mirror of
https://github.com/sqlmapproject/sqlmap.git
synced 2025-03-03 11:45:46 +03:00
Minor bug fix with --sql-query/shell when providing a statement with DISTINCT
This commit is contained in:
parent
954a927cee
commit
80df1fdcf9
|
@ -502,6 +502,12 @@ class Agent:
|
|||
if " ORDER BY " in limitedQuery:
|
||||
limitedQuery = limitedQuery[:limitedQuery.index(" ORDER BY ")]
|
||||
|
||||
notDistincts = re.findall("DISTINCT[\(\s+](.+?)\)*\s+", limitedQuery, re.I)
|
||||
|
||||
for notDistinct in notDistincts:
|
||||
limitedQuery = limitedQuery.replace("DISTINCT(%s)" % notDistinct, notDistinct)
|
||||
limitedQuery = limitedQuery.replace("DISTINCT %s" % notDistinct, notDistinct)
|
||||
|
||||
if limitedQuery.startswith("SELECT TOP ") or limitedQuery.startswith("TOP "):
|
||||
topNums = re.search(queries[kb.dbms].limitregexp, limitedQuery, re.I)
|
||||
|
||||
|
@ -517,11 +523,13 @@ class Agent:
|
|||
limitedQuery = limitedQuery.replace("TOP %s " % topNum, "")
|
||||
|
||||
if forgeNotIn:
|
||||
limitedQuery = limitedQuery.replace("SELECT ", (limitStr % 1), 1)
|
||||
limitedQuery = limitedQuery.replace("SELECT ", (limitStr % 1), 1)
|
||||
|
||||
if " WHERE " in limitedQuery:
|
||||
limitedQuery = "%s AND %s " % (limitedQuery, field)
|
||||
else:
|
||||
limitedQuery = "%s WHERE %s " % (limitedQuery, field)
|
||||
|
||||
limitedQuery += "NOT IN (%s" % (limitStr % num)
|
||||
limitedQuery += "%s %s)" % (field, fromFrom)
|
||||
|
||||
|
|
|
@ -510,7 +510,7 @@ def parsePasswordHash(password):
|
|||
password += "%suppercase: %s" % (blank, hexPassword[54:])
|
||||
|
||||
return password
|
||||
|
||||
|
||||
def cleanQuery(query):
|
||||
upperQuery = query
|
||||
|
||||
|
|
|
@ -74,6 +74,7 @@ SQL_STATEMENTS = {
|
|||
"select ",
|
||||
"show ",
|
||||
" top ",
|
||||
" distinct ",
|
||||
" from ",
|
||||
" from dual",
|
||||
" where ",
|
||||
|
|
|
@ -350,6 +350,8 @@ def getValue(expression, blind=True, inband=True, fromUser=False, expected=None,
|
|||
expression = expandAsteriskForColumns(expression)
|
||||
value = None
|
||||
|
||||
expression = expression.replace("DISTINCT ", "")
|
||||
|
||||
if inband and kb.unionPosition:
|
||||
if kb.dbms == "Oracle" and " ORDER BY " in expression:
|
||||
expression = expression[:expression.index(" ORDER BY ")]
|
||||
|
|
|
@ -1076,8 +1076,8 @@ class Enumeration:
|
|||
dumper.dbTableValues(data)
|
||||
|
||||
def sqlQuery(self, query):
|
||||
output = None
|
||||
sqlType = None
|
||||
output = None
|
||||
sqlType = None
|
||||
|
||||
for sqlTitle, sqlStatements in SQL_STATEMENTS.items():
|
||||
for sqlStatement in sqlStatements:
|
||||
|
|
Loading…
Reference in New Issue
Block a user