sqlmapproject/sqlmap
1
1
Fork 0
mirror of https://github.com/sqlmapproject/sqlmap.git synced 2024-11-25 02:53:46 +03:00
Code Issues Packages Projects Releases Wiki Activity

sqlmap 0.6-rc5: major bug fix to make --sql-shell and --sql-query work properly also with mixed case statements (i.e oRDeR bY). Thanks Konrads Smelkovs to notifying.

Browse Source
This commit is contained in:
Bernardo Damele 2009-01-28 14:53:11 +00:00
parent a8d57bb031
commit 6054090191
3 changed files with 9 additions and 2 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

3
doc/THANKS
View File

@ -126,6 +126,9 @@ Sumit Siddharth <sid@notsosecure.com>
M Simkin <mlsimkin@cox.net>
for suggesting a feature
Konrads Smelkovs <konrads@smelkovs.com>
for reporting two bugs in --sql-shell and --sql-query
Jason Swan <jasoneswan@gmail.com>
for reporting a bug when enumerating columns on Microsoft SQL Server
for suggesting a couple of improvements

6
lib/core/common.py
View File

@ -498,7 +498,11 @@ def cleanQuery(query):
for sqlStatements in SQL_STATEMENTS.values():
for sqlStatement in sqlStatements:
upperQuery = upperQuery.replace(sqlStatement, sqlStatement.upper())
sqlStatementEsc = sqlStatement.replace("(", "\\(")
queryMatch = re.search("(%s)" % sqlStatementEsc, query, re.I)
if queryMatch:
upperQuery = upperQuery.replace(queryMatch.group(1), sqlStatement.upper())
return upperQuery

2
lib/core/settings.py
View File

@ -30,7 +30,7 @@ import sys
# sqlmap version and site
VERSION = "0.6.4-rc4"
VERSION = "0.6.4-rc5"
VERSION_STRING = "sqlmap/%s" % VERSION
SITE = "http://sqlmap.sourceforge.net"