diff --git a/lib/request/inject.py b/lib/request/inject.py
index 83407bfc6..82dae2431 100644
--- a/lib/request/inject.py
+++ b/lib/request/inject.py
@@ -170,17 +170,21 @@ def _goInferenceProxy(expression, fromUser=False, batch=False, unpack=True, char
limitCond = True
limitRegExp = re.search(queries[Backend.getIdentifiedDbms()].limitregexp.query, expression, re.I)
+ limitRegExp2 = re.search(queries[Backend.getIdentifiedDbms()].limitregexp.query2, expression, re.I)
topLimit = re.search("TOP\s+([\d]+)\s+", expression, re.I)
- if limitRegExp or (Backend.getIdentifiedDbms() in (DBMS.MSSQL, DBMS.SYBASE) and topLimit):
+ if (limitRegExp or limitRegExp2) or (Backend.getIdentifiedDbms() in (DBMS.MSSQL, DBMS.SYBASE) and topLimit):
if Backend.getIdentifiedDbms() in (DBMS.MYSQL, DBMS.PGSQL, DBMS.SQLITE):
limitGroupStart = queries[Backend.getIdentifiedDbms()].limitgroupstart.query
limitGroupStop = queries[Backend.getIdentifiedDbms()].limitgroupstop.query
if limitGroupStart.isdigit():
- startLimit = int(limitRegExp.group(int(limitGroupStart)))
-
- stopLimit = limitRegExp.group(int(limitGroupStop))
+ if limitRegExp2:
+ startLimit = 0
+ stopLimit = limitRegExp2.group(int(limitGroupStart))
+ else:
+ startLimit = int(limitRegExp.group(int(limitGroupStart)))
+ stopLimit = limitRegExp.group(int(limitGroupStop))
limitCond = int(stopLimit) > 1
elif Backend.getIdentifiedDbms() in (DBMS.MSSQL, DBMS.SYBASE):
@@ -202,14 +206,14 @@ def _goInferenceProxy(expression, fromUser=False, batch=False, unpack=True, char
limitCond = False
# We assume that only queries NOT containing a "LIMIT #, 1"
- # (or similar depending on the back-end DBMS) can return
+ # (or equivalent depending on the back-end DBMS) can return
# multiple entries
if limitCond:
- if limitRegExp and stopLimit is not None:
+ if (limitRegExp or limitRegExp2) and stopLimit is not None:
stopLimit = int(stopLimit)
# From now on we need only the expression until the " LIMIT "
- # (or similar, depending on the back-end DBMS) word
+ # (or equivalent, depending on the back-end DBMS) word
if Backend.getIdentifiedDbms() in (DBMS.MYSQL, DBMS.PGSQL, DBMS.SQLITE):
stopLimit += startLimit
untilLimitChar = expression.index(queries[Backend.getIdentifiedDbms()].limitstring.query)
diff --git a/lib/techniques/error/use.py b/lib/techniques/error/use.py
index 65863635e..02d7978b6 100644
--- a/lib/techniques/error/use.py
+++ b/lib/techniques/error/use.py
@@ -254,18 +254,23 @@ def errorUse(expression, dump=False):
and ("(CASE" not in expression.upper() or ("(CASE" in expression.upper() and "WHEN use" in expression))) \
and not re.search(SQL_SCALAR_REGEX, expression, re.I):
+ limitCond = True
limitRegExp = re.search(queries[Backend.getIdentifiedDbms()].limitregexp.query, expression, re.I)
+ limitRegExp2 = re.search(queries[Backend.getIdentifiedDbms()].limitregexp.query2, expression, re.I)
topLimit = re.search("TOP\s+([\d]+)\s+", expression, re.I)
- if limitRegExp or (Backend.getIdentifiedDbms() in (DBMS.MSSQL, DBMS.SYBASE) and topLimit):
- if Backend.getIdentifiedDbms() in (DBMS.MYSQL, DBMS.PGSQL):
+ if (limitRegExp or limitRegExp2) or (Backend.getIdentifiedDbms() in (DBMS.MSSQL, DBMS.SYBASE) and topLimit):
+ if Backend.getIdentifiedDbms() in (DBMS.MYSQL, DBMS.PGSQL, DBMS.SQLITE):
limitGroupStart = queries[Backend.getIdentifiedDbms()].limitgroupstart.query
limitGroupStop = queries[Backend.getIdentifiedDbms()].limitgroupstop.query
if limitGroupStart.isdigit():
- startLimit = int(limitRegExp.group(int(limitGroupStart)))
-
- stopLimit = limitRegExp.group(int(limitGroupStop))
+ if limitRegExp2:
+ startLimit = 0
+ stopLimit = limitRegExp2.group(int(limitGroupStart))
+ else:
+ startLimit = int(limitRegExp.group(int(limitGroupStart)))
+ stopLimit = limitRegExp.group(int(limitGroupStop))
limitCond = int(stopLimit) > 1
elif Backend.getIdentifiedDbms() in (DBMS.MSSQL, DBMS.SYBASE):
