From c1010c20d86d5c981d35b1ff10f42c4bfe91399b Mon Sep 17 00:00:00 2001 From: Bernardo Damele Date: Tue, 30 Dec 2008 21:24:01 +0000 Subject: [PATCH] Minor adjustments --- doc/ChangeLog | 2 ++ lib/core/session.py | 2 ++ plugins/dbms/mysql.py | 2 +- 3 files changed, 5 insertions(+), 1 deletion(-) diff --git a/doc/ChangeLog b/doc/ChangeLog index 45c55b029..4de44c297 100644 --- a/doc/ChangeLog +++ b/doc/ChangeLog @@ -16,12 +16,14 @@ sqlmap (0.6.4-1) stable; urgency=low * Added internal support to forge CASE statements, used only by --is-dba query at the moment; * Minor layout adjustment to the --update output; + * Increased default timeout to 30 seconds; * Major bug fix to avoid tracebacks when multiple targets are specified and one of them is not reachable; * Minor bug fix to make the Partial UNION query SQL injection technique work properly also on Oracle and Microsoft SQL Server; * Minor bug fix to make the --postfix work even if --prefix is not provided; + * Updated documentation. -- Bernardo Damele A. G. Day, DD MMM 2009 10:00:00 +0000 diff --git a/lib/core/session.py b/lib/core/session.py index 9d5001aa3..e27a69327 100644 --- a/lib/core/session.py +++ b/lib/core/session.py @@ -129,6 +129,8 @@ def setDbms(dbms): kb.dbms = dbms + logger.info("the back-end DBMS is %s" % kb.dbms) + def setUnion(comment=None, count=None, position=None): """ diff --git a/plugins/dbms/mysql.py b/plugins/dbms/mysql.py index bd33fe0cb..d12e76e10 100644 --- a/plugins/dbms/mysql.py +++ b/plugins/dbms/mysql.py @@ -257,7 +257,7 @@ class MySQLMap(Fingerprint, Enumeration, Filesystem, Takeover): logMsg = "confirming MySQL" logger.info(logMsg) - payload = agent.fullPayload(" AND CONCAT('%s', '%s')='%s%s'" % (randInt, randInt, randInt, randInt)) + payload = agent.fullPayload(" AND ISNULL(1/0)") result = Request.queryPage(payload) if result != True: