sqlmapproject/sqlmap
1
1
Fork 0
mirror of https://github.com/sqlmapproject/sqlmap.git synced 2025-03-24 03:44:13 +03:00
Code Issues Packages Projects Releases Wiki Activity

Proper handling of CASE in Oracle, finally

Browse Source
This commit is contained in:
Bernardo Damele 2011-01-20 21:58:50 +00:00
parent 4128b2c87f
commit f1b402b103
1 changed files with 3 additions and 6 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

9
lib/core/agent.py
View File

@ -448,8 +448,8 @@ class Agent:
concatenatedQuery = concatenatedQuery.replace("SELECT ", "'%s'||" % kb.misc.start, 1)
concatenatedQuery += "||'%s'" % kb.misc.stop
elif fieldsSelectCase:
concatenatedQuery = concatenatedQuery.replace("SELECT ", "'%s'||" % kb.misc.start, 1)
concatenatedQuery += "||'%s'" % kb.misc.stop
concatenatedQuery = concatenatedQuery.replace("SELECT ", "'%s'||(SELECT " % kb.misc.start, 1)
concatenatedQuery += ")||'%s'" % kb.misc.stop
elif fieldsSelectFrom:
concatenatedQuery = concatenatedQuery.replace("SELECT ", "'%s'||" % kb.misc.start, 1)
concatenatedQuery = concatenatedQuery.replace(" FROM ", "||'%s' FROM " % kb.misc.stop, 1)
@ -459,9 +459,6 @@ class Agent:
elif fieldsNoSelect:
concatenatedQuery = "'%s'||%s||'%s'" % (kb.misc.start, concatenatedQuery, kb.misc.stop)
if backend.getIdentifiedDbms() == DBMS.ORACLE and " FROM " not in concatenatedQuery and (fieldsSelect or fieldsNoSelect):
concatenatedQuery += " FROM DUAL"
elif backend.getIdentifiedDbms() in (DBMS.MSSQL, DBMS.SYBASE):
if fieldsExists:
concatenatedQuery = concatenatedQuery.replace("SELECT ", "'%s'+" % kb.misc.start, 1)
@ -552,7 +549,7 @@ class Agent:
inbandQuery += query[conditionIndex:]
if backend.getIdentifiedDbms() in FROM_TABLE:
if " FROM " not in inbandQuery:
if " FROM " not in inbandQuery or "(CASE " in inbandQuery:
inbandQuery += FROM_TABLE[backend.getIdentifiedDbms()]
if intoRegExp: