mirror of
https://github.com/sqlmapproject/sqlmap.git
synced 2025-07-27 00:20:07 +03:00
Escaping UNION query to prevent bug described in issue #4505
This commit is contained in:
parent
ae6a812ee1
commit
2659b3f1c0
|
@ -253,7 +253,7 @@ def unionUse(expression, unpack=True, dump=False):
|
|||
query = expression.replace(expressionFields, "ARRAY_AGG('%s'||%s||'%s')::text" % (kb.chars.start, ("||'%s'||" % kb.chars.delimiter).join("COALESCE(%s::text,' ')" % field for field in expressionFieldsList), kb.chars.stop), 1)
|
||||
elif Backend.isDbms(DBMS.MSSQL):
|
||||
query = "'%s'+(%s FOR JSON AUTO, INCLUDE_NULL_VALUES)+'%s'" % (kb.chars.start, expression, kb.chars.stop)
|
||||
output = _oneShotUnionUse(query, False)
|
||||
output = _oneShotUnionUse(unescaper.escape(query), False)
|
||||
value = parseUnionPage(output)
|
||||
kb.jsonAggMode = False
|
||||
|
||||
|
|
Loading…
Reference in New Issue
Block a user