sqlmapproject/sqlmap
1
1
Fork 0
mirror of https://github.com/sqlmapproject/sqlmap.git synced 2025-06-14 18:13:06 +03:00
Code Issues Packages Projects Releases Wiki Activity

Minor bug fix for Microsoft Access case expressions (like --common-tables) in UNION query SQL injection

Browse Source
This commit is contained in:
Bernardo Damele 2011-07-08 10:19:01 +00:00
parent 02bfd05b20
commit b5dd4d4a63
3 changed files with 6 additions and 6 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
doc/THANKS
View File

@ -82,7 +82,7 @@ Pierre Chifflier <pollux@debian.org> and Mark Hymers <ftpmaster@debian.org>
Debian project repository Debian project repository
Chris Clements <cclements@flatearth.net> Chris Clements <cclements@flatearth.net>
for reporting a minor bug for reporting a couple of bugs
Andreas Constantinides <megahz@megahz.org> Andreas Constantinides <megahz@megahz.org>
for reporting a minor bug for reporting a minor bug

8
lib/core/agent.py
View File

@ -283,7 +283,7 @@ class Agent:
if Backend.isDbms(DBMS.SQLITE): if Backend.isDbms(DBMS.SQLITE):
return field return field
if field.startswith("(CASE"): if field.startswith("(CASE") or field.startswith("(IIF"):
nulledCastedField = field nulledCastedField = field
else: else:
nulledCastedField = (queries[Backend.getIdentifiedDbms()].cast.query % field) if not conf.noCast else field nulledCastedField = (queries[Backend.getIdentifiedDbms()].cast.query % field) if not conf.noCast else field
@ -327,7 +327,7 @@ class Agent:
if not Backend.getDbms(): if not Backend.getDbms():
return fields return fields
if fields.startswith("(CASE") or fields.startswith("SUBSTR") or fields.startswith("MID("): if fields.startswith("(CASE") or fields.startswith("(IIF") or fields.startswith("SUBSTR") or fields.startswith("MID("):
nulledCastedConcatFields = fields nulledCastedConcatFields = fields
else: else:
fields = fields.replace(", ", ",") fields = fields.replace(", ", ",")
@ -598,7 +598,7 @@ class Agent:
inbandQuery += query[conditionIndex:] inbandQuery += query[conditionIndex:]
if Backend.getIdentifiedDbms() in FROM_TABLE: if Backend.getIdentifiedDbms() in FROM_TABLE:
if " FROM " not in inbandQuery or "(CASE " in inbandQuery: if " FROM " not in inbandQuery or "(CASE " in inbandQuery or "(IIF" in inbandQuery:
inbandQuery += FROM_TABLE[Backend.getIdentifiedDbms()] inbandQuery += FROM_TABLE[Backend.getIdentifiedDbms()]
if intoRegExp: if intoRegExp:
@ -748,7 +748,7 @@ class Agent:
if Backend.getIdentifiedDbms() is not None and hasattr(queries[Backend.getIdentifiedDbms()], "case"): if Backend.getIdentifiedDbms() is not None and hasattr(queries[Backend.getIdentifiedDbms()], "case"):
caseExpression = queries[Backend.getIdentifiedDbms()].case.query % expression caseExpression = queries[Backend.getIdentifiedDbms()].case.query % expression
if Backend.getIdentifiedDbms() in FROM_TABLE and not caseExpression.upper().endswith(FROM_TABLE[Backend.getIdentifiedDbms()]): if "(IIF" not in caseExpression and Backend.getIdentifiedDbms() in FROM_TABLE and not caseExpression.upper().endswith(FROM_TABLE[Backend.getIdentifiedDbms()]):
caseExpression += FROM_TABLE[Backend.getIdentifiedDbms()] caseExpression += FROM_TABLE[Backend.getIdentifiedDbms()]
return caseExpression return caseExpression

2
xml/queries.xml
View File

@ -356,7 +356,7 @@
<comment query="%00"/> <comment query="%00"/>
<timedelay/> <timedelay/>
<substring query="MID((%s),%d,%d)"/> <substring query="MID((%s),%d,%d)"/>
<case query="IIF(%s,1,0)"/> <case query="SELECT (IIF(%s,1,0))"/>
<banner/> <banner/>
<!--CURRENTUSER() is not available outside the MS Access query tool itself--> <!--CURRENTUSER() is not available outside the MS Access query tool itself-->
<current_user/> <current_user/>