diff --git a/lib/core/agent.py b/lib/core/agent.py index f9d6f3f7f..6e4e391d9 100644 --- a/lib/core/agent.py +++ b/lib/core/agent.py @@ -393,7 +393,7 @@ class Agent: elif kb.dbms in ( DBMS.PGSQL, DBMS.ORACLE, DBMS.SQLITE ): concatenatedQuery = "%s||%s" % (query1, query2) - elif kb.dbms == DBMS.MSSQL: + elif kb.dbms in (DBMS.MSSQL, DBMS.SYBASE): concatenatedQuery = "%s+%s" % (query1, query2) return concatenatedQuery @@ -464,7 +464,7 @@ class Agent: if kb.dbms == DBMS.ORACLE and " FROM " not in concatenatedQuery and ( fieldsSelect or fieldsNoSelect ): concatenatedQuery += " FROM DUAL" - elif kb.dbms == DBMS.MSSQL: + elif kb.dbms in (DBMS.MSSQL, DBMS.SYBASE): if fieldsSelectTop: topNum = re.search("\ASELECT\s+TOP\s+([\d]+)\s+", concatenatedQuery, re.I).group(1) concatenatedQuery = concatenatedQuery.replace("SELECT TOP %s " % topNum, "TOP %s '%s'+" % (topNum, kb.misc.start), 1) @@ -619,7 +619,7 @@ class Agent: limitedQuery = limitedQuery % fromFrom limitedQuery += "=%d" % (num + 1) - elif kb.dbms == DBMS.MSSQL: + elif kb.dbms in (DBMS.MSSQL, DBMS.SYBASE): forgeNotIn = True if " ORDER BY " in limitedQuery: diff --git a/lib/request/inject.py b/lib/request/inject.py index d65b21366..22ed0ec6a 100644 --- a/lib/request/inject.py +++ b/lib/request/inject.py @@ -178,7 +178,7 @@ def __goInferenceProxy(expression, fromUser=False, expected=None, batch=False, r limitRegExp = re.search(queries[kb.dbms].limitregexp.query, expression, re.I) topLimit = re.search("TOP\s+([\d]+)\s+", expression, re.I) - if limitRegExp or ( kb.dbms == DBMS.MSSQL and topLimit ): + if limitRegExp or ( kb.dbms in (DBMS.MSSQL, DBMS.SYBASE) and topLimit ): if kb.dbms in ( DBMS.MYSQL, DBMS.PGSQL ): limitGroupStart = queries[kb.dbms].limitgroupstart.query limitGroupStop = queries[kb.dbms].limitgroupstop.query @@ -189,7 +189,7 @@ def __goInferenceProxy(expression, fromUser=False, expected=None, batch=False, r stopLimit = limitRegExp.group(int(limitGroupStop)) limitCond = int(stopLimit) > 1 - elif kb.dbms == DBMS.MSSQL: + elif kb.dbms in (DBMS.MSSQL, DBMS.SYBASE): if limitRegExp: limitGroupStart = queries[kb.dbms].limitgroupstart.query limitGroupStop = queries[kb.dbms].limitgroupstop.query @@ -223,7 +223,7 @@ def __goInferenceProxy(expression, fromUser=False, expected=None, batch=False, r untilLimitChar = expression.index(queries[kb.dbms].limitstring.query) expression = expression[:untilLimitChar] - elif kb.dbms == DBMS.MSSQL: + elif kb.dbms in (DBMS.MSSQL, DBMS.SYBASE): stopLimit += startLimit if not stopLimit or stopLimit <= 1: diff --git a/lib/techniques/inband/union/use.py b/lib/techniques/inband/union/use.py index f61a3139c..d961fb2f2 100644 --- a/lib/techniques/inband/union/use.py +++ b/lib/techniques/inband/union/use.py @@ -79,7 +79,7 @@ def unionUse(expression, direct=False, unescape=True, resetCounter=False, nullCh stopLimit = limitRegExp.group(int(limitGroupStop)) limitCond = int(stopLimit) > 1 - elif kb.dbms == DBMS.MSSQL: + elif kb.dbms in (DBMS.MSSQL, DBMS.SYBASE): limitGroupStart = queries[kb.dbms].limitgroupstart.query limitGroupStop = queries[kb.dbms].limitgroupstop.query @@ -108,7 +108,7 @@ def unionUse(expression, direct=False, unescape=True, resetCounter=False, nullCh untilLimitChar = expression.index(queries[kb.dbms].limitstring.query) expression = expression[:untilLimitChar] - elif kb.dbms == DBMS.MSSQL: + elif kb.dbms in (DBMS.MSSQL, DBMS.SYBASE): stopLimit += startLimit elif dump: if conf.limitStart: @@ -171,7 +171,7 @@ def unionUse(expression, direct=False, unescape=True, resetCounter=False, nullCh return for num in xrange(startLimit, stopLimit): - if kb.dbms == DBMS.MSSQL: + if kb.dbms in (DBMS.MSSQL, DBMS.SYBASE): field = expressionFieldsList[0] elif kb.dbms == DBMS.ORACLE: field = expressionFieldsList