mirror of
https://github.com/sqlmapproject/sqlmap.git
synced 2024-11-28 20:43:49 +03:00
Implementation for an Issue #423
This commit is contained in:
parent
3740a97cc9
commit
ad039c335d
|
@ -647,6 +647,9 @@ class Agent(object):
|
|||
@rtype: C{str}
|
||||
"""
|
||||
|
||||
if conf.uFrom:
|
||||
fromTable = " FROM %s" % conf.uFrom
|
||||
else:
|
||||
fromTable = fromTable or FROM_DUMMY_TABLE.get(Backend.getIdentifiedDbms(), "")
|
||||
|
||||
if query.startswith("SELECT "):
|
||||
|
|
|
@ -88,6 +88,7 @@ optDict = {
|
|||
"timeSec": "integer",
|
||||
"uCols": "string",
|
||||
"uChar": "string",
|
||||
"uFrom": "string",
|
||||
"dnsName": "string",
|
||||
"secondOrder": "string",
|
||||
},
|
||||
|
|
|
@ -287,6 +287,9 @@ def cmdLineParser():
|
|||
techniques.add_option("--union-char", dest="uChar",
|
||||
help="Character to use for bruteforcing number of columns")
|
||||
|
||||
techniques.add_option("--union-from", dest="uFrom",
|
||||
help="Table to use in FROM part of UNION query SQL injection")
|
||||
|
||||
techniques.add_option("--dns-domain", dest="dnsName",
|
||||
help="Domain name used for DNS exfiltration attack")
|
||||
|
||||
|
|
|
@ -303,6 +303,11 @@ uCols =
|
|||
# Example: NULL
|
||||
uChar =
|
||||
|
||||
# Table to use in FROM part of UNION query SQL injection
|
||||
# Valid: string
|
||||
# Example: INFORMATION_SCHEMA.COLLATIONS
|
||||
uFrom =
|
||||
|
||||
# Domain name used for DNS exfiltration attack
|
||||
# Valid: string
|
||||
dnsName =
|
||||
|
|
Loading…
Reference in New Issue
Block a user