TOP\s+[\d]+)?\s+\*\s+FROM\s+([\w\.\_]+)\s*", expression, re.I)
if asterisk: if asterisk:
infoMsg = "you did not provide the fields in your query. " infoMsg = "you did not provide the fields in your query. "
infoMsg += "sqlmap will retrieve the column names itself" infoMsg += "sqlmap will retrieve the column names itself"
logger.info(infoMsg) logger.info(infoMsg)
_ = asterisk.group(1).replace("..", ".") _ = asterisk.group(2).replace("..", ".")
conf.db, conf.tbl = _.split(".", 1) if '.' in _ else (None, _) conf.db, conf.tbl = _.split(".", 1) if '.' in _ else (None, _)
conf.db = safeSQLIdentificatorNaming(conf.db) conf.db = safeSQLIdentificatorNaming(conf.db)
conf.tbl = safeSQLIdentificatorNaming(conf.tbl, True) conf.tbl = safeSQLIdentificatorNaming(conf.tbl, True)
@ -1247,7 +1247,7 @@ def expandAsteriskForColumns(expression):
columnsStr = ", ".join(column for column in columns) columnsStr = ", ".join(column for column in columns)
expression = expression.replace("*", columnsStr, 1) expression = expression.replace("*", columnsStr, 1)
infoMsg = "the query with column names is: " infoMsg = "the query with expanded column name(s) is: "
infoMsg += "%s" % expression infoMsg += "%s" % expression
logger.info(infoMsg) logger.info(infoMsg)