From aa0fb276ba48452a7d3b593e21be4a3844e9a2ae Mon Sep 17 00:00:00 2001 From: Bernardo Damele Date: Wed, 9 Feb 2011 17:22:07 +0000 Subject: [PATCH] More fixes for --common-columns to work against MSSQL too --- lib/core/session.py | 2 +- lib/techniques/brute/use.py | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/lib/core/session.py b/lib/core/session.py index aeb2e110f..278d9400f 100644 --- a/lib/core/session.py +++ b/lib/core/session.py @@ -250,7 +250,7 @@ def resumeConfKb(expression, url, value): kb.brute.tables.append((db, table)) elif expression == "COLUMN_EXISTS" and url == conf.url: - table, column = unSafeFormatString(value[:-1]).split('..') + table, column = unSafeFormatString(value[:-1]).split('|') colName, colType = column.split(' ') if '.' in table: diff --git a/lib/techniques/brute/use.py b/lib/techniques/brute/use.py index e64fc86ed..a18385eef 100644 --- a/lib/techniques/brute/use.py +++ b/lib/techniques/brute/use.py @@ -257,7 +257,7 @@ def columnExists(columnFile, regex=None): else: columns[column] = 'non-numeric' - dataToSessionFile("[%s][%s][%s][COLUMN_EXISTS][%s..%s %s]\n" % (conf.url, kb.injection.place,\ + dataToSessionFile("[%s][%s][%s][COLUMN_EXISTS][%s|%s %s]\n" % (conf.url, kb.injection.place,\ safeFormatString(conf.parameters[kb.injection.place]), safeFormatString(table),\ safeFormatString(column), safeFormatString(columns[column])))