sqlmapproject/sqlmap
1
1
Fork 0
mirror of https://github.com/sqlmapproject/sqlmap.git synced 2024-11-29 13:03:50 +03:00
Code Issues Packages Projects Releases Wiki Activity

Minor update (better approach for those old NOT IN cases in MsSQL - instead of standard pivot dump table)

Browse Source
This commit is contained in:
Miroslav Stampar 2012-12-21 14:52:47 +01:00
parent 2fc187489b
commit 8b3e17ed4d
2 changed files with 4 additions and 3 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

4
lib/core/agent.py
View File

@ -833,10 +833,10 @@ class Agent(object):
if " WHERE " in limitedQuery: if " WHERE " in limitedQuery:
limitedQuery = "%s AND %s " % (limitedQuery, self.nullAndCastField(uniqueField or field)) limitedQuery = "%s AND %s " % (limitedQuery, self.nullAndCastField(uniqueField or field))
else: else:
limitedQuery = "%s WHERE ISNULL(%s,' ') " % (limitedQuery, uniqueField or field) limitedQuery = "%s WHERE %s " % (limitedQuery, self.nullAndCastField(uniqueField or field))
limitedQuery += "NOT IN (%s" % (limitStr % num) limitedQuery += "NOT IN (%s" % (limitStr % num)
limitedQuery += "%s %s ORDER BY %s) ORDER BY %s" % (self.nullAndCastField(uniqueField or field), fromFrom, uniqueField or "1", uniqueField or "1") limitedQuery += "%s %s ORDER BY %s) ORDER BY %s" % (self.nullAndCastField(uniqueField or field), fromFrom, uniqueField or field, uniqueField or field)
else: else:
if " WHERE " in limitedQuery: if " WHERE " in limitedQuery:
limitedQuery = "%s AND %s " % (limitedQuery, field) limitedQuery = "%s AND %s " % (limitedQuery, field)

3
lib/techniques/union/use.py
View File

@ -28,6 +28,7 @@ from lib.core.common import isNoneValue
from lib.core.common import isNumPosStrValue from lib.core.common import isNumPosStrValue
from lib.core.common import listToStrValue from lib.core.common import listToStrValue
from lib.core.common import parseUnionPage from lib.core.common import parseUnionPage
from lib.core.common import prioritySortColumns
from lib.core.common import removeReflectiveValues from lib.core.common import removeReflectiveValues
from lib.core.common import singleTimeDebugMessage from lib.core.common import singleTimeDebugMessage
from lib.core.common import singleTimeWarnMessage from lib.core.common import singleTimeWarnMessage
@ -244,7 +245,7 @@ def unionUse(expression, unpack=True, dump=False):
break break
if Backend.getIdentifiedDbms() in (DBMS.MSSQL, DBMS.SYBASE): if Backend.getIdentifiedDbms() in (DBMS.MSSQL, DBMS.SYBASE):
field = expressionFieldsList[0] field = prioritySortColumns(expressionFieldsList)[0]
elif Backend.isDbms(DBMS.ORACLE): elif Backend.isDbms(DBMS.ORACLE):
field = expressionFieldsList field = expressionFieldsList
else: else: