sqlmapproject/sqlmap
1
1
Fork 0
mirror of https://github.com/sqlmapproject/sqlmap.git synced 2025-03-03 11:45:46 +03:00
Code Issues Packages Projects Releases Wiki Activity

Proper implementation for --technique=Q --dbms=Firebird

Browse Source
This commit is contained in:
Miroslav Stampar 2013-01-22 16:31:26 +01:00
parent 719c7f622b
commit d6a361f859
2 changed files with 1 additions and 4 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

3
lib/techniques/error/use.py
View File

@ -181,9 +181,6 @@ def _errorFields(expression, expressionFields, expressionFieldsList, num=None, e
else:
expressionReplaced = expression.replace(expressionFields, field, 1)
if kb.technique == PAYLOAD.TECHNIQUE.QUERY and Backend.isDbms(DBMS.FIREBIRD) and expressionReplaced.startswith("SELECT "):
expressionReplaced = "SELECT %s" % agent.concatQuery(expressionReplaced)
output = NULL if emptyFields and field in emptyFields else _oneShotErrorUse(expressionReplaced, field)
if not kb.threadContinue:

2
xml/payloads.xml
View File

@ -2003,7 +2003,7 @@ Formats:
<risk>1</risk>
<clause>1,2,3,8</clause>
<where>3</where>
<vector>[QUERY]</vector>
<vector>SELECT '[DELIMITER_START]'||([QUERY])||'[DELIMITER_STOP]' FROM RDB$DATABASE</vector>
<request>
<payload>SELECT '[DELIMITER_START]'||(CASE [RANDNUM] WHEN [RANDNUM] THEN 1 ELSE 0 END)||'[DELIMITER_STOP]' FROM RDB$DATABASE</payload>
</request>