From afb3cec133cc9391558c37b80fbc3d466bf60477 Mon Sep 17 00:00:00 2001 From: Miroslav Stampar Date: Sun, 17 Nov 2019 19:27:19 +0100 Subject: [PATCH] Bug fix (--where in case of boolean-based blind) --- lib/core/agent.py | 11 +++++++++-- lib/core/settings.py | 2 +- 2 files changed, 10 insertions(+), 3 deletions(-) diff --git a/lib/core/agent.py b/lib/core/agent.py index a435e2e1c..5b0a1e21c 100644 --- a/lib/core/agent.py +++ b/lib/core/agent.py @@ -1115,7 +1115,12 @@ class Agent(object): def whereQuery(self, query): if conf.dumpWhere and query: - prefix, suffix = query.split(" ORDER BY ") if " ORDER BY " in query else (query, "") + match = re.search(r" (LIMIT|ORDER).+", query, re.I) + if match: + suffix = match.group(0) + prefix = query[:-len(suffix)] + else: + prefix, suffix = query, "" if conf.tbl and "%s)" % conf.tbl.upper() in prefix.upper(): prefix = re.sub(r"(?i)%s\)" % re.escape(conf.tbl), "%s WHERE %s)" % (conf.tbl, conf.dumpWhere), prefix) @@ -1124,7 +1129,9 @@ class Agent(object): else: prefix += " WHERE %s" % conf.dumpWhere - query = "%s ORDER BY %s" % (prefix, suffix) if suffix else prefix + query = prefix + if suffix: + query += suffix return query diff --git a/lib/core/settings.py b/lib/core/settings.py index a18c0410d..fb7d03a27 100644 --- a/lib/core/settings.py +++ b/lib/core/settings.py @@ -18,7 +18,7 @@ from lib.core.enums import OS from thirdparty.six import unichr as _unichr # sqlmap version (...) -VERSION = "1.3.11.70" +VERSION = "1.3.11.71" TYPE = "dev" if VERSION.count('.') > 2 and VERSION.split('.')[-1] != '0' else "stable" TYPE_COLORS = {"dev": 33, "stable": 90, "pip": 34} VERSION_STRING = "sqlmap/%s#%s" % ('.'.join(VERSION.split('.')[:-1]) if VERSION.count('.') > 2 and VERSION.split('.')[-1] == '0' else VERSION, TYPE)