sqlmapproject/sqlmap
1
1
Fork 0
mirror of https://github.com/sqlmapproject/sqlmap.git synced 2025-06-05 05:33:16 +03:00
Code Issues Packages Projects Releases Wiki Activity

fix for a bug reported by skysbsb@gmail.com (double ORDER BY)

Browse Source
This commit is contained in:
Miroslav Stampar 2011-02-09 12:43:09 +00:00
parent 5b57a69f3e
commit 600f729139
1 changed files with 15 additions and 6 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

15
lib/core/agent.py
View File

@ -671,13 +671,22 @@ class Agent:
if forgeNotIn: if forgeNotIn:
limitedQuery = limitedQuery.replace("SELECT ", (limitStr % 1), 1) limitedQuery = limitedQuery.replace("SELECT ", (limitStr % 1), 1)
if uniqueField and " ORDER BY " not in fromFrom:
if " WHERE " in limitedQuery: if " WHERE " in limitedQuery:
limitedQuery = "%s AND %s " % (limitedQuery, field if not uniqueField else uniqueField) limitedQuery = "%s AND %s " % (limitedQuery, uniqueField)
else: else:
limitedQuery = "%s WHERE %s " % (limitedQuery, field if not uniqueField else uniqueField) limitedQuery = "%s WHERE %s " % (limitedQuery, uniqueField)
limitedQuery += "NOT IN (%s" % (limitStr % num) limitedQuery += "NOT IN (%s" % (limitStr % num)
limitedQuery += "%s %s%s)" % (field if not uniqueField else uniqueField, fromFrom, (" ORDER BY %s" % uniqueField) if uniqueField else "") limitedQuery += "%s %s%s)" % (uniqueField, fromFrom, (" ORDER BY %s" % uniqueField))
else:
if " WHERE " in limitedQuery:
limitedQuery = "%s AND %s " % (limitedQuery, field)
else:
limitedQuery = "%s WHERE %s " % (limitedQuery, field)
limitedQuery += "NOT IN (%s" % (limitStr % num)
limitedQuery += "%s %s)" % (field, fromFrom)
if orderBy: if orderBy: