sqlmapproject/sqlmap
1
1
Fork 0
mirror of https://github.com/sqlmapproject/sqlmap.git synced 2025-02-16 19:40:37 +03:00
Code Issues Packages Projects Releases Wiki Activity

Major bug fix

Browse Source
This commit is contained in:
Bernardo Damele 2008-12-17 21:35:04 +00:00
parent bb9079aa9d
commit 6dec56d616
2 changed files with 10 additions and 6 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

9
lib/core/agent.py
View File

@ -246,7 +246,7 @@ class Agent:
@rtype: C{str} @rtype: C{str}
""" """
if "(SELECT " in query: if query.startswith("SELECT ") and "(SELECT " in query:
firstChar = "\\(" firstChar = "\\("
else: else:
firstChar = "\\A" firstChar = "\\A"
@ -271,6 +271,9 @@ class Agent:
fieldsToCastList = fieldsToCastStr.replace(", ", ",") fieldsToCastList = fieldsToCastStr.replace(", ", ",")
fieldsToCastList = fieldsToCastList.split(",") fieldsToCastList = fieldsToCastList.split(",")
if query.startswith("SELECT ") and "(SELECT " in query:
fieldsSelectFrom = None
return fieldsSelectFrom, fieldsSelect, fieldsNoSelect, fieldsToCastList, fieldsToCastStr return fieldsSelectFrom, fieldsSelect, fieldsNoSelect, fieldsToCastList, fieldsToCastStr
@ -390,7 +393,7 @@ class Agent:
inbandQuery += ", " inbandQuery += ", "
if element == exprPosition: if element == exprPosition:
if " FROM " in query: if " FROM " in query and not query.startswith("SELECT ") and not "(SELECT " in query:
conditionIndex = query.rindex(" FROM ") conditionIndex = query.rindex(" FROM ")
inbandQuery += "%s" % query[:conditionIndex] inbandQuery += "%s" % query[:conditionIndex]
else: else:
@ -398,7 +401,7 @@ class Agent:
else: else:
inbandQuery += "NULL" inbandQuery += "NULL"
if " FROM " in query: if " FROM " in query and not query.startswith("SELECT ") and not "(SELECT " in query:
conditionIndex = query.rindex(" FROM ") conditionIndex = query.rindex(" FROM ")
inbandQuery += "%s" % query[conditionIndex:] inbandQuery += "%s" % query[conditionIndex:]

7
lib/parse/cmdline.py
View File

@ -43,6 +43,9 @@ def cmdLineParser():
parser = OptionParser(usage=usage, version=VERSION_STRING) parser = OptionParser(usage=usage, version=VERSION_STRING)
try: try:
parser.add_option("-v", dest="verbose", type="int",
help="Verbosity level: 0-5 (default 1)")
# Target options # Target options
target = OptionGroup(parser, "Target", "At least one of these " target = OptionGroup(parser, "Target", "At least one of these "
"options has to be specified to set the source " "options has to be specified to set the source "
@ -161,6 +164,7 @@ def cmdLineParser():
techniques.add_option("--time-test", dest="timeTest", techniques.add_option("--time-test", dest="timeTest",
action="store_true", action="store_true",
help="Test for Time based blind SQL injection") help="Test for Time based blind SQL injection")
techniques.add_option("--union-test", dest="unionTest", techniques.add_option("--union-test", dest="unionTest",
action="store_true", action="store_true",
help="Test for UNION query (inband) SQL injection") help="Test for UNION query (inband) SQL injection")
@ -293,9 +297,6 @@ def cmdLineParser():
"calculate the estimated time of arrival " "calculate the estimated time of arrival "
"in real time") "in real time")
miscellaneous.add_option("-v", dest="verbose", type="int",
help="Verbosity level: 0-5 (default 1)")
miscellaneous.add_option("--update", dest="updateAll", action="store_true", miscellaneous.add_option("--update", dest="updateAll", action="store_true",
help="Update sqlmap to the latest stable version") help="Update sqlmap to the latest stable version")