sqlmapproject/sqlmap
1
1
Fork 0
mirror of https://github.com/sqlmapproject/sqlmap.git synced 2025-02-09 16:10:35 +03:00
Code Issues Packages Projects Releases Wiki Activity

fix for partial inband queries on MSSQL

Browse Source
This commit is contained in:
Miroslav Stampar 2011-03-25 11:19:15 +00:00
parent e80c9e08d8
commit af5342c495
1 changed files with 6 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

6
lib/core/agent.py
View File

@ -538,6 +538,12 @@ class Agent:
inbandQuery = self.prefixQuery("UNION ALL SELECT ", prefix=prefix) inbandQuery = self.prefixQuery("UNION ALL SELECT ", prefix=prefix)
if query.startswith("TOP"): if query.startswith("TOP"):
# TOP enumeration on DBMS.MSSQL is too specific and it has to go into it's own brackets
# because those NULLs cause problems with ORDER BY clause
if Backend.getIdentifiedDbms() == DBMS.MSSQL:
inbandQuery += ",".join(map(lambda x: char if x != position else '(SELECT %s)' % query, range(0, count)))
inbandQuery = self.suffixQuery(inbandQuery, comment, suffix)
return inbandQuery
topNum = re.search("\ATOP\s+([\d]+)\s+", query, re.I).group(1) topNum = re.search("\ATOP\s+([\d]+)\s+", query, re.I).group(1)
query = query[len("TOP %s " % topNum):] query = query[len("TOP %s " % topNum):]
inbandQuery += "TOP %s " % topNum inbandQuery += "TOP %s " % topNum