sqlmapproject/sqlmap
1
1
Fork 0
mirror of https://github.com/sqlmapproject/sqlmap.git synced 2025-02-03 05:04:11 +03:00
Code Issues Packages Projects Releases Wiki Activity

Bug fixes for search (safeStringFormat should not replace all if given scalar values)

Browse Source
This commit is contained in:
Miroslav Stampar 2013-02-05 11:37:49 +01:00
parent 31230c5a42
commit e836629215
2 changed files with 3 additions and 3 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

4
lib/core/common.py
View File

@ -1374,9 +1374,9 @@ def safeStringFormat(format_, params):
retVal = format_.replace("%d", "%s") retVal = format_.replace("%d", "%s")
if isinstance(params, basestring): if isinstance(params, basestring):
retVal = retVal.replace("%s", params) retVal = retVal.replace("%s", params, 1)
elif not isListLike(params): elif not isListLike(params):
retVal = retVal.replace("%s", str(params)) retVal = retVal.replace("%s", str(params), 1)
else: else:
count, index = 0, 0 count, index = 0, 0
while index != -1: while index != -1:

2
plugins/generic/search.py
View File

@ -314,7 +314,7 @@ class Search:
query = agent.limitQuery(index, query) query = agent.limitQuery(index, query)
foundTbl = unArrayizeValue(inject.getValue(query, union=False, error=False)) foundTbl = unArrayizeValue(inject.getValue(query, union=False, error=False))
if not isNoneValue(foundTbls[db]): if not isNoneValue(foundTbl):
kb.hintValue = foundTbl kb.hintValue = foundTbl
foundTbl = safeSQLIdentificatorNaming(foundTbl, True) foundTbl = safeSQLIdentificatorNaming(foundTbl, True)
foundTbls[db].append(foundTbl) foundTbls[db].append(foundTbl)