sqlmapproject/sqlmap
1
1
Fork 0
mirror of https://github.com/sqlmapproject/sqlmap.git synced 2025-10-31 16:07:55 +03:00
Code Issues Packages Projects Releases Wiki Activity

there is a pretty strong chance that the columns from the beginning are the INTEGER ones, while we search for STRING ones (not related to that MSSQL union/error problem we discussed earlier today)

Browse Source
This commit is contained in:
Miroslav Stampar 2011-02-07 16:55:02 +00:00
parent 771020abd6
commit f958b21613
1 changed files with 1 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
lib/techniques/inband/union/test.py
View File

@ -101,7 +101,7 @@ def __unionPosition(comment, place, parameter, value, prefix, suffix, count, whe
# For each column of the table (# of NULL) perform a request using # For each column of the table (# of NULL) perform a request using
# the UNION ALL SELECT statement to test it the target url is # the UNION ALL SELECT statement to test it the target url is
# affected by an exploitable inband SQL injection vulnerability # affected by an exploitable inband SQL injection vulnerability
for position in range(0, count): for position in range(count-1, 0, -1):
# Prepare expression with delimiters # Prepare expression with delimiters
randQuery = randomStr() randQuery = randomStr()
phrase = "%s%s%s" % (kb.misc.start, randQuery, kb.misc.stop) phrase = "%s%s%s" % (kb.misc.start, randQuery, kb.misc.stop)