fix for Bug #207

2025-10-31 16:07:55 +03:00 · 2010-10-22 14:01:48 +00:00 · 2010-10-22 14:01:48 +00:00 · dec4d858b3
commit dec4d858b3
parent 1b2ec826bf
3 changed files with 8 additions and 7 deletions
--- a/lib/request/inject.py
+++ b/lib/request/inject.py
@ -124,7 +124,7 @@ def __goInferenceProxy(expression, fromUser=False, expected=None, batch=False, r
        rdbRegExp = re.search("RDB\$GET_CONTEXT\([^)]+\)", expression, re.I)
        if rdbRegExp and kb.dbms == "Firebird":
            expressionFieldsList = [expressionFields]
-        
+
        if len(expressionFieldsList) > 1:
            infoMsg  = "the SQL query provided has more than a field. "
            infoMsg += "sqlmap will now unpack it into distinct queries "
--- a/plugins/generic/enumeration.py
+++ b/plugins/generic/enumeration.py
@ -1169,10 +1169,10 @@ class Enumeration:
                                                               conf.tbl.upper(),
                                                               index)
                    elif kb.dbms == "Microsoft SQL Server":
-                        query = rootQuery.blind.query % (column, conf.db,
-                                                               conf.tbl, column,
-                                                               index, column,
-                                                               conf.db, conf.tbl)
+                        query = rootQuery.blind.query % (column, index + 1, conf.db,
+                                                               conf.tbl, colList[0],
+                                                               colList[0], colList[0])
+
                    elif kb.dbms == "SQLite":
                        query = rootQuery.blind.query % (column, conf.tbl, index)

--- a/xml/queries.xml
+++ b/xml/queries.xml
@ -273,7 +273,8 @@
        </columns>
        <dump_table>
            <inband query="SELECT %s FROM %s..%s"/>
-            <blind query="SELECT TOP 1 %s FROM %s..%s WHERE %s NOT IN (SELECT TOP %d %s FROM %s..%s)" count="SELECT LTRIM(STR(COUNT(*))) FROM %s..%s"/>
+            <!--<blind query="SELECT TOP 1 %s FROM %s..%s WHERE %s NOT IN (SELECT TOP %d %s FROM %s..%s)" count="SELECT LTRIM(STR(COUNT(*))) FROM %s..%s"/>-->
+            <blind query="SELECT TOP 1 %s FROM (SELECT TOP 1 * FROM ( SELECT TOP %d * FROM %s..%s ORDER BY %s ASC ) AS t1 ORDER BY %s DESC) AS t2 ORDER BY %s ASC" count="SELECT LTRIM(STR(COUNT(*))) FROM %s..%s"/>
        </dump_table>
        <search_db>
            <inband query="SELECT name FROM master..sysdatabases WHERE " condition="name"/>
@ -358,7 +359,7 @@
        <current_db/>
        <inference query="AND ASC(MID((%s), %d, 1)) > %d"/>
        <is_dba query="IIF(CURRENTUSER()='Admin',1,0)"/>
-        <dbs/> 
+        <dbs/>
        <tables>
            <inband query="SELECT Name FROM MSysObjects WHERE (Left([Name],1) &lt;&gt; '~') AND (Left([Name],4) &lt;&gt; 'MSys') AND ([Type] In (1, 4, 6))"/>
        </tables>