@@ -285,19 +290,17 @@ def errorUse(expression, dump=False):
elif Backend.isDbms(DBMS.ORACLE):
limitCond = False
- else:
- limitCond = True
# I assume that only queries NOT containing a "LIMIT #, 1"
- # (or similar depending on the back-end DBMS) can return
+ # (or equivalent depending on the back-end DBMS) can return
# multiple entries
if limitCond:
- if limitRegExp:
+ if (limitRegExp or limitRegExp2) and stopLimit is not None:
stopLimit = int(stopLimit)
# From now on we need only the expression until the " LIMIT "
- # (or similar, depending on the back-end DBMS) word
- if Backend.getIdentifiedDbms() in (DBMS.MYSQL, DBMS.PGSQL):
+ # (or equivalent, depending on the back-end DBMS) word
+ if Backend.getIdentifiedDbms() in (DBMS.MYSQL, DBMS.PGSQL, DBMS.SQLITE):
stopLimit += startLimit
untilLimitChar = expression.index(queries[Backend.getIdentifiedDbms()].limitstring.query)
expression = expression[:untilLimitChar]
diff --git a/lib/techniques/union/use.py b/lib/techniques/union/use.py
index fcd25623e..85797d6eb 100644
--- a/lib/techniques/union/use.py
+++ b/lib/techniques/union/use.py
@@ -175,18 +175,23 @@ def unionUse(expression, unpack=True, dump=False):
and not expression.upper().endswith(FROM_DUMMY_TABLE[Backend.getIdentifiedDbms()]))) \
and not re.search(SQL_SCALAR_REGEX, expression, re.I):
+ limitCond = True
limitRegExp = re.search(queries[Backend.getIdentifiedDbms()].limitregexp.query, expression, re.I)
+ limitRegExp2 = re.search(queries[Backend.getIdentifiedDbms()].limitregexp.query2, expression, re.I)
topLimit = re.search("TOP\s+([\d]+)\s+", expression, re.I)
- if limitRegExp or (Backend.getIdentifiedDbms() in (DBMS.MSSQL, DBMS.SYBASE) and topLimit):
- if Backend.getIdentifiedDbms() in (DBMS.MYSQL, DBMS.PGSQL):
+ if (limitRegExp or limitRegExp2) or (Backend.getIdentifiedDbms() in (DBMS.MSSQL, DBMS.SYBASE) and topLimit):
+ if Backend.getIdentifiedDbms() in (DBMS.MYSQL, DBMS.PGSQL, DBMS.SQLITE):
limitGroupStart = queries[Backend.getIdentifiedDbms()].limitgroupstart.query
limitGroupStop = queries[Backend.getIdentifiedDbms()].limitgroupstop.query
if limitGroupStart.isdigit():
- startLimit = int(limitRegExp.group(int(limitGroupStart)))
-
- stopLimit = limitRegExp.group(int(limitGroupStop))
+ if limitRegExp2:
+ startLimit = 0
+ stopLimit = limitRegExp2.group(int(limitGroupStart))
+ else:
+ startLimit = int(limitRegExp.group(int(limitGroupStart)))
+ stopLimit = limitRegExp.group(int(limitGroupStop))
limitCond = int(stopLimit) > 1
elif Backend.getIdentifiedDbms() in (DBMS.MSSQL, DBMS.SYBASE):
@@ -199,7 +204,6 @@ def unionUse(expression, unpack=True, dump=False):
stopLimit = limitRegExp.group(int(limitGroupStop))
limitCond = int(stopLimit) > 1
-
elif topLimit:
startLimit = 0
stopLimit = int(topLimit.group(1))
@@ -207,19 +211,17 @@ def unionUse(expression, unpack=True, dump=False):
elif Backend.isDbms(DBMS.ORACLE):
limitCond = False
- else:
- limitCond = True
# I assume that only queries NOT containing a "LIMIT #, 1"
- # (or similar depending on the back-end DBMS) can return
+ # (or equivalent depending on the back-end DBMS) can return
# multiple entries
if limitCond:
- if limitRegExp:
+ if (limitRegExp or limitRegExp2) and stopLimit is not None:
stopLimit = int(stopLimit)
# From now on we need only the expression until the " LIMIT "
- # (or similar, depending on the back-end DBMS) word
- if Backend.getIdentifiedDbms() in (DBMS.MYSQL, DBMS.PGSQL):
+ # (or equivalent, depending on the back-end DBMS) word
+ if Backend.getIdentifiedDbms() in (DBMS.MYSQL, DBMS.PGSQL, DBMS.SQLITE):
stopLimit += startLimit
untilLimitChar = expression.index(queries[Backend.getIdentifiedDbms()].limitstring.query)
expression = expression[:untilLimitChar]
diff --git a/xml/queries.xml b/xml/queries.xml
index 19e3955ea..9a68d0417 100644
--- a/xml/queries.xml
+++ b/xml/queries.xml
@@ -8,7 +8,7 @@
-
+
@@ -82,7 +82,7 @@
-
+
@@ -311,7 +311,7 @@
-
+