mirror of
https://github.com/sqlmapproject/sqlmap.git
synced 2024-11-29 13:03:50 +03:00
another fix related to the bug reported by Alone Shell
This commit is contained in:
parent
82ab4c8dc2
commit
f3858a5fcf
|
@ -674,15 +674,15 @@ class Agent:
|
||||||
if forgeNotIn:
|
if forgeNotIn:
|
||||||
limitedQuery = limitedQuery.replace("SELECT ", (limitStr % 1), 1)
|
limitedQuery = limitedQuery.replace("SELECT ", (limitStr % 1), 1)
|
||||||
|
|
||||||
if uniqueField and " ORDER BY " not in fromFrom:
|
if " ORDER BY " not in fromFrom:
|
||||||
# Reference: http://vorg.ca/626-the-MS-SQL-equivalent-to-MySQLs-limit-command
|
# Reference: http://vorg.ca/626-the-MS-SQL-equivalent-to-MySQLs-limit-command
|
||||||
if " WHERE " in limitedQuery:
|
if " WHERE " in limitedQuery:
|
||||||
limitedQuery = "%s AND %s " % (limitedQuery, uniqueField)
|
limitedQuery = "%s AND %s " % (limitedQuery, uniqueField or field)
|
||||||
else:
|
else:
|
||||||
limitedQuery = "%s WHERE ISNULL(%s,' ') " % (limitedQuery, uniqueField)
|
limitedQuery = "%s WHERE ISNULL(%s,' ') " % (limitedQuery, uniqueField or field)
|
||||||
|
|
||||||
limitedQuery += "NOT IN (%s" % (limitStr % num)
|
limitedQuery += "NOT IN (%s" % (limitStr % num)
|
||||||
limitedQuery += "ISNULL(%s,' ') %s ORDER BY %s) ORDER BY %s" % (uniqueField, fromFrom, uniqueField, uniqueField)
|
limitedQuery += "ISNULL(%s,' ') %s ORDER BY %s) ORDER BY %s" % (uniqueField or field, fromFrom, uniqueField or field, uniqueField or field)
|
||||||
else:
|
else:
|
||||||
if " WHERE " in limitedQuery:
|
if " WHERE " in limitedQuery:
|
||||||
limitedQuery = "%s AND %s " % (limitedQuery, field)
|
limitedQuery = "%s AND %s " % (limitedQuery, field)
|
||||||
|
|
|
@ -1078,7 +1078,7 @@ class Enumeration:
|
||||||
elif Backend.getIdentifiedDbms() == DBMS.MSSQL:
|
elif Backend.getIdentifiedDbms() == DBMS.MSSQL:
|
||||||
query = rootQuery.blind.query2 % (conf.db, conf.db, conf.db,
|
query = rootQuery.blind.query2 % (conf.db, conf.db, conf.db,
|
||||||
conf.db, column, conf.db,
|
conf.db, column, conf.db,
|
||||||
conf.db, conf.db, conf.tbl)
|
conf.db, conf.db, conf.tbl if '.' not in conf.tbl else conf.tbl.split('.')[1])
|
||||||
elif Backend.getIdentifiedDbms() == DBMS.FIREBIRD:
|
elif Backend.getIdentifiedDbms() == DBMS.FIREBIRD:
|
||||||
query = rootQuery.blind.query2 % (conf.tbl, column)
|
query = rootQuery.blind.query2 % (conf.tbl, column)
|
||||||
|
|
||||||
|
|
Loading…
Reference in New Issue
Block a user