From 99a23e23cf3de2f27d3f547c92b7d9eec78b434f Mon Sep 17 00:00:00 2001 From: Bernardo Damele Date: Fri, 19 Nov 2010 16:39:26 +0000 Subject: [PATCH] Extra check on --union-cols value --- lib/core/option.py | 5 +++++ 1 file changed, 5 insertions(+) diff --git a/lib/core/option.py b/lib/core/option.py index 89e7efd8b..3721f55dc 100644 --- a/lib/core/option.py +++ b/lib/core/option.py @@ -522,6 +522,11 @@ def __setUnion(): conf.uColsStart = int(conf.uColsStart) conf.uColsStop = int(conf.uColsStop) + if conf.uColsStart > conf.uColsStop: + errMsg = "--union-cols range has to be from lower to " + errMsg += "higher number of columns" + raise sqlmapSyntaxException, errMsg + if isinstance(conf.uChar, basestring) and conf.uChar != "NULL": debugMsg = "setting the UNION query SQL injection character to '%s'" % conf.uChar logger.debug(debugMsg)