mirror of
https://github.com/sqlmapproject/sqlmap.git
synced 2024-11-26 11:33:47 +03:00
Bug fix (stacked queries as in PgSQL and MsSQL DNS tunneling queries MUST end with the comment - not the recognized underlying technique's suffix)
This commit is contained in:
parent
2c2667b2be
commit
ab64d385d6
|
@ -70,7 +70,7 @@ def dnsUse(payload, expression):
|
||||||
|
|
||||||
if Backend.getIdentifiedDbms() in (DBMS.MSSQL, DBMS.PGSQL):
|
if Backend.getIdentifiedDbms() in (DBMS.MSSQL, DBMS.PGSQL):
|
||||||
query = agent.prefixQuery("; %s" % expressionUnescaped)
|
query = agent.prefixQuery("; %s" % expressionUnescaped)
|
||||||
query = agent.suffixQuery(query)
|
query = "%s%s" % (query, queries[Backend.getIdentifiedDbms()].comment.query)
|
||||||
forgedPayload = agent.payload(newValue=query)
|
forgedPayload = agent.payload(newValue=query)
|
||||||
else:
|
else:
|
||||||
forgedPayload = safeStringFormat(payload, (expressionUnescaped, randomInt(1), randomInt(3)))
|
forgedPayload = safeStringFormat(payload, (expressionUnescaped, randomInt(1), randomInt(3)))
|
||||||
|
|
Loading…
Reference in New Issue
Block a user