From 8e8886cd2067ceb5f1e0a858181af116fa9724f4 Mon Sep 17 00:00:00 2001
From: Miroslav Stampar <miroslav.stampar@gmail.com>
Date: Sun, 1 May 2011 21:41:14 +0000
Subject: [PATCH] minor improvement for --sql-shell/--sql-query (when
 non-SELECT default is N for retrieve data output which automatically does
 STACKED injection)

---
 plugins/generic/enumeration.py | 9 +++++++--
 1 file changed, 7 insertions(+), 2 deletions(-)

diff --git a/plugins/generic/enumeration.py b/plugins/generic/enumeration.py
index 52616920b..118ddff0e 100644
--- a/plugins/generic/enumeration.py
+++ b/plugins/generic/enumeration.py
@@ -2230,8 +2230,13 @@ class Enumeration:
 
         if not self.alwaysRetrieveSqlOutput:
             message = "do you want to retrieve the SQL statement output? "
-            message += "[Y/n/a] "
-            getOutput = readInput(message, default="Y")
+
+            if not sqlType or 'SELECT' in sqlType:
+                message += "[Y/n/a] "
+                getOutput = readInput(message, default="Y")
+            else:
+                message += "[y/N/a] "
+                getOutput = readInput(message, default="N")
 
             if getOutput in ("a", "A"):
                 self.alwaysRetrieveSqlOutput = True