sqlmapproject/sqlmap
1
1
Fork 0
mirror of https://github.com/sqlmapproject/sqlmap.git synced 2025-02-03 13:14:13 +03:00
Code Issues Packages Projects Releases Wiki Activity

Proper fix for r3307 (file-write on MySQL via UNION query tech)

Browse Source
This commit is contained in:
Bernardo Damele 2011-02-13 22:48:01 +00:00
parent 417b311475
commit 2ea828e416
1 changed files with 7 additions and 4 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

11
lib/core/agent.py
View File

@ -434,11 +434,14 @@ class Agent:
@rtype: C{str} @rtype: C{str}
""" """
if not unpack: if unpack:
return query concatenatedQuery = ""
else: query = query.replace(", ", ",")
concatenatedQuery = query
fieldsSelectFrom, fieldsSelect, fieldsNoSelect, fieldsSelectTop, fieldsSelectCase, _, fieldsToCastStr, fieldsExists = self.getFields(query) fieldsSelectFrom, fieldsSelect, fieldsNoSelect, fieldsSelectTop, fieldsSelectCase, _, fieldsToCastStr, fieldsExists = self.getFields(query)
castedFields = self.nullCastConcatFields(fieldsToCastStr)
concatenatedQuery = query.replace(fieldsToCastStr, castedFields, 1)
else:
return query
if Backend.getIdentifiedDbms() == DBMS.MYSQL: if Backend.getIdentifiedDbms() == DBMS.MYSQL:
if fieldsExists: if fieldsExists: