mirror of
https://github.com/sqlmapproject/sqlmap.git
synced 2024-11-29 04:53:48 +03:00
Implementation for an Issue #423
This commit is contained in:
parent
3740a97cc9
commit
ad039c335d
|
@ -647,7 +647,10 @@ class Agent(object):
|
||||||
@rtype: C{str}
|
@rtype: C{str}
|
||||||
"""
|
"""
|
||||||
|
|
||||||
fromTable = fromTable or FROM_DUMMY_TABLE.get(Backend.getIdentifiedDbms(), "")
|
if conf.uFrom:
|
||||||
|
fromTable = " FROM %s" % conf.uFrom
|
||||||
|
else:
|
||||||
|
fromTable = fromTable or FROM_DUMMY_TABLE.get(Backend.getIdentifiedDbms(), "")
|
||||||
|
|
||||||
if query.startswith("SELECT "):
|
if query.startswith("SELECT "):
|
||||||
query = query[len("SELECT "):]
|
query = query[len("SELECT "):]
|
||||||
|
|
|
@ -88,6 +88,7 @@ optDict = {
|
||||||
"timeSec": "integer",
|
"timeSec": "integer",
|
||||||
"uCols": "string",
|
"uCols": "string",
|
||||||
"uChar": "string",
|
"uChar": "string",
|
||||||
|
"uFrom": "string",
|
||||||
"dnsName": "string",
|
"dnsName": "string",
|
||||||
"secondOrder": "string",
|
"secondOrder": "string",
|
||||||
},
|
},
|
||||||
|
|
|
@ -287,6 +287,9 @@ def cmdLineParser():
|
||||||
techniques.add_option("--union-char", dest="uChar",
|
techniques.add_option("--union-char", dest="uChar",
|
||||||
help="Character to use for bruteforcing number of columns")
|
help="Character to use for bruteforcing number of columns")
|
||||||
|
|
||||||
|
techniques.add_option("--union-from", dest="uFrom",
|
||||||
|
help="Table to use in FROM part of UNION query SQL injection")
|
||||||
|
|
||||||
techniques.add_option("--dns-domain", dest="dnsName",
|
techniques.add_option("--dns-domain", dest="dnsName",
|
||||||
help="Domain name used for DNS exfiltration attack")
|
help="Domain name used for DNS exfiltration attack")
|
||||||
|
|
||||||
|
|
|
@ -303,6 +303,11 @@ uCols =
|
||||||
# Example: NULL
|
# Example: NULL
|
||||||
uChar =
|
uChar =
|
||||||
|
|
||||||
|
# Table to use in FROM part of UNION query SQL injection
|
||||||
|
# Valid: string
|
||||||
|
# Example: INFORMATION_SCHEMA.COLLATIONS
|
||||||
|
uFrom =
|
||||||
|
|
||||||
# Domain name used for DNS exfiltration attack
|
# Domain name used for DNS exfiltration attack
|
||||||
# Valid: string
|
# Valid: string
|
||||||
dnsName =
|
dnsName =
|
||||||
|
|
Loading…
Reference in New Issue
Block a user