sqlmapproject/sqlmap
1
1
Fork 0
mirror of https://github.com/sqlmapproject/sqlmap.git synced 2024-11-22 09:36:35 +03:00
Code Issues Packages Projects Releases Wiki Activity

minor fixes

Browse Source
This commit is contained in:
Miroslav Stampar 2012-05-09 14:58:16 +00:00
parent 9fa3619262
commit b0a8238774
2 changed files with 3 additions and 3 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
lib/controller/controller.py
View File

@ -131,7 +131,7 @@ def __formatInjection(inj):
title = sdata.title
vector = sdata.vector
if stype == PAYLOAD.TECHNIQUE.UNION:
count = re.sub(r"\(.+\)", "", sdata.payload).count(",") + 1
count = re.sub(r"(?i)(\(.+\))|(\blimit[^A-Za-z]+)", "", sdata.payload).count(',') + 1
title = re.sub(r"\d+ to \d+", str(count), title)
vector = agent.forgeInbandQuery("[QUERY]", vector[0], vector[1], vector[2], None, None, vector[5], vector[6])
if count == 1:

4
lib/techniques/union/test.py
View File

@ -208,7 +208,7 @@ def __unionPosition(comment, place, parameter, prefix, suffix, count, where=PAYL
unionErrorCase = kb.errorIsNone and wasLastRequestDBMSError()
if unionErrorCase:
if unionErrorCase and count > 1:
warnMsg = "combined UNION/error-based SQL injection case found on "
warnMsg += "column %d. sqlmap will try to find another " % (position + 1)
warnMsg += "column with better characteristics"
@ -273,7 +273,7 @@ def __unionTestByCharBruteforce(comment, place, parameter, value, prefix, suffix
warnMsg += "forcing the "
warnMsg += "back-end DBMS (e.g. --dbms=mysql) "
if not all([validPayload, vector]):
if not all([validPayload, vector]) and not warnMsg.endswith("consider "):
singleTimeWarnMessage(warnMsg)
return validPayload, vector