sqlmapproject/sqlmap
1
1
Fork 0
mirror of https://github.com/sqlmapproject/sqlmap.git synced 2025-02-09 08:00:36 +03:00
Code Issues Packages Projects Releases Wiki Activity

Minor bug fix for --privileges on PgSQL with error-based SQL inj technique

Browse Source
This commit is contained in:
Bernardo Damele 2011-03-11 15:24:25 +00:00
parent 5af7410cb1
commit 3cb0ca4b63
2 changed files with 1 additions and 2 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

1
lib/core/agent.py
View File

@ -690,7 +690,6 @@ class Agent:
limitedQuery += "NOT IN (%s" % (limitStr % num) limitedQuery += "NOT IN (%s" % (limitStr % num)
limitedQuery += "%s %s)" % (field, fromFrom) limitedQuery += "%s %s)" % (field, fromFrom)
if orderBy: if orderBy:
limitedQuery += orderBy limitedQuery += orderBy

2
lib/techniques/error/use.py
View File

@ -168,7 +168,7 @@ def errorUse(expression, expected=None, resumeValue=True, dump=False):
expression.upper() and ((Backend.getIdentifiedDbms() not in FROM_TABLE) \ expression.upper() and ((Backend.getIdentifiedDbms() not in FROM_TABLE) \
or (Backend.getIdentifiedDbms() in FROM_TABLE and not \ or (Backend.getIdentifiedDbms() in FROM_TABLE and not \
expression.upper().endswith(FROM_TABLE[Backend.getIdentifiedDbms()]))) \ expression.upper().endswith(FROM_TABLE[Backend.getIdentifiedDbms()]))) \
and "EXISTS(" not in expression.upper() and "(CASE" not in expression.upper()): and "EXISTS(" not in expression.upper() and ("(CASE" not in expression.upper() or ("(CASE" in expression.upper() and "WHEN use" in expression))):
limitRegExp = re.search(queries[Backend.getIdentifiedDbms()].limitregexp.query, expression, re.I) limitRegExp = re.search(queries[Backend.getIdentifiedDbms()].limitregexp.query, expression, re.I)
topLimit = re.search("TOP\s+([\d]+)\s+", expression, re.I) topLimit = re.search("TOP\s+([\d]+)\s+", expression, re.I)