diff --git a/lib/core/agent.py b/lib/core/agent.py
index d2786eae4..018b4d732 100644
--- a/lib/core/agent.py
+++ b/lib/core/agent.py
@@ -246,10 +246,15 @@ class Agent:
@rtype: C{str}
"""
- fieldsSelectTop = re.search("\ASELECT\s+TOP\s+[\d]+\s+(.+?)\s+FROM", query, re.I)
- fieldsSelectDistinct = re.search("\ASELECT\s+DISTINCT\((.+?)\)\s+FROM", query, re.I)
- fieldsSelectFrom = re.search("\ASELECT\s+(.+?)\s+FROM\s+", query, re.I)
- fieldsSelect = re.search("\ASELECT\s+(.*)", query, re.I)
+ if "(SELECT " in query:
+ firstChar = "\\("
+ else:
+ firstChar = "\\A"
+
+ fieldsSelectTop = re.search("%sSELECT\s+TOP\s+[\d]+\s+(.+?)\s+FROM" % firstChar, query, re.I)
+ fieldsSelectDistinct = re.search("%sSELECT\s+DISTINCT\((.+?)\)\s+FROM" % firstChar, query, re.I)
+ fieldsSelectFrom = re.search("%sSELECT\s+(.+?)\s+FROM\s+" % firstChar, query, re.I)
+ fieldsSelect = re.search("%sSELECT\s+(.*)" % firstChar, query, re.I)
fieldsNoSelect = query
if fieldsSelectTop:
@@ -296,11 +301,11 @@ class Agent:
"""
concatQuery = ""
- query = query.replace(", ", ",")
+ query = query.replace(", ", ",")
fieldsSelectFrom, fieldsSelect, fieldsNoSelect, _, fieldsToCastStr = self.getFields(query)
castedFields = self.nullCastConcatFields(fieldsToCastStr)
- concatQuery = query.replace(fieldsToCastStr, castedFields, 1)
+ concatQuery = query.replace(fieldsToCastStr, castedFields, 1)
if kb.dbms == "MySQL":
if fieldsSelectFrom:
diff --git a/lib/request/inject.py b/lib/request/inject.py
index ff794d91c..a69d34fbd 100644
--- a/lib/request/inject.py
+++ b/lib/request/inject.py
@@ -228,6 +228,15 @@ def __goInferenceProxy(expression, fromUser=False, expected=None):
return None
+ elif count and not count.isdigit():
+ warnMsg = "it was not possible to count the number "
+ warnMsg += "of entries for the SQL query provided. "
+ warnMsg += "sqlmap will assume that it returns only "
+ warnMsg += "one entry"
+ logger.warn(warnMsg)
+
+ stopLimit = 1
+
elif ( not count or int(count) == 0 ):
warnMsg = "the SQL query provided does not "
warnMsg += "return any output"
diff --git a/lib/techniques/inband/union/use.py b/lib/techniques/inband/union/use.py
index 66c3b7fe0..0e436bae5 100644
--- a/lib/techniques/inband/union/use.py
+++ b/lib/techniques/inband/union/use.py
@@ -237,6 +237,15 @@ def unionUse(expression, direct=False, unescape=True, resetCounter=False):
infoMsg += "%d entries" % stopLimit
logger.info(infoMsg)
+ elif count and not count.isdigit():
+ warnMsg = "it was not possible to count the number "
+ warnMsg += "of entries for the SQL query provided. "
+ warnMsg += "sqlmap will assume that it returns only "
+ warnMsg += "one entry"
+ logger.warn(warnMsg)
+
+ stopLimit = 1
+
elif ( not count or int(count) == 0 ):
warnMsg = "the SQL query provided does not "
warnMsg += "return any output"
diff --git a/xml/banner/generic.xml b/xml/banner/generic.xml
index 65fcf5621..8579d1a98 100644
--- a/xml/banner/generic.xml
+++ b/xml/banner/generic.xml
@@ -19,6 +19,10 @@
+
+
+
+
diff --git a/xml/queries.xml b/xml/queries.xml
index 49199bfe5..a1a6276d9 100644
--- a/xml/queries.xml
+++ b/xml/queries.xml
@@ -74,10 +74,6 @@
-