From c50849707f57f97adb4a0cd2c92660752bd2afb8 Mon Sep 17 00:00:00 2001 From: Miroslav Stampar Date: Tue, 8 Mar 2016 14:35:16 +0100 Subject: [PATCH] Fixes #1748 --- lib/core/agent.py | 3 ++- lib/core/settings.py | 2 +- 2 files changed, 3 insertions(+), 2 deletions(-) diff --git a/lib/core/agent.py b/lib/core/agent.py index 195025053..b4414d7d7 100644 --- a/lib/core/agent.py +++ b/lib/core/agent.py @@ -17,6 +17,7 @@ from lib.core.common import isTechniqueAvailable from lib.core.common import randomInt from lib.core.common import randomStr from lib.core.common import safeSQLIdentificatorNaming +from lib.core.common import safeStringFormat from lib.core.common import singleTimeWarnMessage from lib.core.common import splitFields from lib.core.common import unArrayizeValue @@ -923,7 +924,7 @@ class Agent(object): else: limitedQuery = "%s FROM (SELECT %s,%s" % (untilFrom, ','.join(f for f in field), limitStr) - limitedQuery = limitedQuery % fromFrom + limitedQuery = safeStringFormat(limitedQuery, (fromFrom,)) limitedQuery += "=%d" % (num + 1) elif Backend.isDbms(DBMS.MSSQL): diff --git a/lib/core/settings.py b/lib/core/settings.py index 137d22c06..1a52e900e 100644 --- a/lib/core/settings.py +++ b/lib/core/settings.py @@ -20,7 +20,7 @@ from lib.core.enums import OS from lib.core.revision import getRevisionNumber # sqlmap version and site -VERSION = "1.0.0.14" +VERSION = "1.0.0.15" REVISION = getRevisionNumber() STABLE = VERSION.count('.') <= 2 VERSION_STRING = "sqlmap/%s#%s" % (VERSION, "stable" if STABLE else "dev")