minor fixes

2025-02-16 19:40:37 +03:00 · 2012-05-09 14:58:16 +00:00 · 2012-05-09 14:58:16 +00:00 · b0a8238774
commit b0a8238774
parent 9fa3619262
2 changed files with 3 additions and 3 deletions
--- a/lib/controller/controller.py
+++ b/lib/controller/controller.py
@ -131,7 +131,7 @@ def __formatInjection(inj):
        title = sdata.title
        vector = sdata.vector
        if stype == PAYLOAD.TECHNIQUE.UNION:
-            count = re.sub(r"\(.+\)", "", sdata.payload).count(",") + 1
+            count = re.sub(r"(?i)(\(.+\))|(\blimit[^A-Za-z]+)", "", sdata.payload).count(',') + 1
            title = re.sub(r"\d+ to \d+", str(count), title)
            vector = agent.forgeInbandQuery("[QUERY]", vector[0], vector[1], vector[2], None, None, vector[5], vector[6])
            if count == 1:
--- a/lib/techniques/union/test.py
+++ b/lib/techniques/union/test.py
@ -208,7 +208,7 @@ def __unionPosition(comment, place, parameter, prefix, suffix, count, where=PAYL
            unionErrorCase = kb.errorIsNone and wasLastRequestDBMSError()
-            if unionErrorCase:
+            if unionErrorCase and count > 1:
                warnMsg = "combined UNION/error-based SQL injection case found on "
                warnMsg += "column %d. sqlmap will try to find another " % (position + 1)
                warnMsg += "column with better characteristics"
@ -273,7 +273,7 @@ def __unionTestByCharBruteforce(comment, place, parameter, value, prefix, suffix
                    warnMsg += "forcing the "
                warnMsg += "back-end DBMS (e.g. --dbms=mysql) "
-            if not all([validPayload, vector]):
+            if not all([validPayload, vector]) and not warnMsg.endswith("consider "):
                singleTimeWarnMessage(warnMsg)
    return validPayload, vector