sqlmapproject/sqlmap
1
1
Fork 0
mirror of https://github.com/sqlmapproject/sqlmap.git synced 2025-11-04 01:47:37 +03:00
Code Issues Packages Projects Releases Wiki Activity

Minor bug fix with --sql-query/shell when providing a statement with DISTINCT

Browse Source
This commit is contained in:
Bernardo Damele 2010-01-05 16:15:31 +00:00
parent 954a927cee
commit 80df1fdcf9
5 changed files with 15 additions and 4 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

10
lib/core/agent.py
View File

@ -502,6 +502,12 @@ class Agent:
if " ORDER BY " in limitedQuery: if " ORDER BY " in limitedQuery:
limitedQuery = limitedQuery[:limitedQuery.index(" ORDER BY ")] limitedQuery = limitedQuery[:limitedQuery.index(" ORDER BY ")]
notDistincts = re.findall("DISTINCT[\(\s+](.+?)\)*\s+", limitedQuery, re.I)
for notDistinct in notDistincts:
limitedQuery = limitedQuery.replace("DISTINCT(%s)" % notDistinct, notDistinct)
limitedQuery = limitedQuery.replace("DISTINCT %s" % notDistinct, notDistinct)
if limitedQuery.startswith("SELECT TOP ") or limitedQuery.startswith("TOP "): if limitedQuery.startswith("SELECT TOP ") or limitedQuery.startswith("TOP "):
topNums = re.search(queries[kb.dbms].limitregexp, limitedQuery, re.I) topNums = re.search(queries[kb.dbms].limitregexp, limitedQuery, re.I)
@ -517,11 +523,13 @@ class Agent:
limitedQuery = limitedQuery.replace("TOP %s " % topNum, "") limitedQuery = limitedQuery.replace("TOP %s " % topNum, "")
if forgeNotIn: if forgeNotIn:
limitedQuery = limitedQuery.replace("SELECT ", (limitStr % 1), 1) limitedQuery = limitedQuery.replace("SELECT ", (limitStr % 1), 1)
if " WHERE " in limitedQuery: if " WHERE " in limitedQuery:
limitedQuery = "%s AND %s " % (limitedQuery, field) limitedQuery = "%s AND %s " % (limitedQuery, field)
else: else:
limitedQuery = "%s WHERE %s " % (limitedQuery, field) limitedQuery = "%s WHERE %s " % (limitedQuery, field)
limitedQuery += "NOT IN (%s" % (limitStr % num) limitedQuery += "NOT IN (%s" % (limitStr % num)
limitedQuery += "%s %s)" % (field, fromFrom) limitedQuery += "%s %s)" % (field, fromFrom)

2
lib/core/common.py
View File

@ -510,7 +510,7 @@ def parsePasswordHash(password):
password += "%suppercase: %s" % (blank, hexPassword[54:]) password += "%suppercase: %s" % (blank, hexPassword[54:])
return password return password
def cleanQuery(query): def cleanQuery(query):
upperQuery = query upperQuery = query

1
lib/core/settings.py
View File

@ -74,6 +74,7 @@ SQL_STATEMENTS = {
"select ", "select ",
"show ", "show ",
" top ", " top ",
" distinct ",
" from ", " from ",
" from dual", " from dual",
" where ", " where ",

2
lib/request/inject.py
View File

@ -350,6 +350,8 @@ def getValue(expression, blind=True, inband=True, fromUser=False, expected=None,
expression = expandAsteriskForColumns(expression) expression = expandAsteriskForColumns(expression)
value = None value = None
expression = expression.replace("DISTINCT ", "")
if inband and kb.unionPosition: if inband and kb.unionPosition:
if kb.dbms == "Oracle" and " ORDER BY " in expression: if kb.dbms == "Oracle" and " ORDER BY " in expression:
expression = expression[:expression.index(" ORDER BY ")] expression = expression[:expression.index(" ORDER BY ")]

4
plugins/generic/enumeration.py
View File

@ -1076,8 +1076,8 @@ class Enumeration:
dumper.dbTableValues(data) dumper.dbTableValues(data)
def sqlQuery(self, query): def sqlQuery(self, query):
output = None output = None
sqlType = None sqlType = None
for sqlTitle, sqlStatements in SQL_STATEMENTS.items(): for sqlTitle, sqlStatements in SQL_STATEMENTS.items():
for sqlStatement in sqlStatements: for sqlStatement in sqlStatements: