sqlmapproject/sqlmap
1
1
Fork 0
mirror of https://github.com/sqlmapproject/sqlmap.git synced 2025-02-09 08:00:36 +03:00
Code Issues Packages Projects Releases Wiki Activity

Limited custom query now works also on Oracle in inferential blind SQL

Browse Source 
injection technique
This commit is contained in:
Bernardo Damele 2008-12-23 23:34:50 +00:00
parent 24ddbdc89d
commit c83593c044
1 changed files with 8 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

7
lib/request/inject.py
View File

@ -77,11 +77,18 @@ def __goInferenceFields(expression, expressionFields, expressionFieldsList, payl
for field in expressionFieldsList: for field in expressionFieldsList:
output = None output = None
if field.startswith("ROWNUM "):
continue
if isinstance(num, int): if isinstance(num, int):
origExpr = expression origExpr = expression
expression = agent.limitQuery(num, expression, field) expression = agent.limitQuery(num, expression, field)
if "ROWNUM" in expressionFieldsList:
expressionReplaced = expression.replace(expressionFields, field, 1) expressionReplaced = expression.replace(expressionFields, field, 1)
else:
expressionReplaced = expression
output = resume(expressionReplaced, payload) output = resume(expressionReplaced, payload)
if not output or ( expected == "int" and not output.isdigit() ): if not output or ( expected == "int" and not output.isdigit() ):