diff --git a/doc/THANKS b/doc/THANKS index 1a8b12e59..832f1ab49 100644 --- a/doc/THANKS +++ b/doc/THANKS @@ -429,6 +429,9 @@ pacman730 Phat R. for reporting a minor bug +Joe "Pragmatk" + for reporting a few bugs + shiftzwei for reporting a couple of bugs diff --git a/lib/core/common.py b/lib/core/common.py index db0bd65f8..c5dc66abb 100644 --- a/lib/core/common.py +++ b/lib/core/common.py @@ -507,7 +507,7 @@ def readInput(message, default=None): data = default else: - data = raw_input(message.encode(sys.stdout.encoding)) + data = raw_input(message.encode(sys.stdout.encoding or conf.dataEncoding)) if not data: data = default diff --git a/lib/core/option.py b/lib/core/option.py index 4f1f37753..ae6f95d4e 100644 --- a/lib/core/option.py +++ b/lib/core/option.py @@ -511,8 +511,8 @@ def __setUnion(): debugMsg = "setting the UNION query SQL injection range of columns" logger.debug(debugMsg) - if "-" not in conf.uCols: - raise sqlmapSyntaxException, "--union-cols must be a range with hyphon" + if "-" not in conf.uCols or len(conf.uCols.split("-")) != 2: + raise sqlmapSyntaxException, "--union-cols must be a range with hyphon (e.g. 1-10)" conf.uCols = conf.uCols.replace(" ", "") conf.uColsStart, conf.uColsStop = conf.uCols.split("-") diff --git a/lib/core/replication.py b/lib/core/replication.py index e821559d8..5aa2b275d 100644 --- a/lib/core/replication.py +++ b/lib/core/replication.py @@ -8,6 +8,7 @@ See the file 'doc/COPYING' for copying permission """ from lib.core.exception import sqlmapMissingDependence +from lib.core.exception import sqlmapValueException class Replication: """ @@ -62,7 +63,11 @@ class Replication: """ This function is used for inserting row(s) into current table. """ - self.parent.cursor.execute('INSERT INTO %s VALUES (%s)' % (self.name, ','.join(['?']*len(values))), values) + if len(values) == len(self.columns): + self.parent.cursor.execute('INSERT INTO %s VALUES (%s)' % (self.name, ','.join(['?']*len(values))), values) + else: + errMsg = "wrong number of columns used in replicating insert" + raise sqlmapValueException, errMsg def select(self, condition=None): """