From 6dec56d616a99f49f72ff6eeb5e576aafde963fc Mon Sep 17 00:00:00 2001
From: Bernardo Damele <bernardo.damele@gmail.com>
Date: Wed, 17 Dec 2008 21:35:04 +0000
Subject: [PATCH] Major bug fix

---
 lib/core/agent.py    | 9 ++++++---
 lib/parse/cmdline.py | 7 ++++---
 2 files changed, 10 insertions(+), 6 deletions(-)

diff --git a/lib/core/agent.py b/lib/core/agent.py
index 018b4d732..40b07b4e9 100644
--- a/lib/core/agent.py
+++ b/lib/core/agent.py
@@ -246,7 +246,7 @@ class Agent:
         @rtype: C{str}
         """
 
-        if "(SELECT " in query:
+        if query.startswith("SELECT ") and "(SELECT " in query:
             firstChar = "\\("
         else:
             firstChar = "\\A"
@@ -271,6 +271,9 @@ class Agent:
         fieldsToCastList = fieldsToCastStr.replace(", ", ",")
         fieldsToCastList = fieldsToCastList.split(",")
 
+        if query.startswith("SELECT ") and "(SELECT " in query:
+            fieldsSelectFrom = None
+
         return fieldsSelectFrom, fieldsSelect, fieldsNoSelect, fieldsToCastList, fieldsToCastStr
 
 
@@ -390,7 +393,7 @@ class Agent:
                 inbandQuery += ", "
 
             if element == exprPosition:
-                if " FROM " in query:
+                if " FROM " in query and not query.startswith("SELECT ") and not "(SELECT " in query:
                     conditionIndex = query.rindex(" FROM ")
                     inbandQuery += "%s" % query[:conditionIndex]
                 else:
@@ -398,7 +401,7 @@ class Agent:
             else:
                 inbandQuery += "NULL"
 
-        if " FROM " in query:
+        if " FROM " in query and not query.startswith("SELECT ") and not "(SELECT " in query:
             conditionIndex = query.rindex(" FROM ")
             inbandQuery += "%s" % query[conditionIndex:]
 
diff --git a/lib/parse/cmdline.py b/lib/parse/cmdline.py
index 822dc72a3..53268c1a0 100644
--- a/lib/parse/cmdline.py
+++ b/lib/parse/cmdline.py
@@ -43,6 +43,9 @@ def cmdLineParser():
     parser = OptionParser(usage=usage, version=VERSION_STRING)
 
     try:
+        parser.add_option("-v", dest="verbose", type="int",
+                          help="Verbosity level: 0-5 (default 1)")
+
         # Target options
         target = OptionGroup(parser, "Target", "At least one of these "
                              "options has to be specified to set the source "
@@ -161,6 +164,7 @@ def cmdLineParser():
         techniques.add_option("--time-test", dest="timeTest",
                               action="store_true",
                               help="Test for Time based blind SQL injection")
+
         techniques.add_option("--union-test", dest="unionTest",
                               action="store_true",
                               help="Test for UNION query (inband) SQL injection")
@@ -293,9 +297,6 @@ def cmdLineParser():
                                       "calculate the estimated time of arrival "
                                       "in real time")
 
-        miscellaneous.add_option("-v", dest="verbose", type="int",
-                                 help="Verbosity level: 0-5 (default 1)")
-
         miscellaneous.add_option("--update", dest="updateAll", action="store_true",
                                 help="Update sqlmap to the latest stable version")