sqlmapproject/sqlmap
1
1
Fork 0
mirror of https://github.com/sqlmapproject/sqlmap.git synced 2025-06-25 15:33:31 +03:00
Code Issues Packages Projects Releases Wiki Activity

Minor bug fix to properly handle in -d data retrieval statement not starting with SELECT

Browse Source
This commit is contained in:
Bernardo Damele 2011-01-20 21:59:47 +00:00
parent f1b402b103
commit 97573693be
1 changed files with 6 additions and 3 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

9
lib/request/direct.py
View File

@ -23,7 +23,7 @@ from lib.utils.timeout import timeout
def direct(query, content=True): def direct(query, content=True):
output = None output = None
select = False select = True
query = agent.payloadDirect(query) query = agent.payloadDirect(query)
if backend.getIdentifiedDbms() == DBMS.ORACLE and query.startswith("SELECT ") and " FROM " not in query: if backend.getIdentifiedDbms() == DBMS.ORACLE and query.startswith("SELECT ") and " FROM " not in query:
@ -31,10 +31,13 @@ def direct(query, content=True):
for sqlTitle, sqlStatements in SQL_STATEMENTS.items(): for sqlTitle, sqlStatements in SQL_STATEMENTS.items():
for sqlStatement in sqlStatements: for sqlStatement in sqlStatements:
if query.lower().startswith(sqlStatement) and sqlTitle == "SQL SELECT statement": if query.lower().startswith(sqlStatement) and sqlTitle != "SQL SELECT statement":
select = True select = False
break break
if select and not query.upper().startswith("SELECT "):
query = "SELECT " + query
logger.log(9, query) logger.log(9, query)
if not select: if not select: