sqlmapproject/sqlmap
1
1
Fork 0
mirror of https://github.com/sqlmapproject/sqlmap.git synced 2024-11-22 01:26:42 +03:00
Code Issues Packages Projects Releases Wiki Activity

Patch for an Issue #475

Browse Source
This commit is contained in:
stamparm 2013-07-01 13:43:22 +02:00
parent 9a8bec760f
commit f97b35dcc1
3 changed files with 3 additions and 4 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

4
lib/core/agent.py
View File

@ -525,7 +525,7 @@ class Agent(object):
else:
return query
if Backend.getIdentifiedDbms() in (DBMS.MYSQL, DBMS.HSQLDB):
if Backend.getIdentifiedDbms() in (DBMS.MYSQL,):
if fieldsExists:
concatenatedQuery = concatenatedQuery.replace("SELECT ", "CONCAT('%s'," % kb.chars.start, 1)
concatenatedQuery += ",'%s')" % kb.chars.stop
@ -541,7 +541,7 @@ class Agent(object):
elif fieldsNoSelect:
concatenatedQuery = "CONCAT('%s',%s,'%s')" % (kb.chars.start, concatenatedQuery, kb.chars.stop)
elif Backend.getIdentifiedDbms() in (DBMS.PGSQL, DBMS.ORACLE, DBMS.SQLITE, DBMS.DB2, DBMS.FIREBIRD):
elif Backend.getIdentifiedDbms() in (DBMS.PGSQL, DBMS.ORACLE, DBMS.SQLITE, DBMS.DB2, DBMS.FIREBIRD, DBMS.HSQLDB):
if fieldsExists:
concatenatedQuery = concatenatedQuery.replace("SELECT ", "'%s'||" % kb.chars.start, 1)
concatenatedQuery += "||'%s'" % kb.chars.stop

1
plugins/dbms/hsqldb/fingerprint.py
View File

@ -103,7 +103,6 @@ class Fingerprint(GenericFingerprint):
infoMsg = "testing %s" % DBMS.HSQLDB
logger.info(infoMsg)
# TODO This gets mangled in UNION queries because of the dummy table
result = inject.checkBooleanExpression("CASEWHEN(1=1,1,0)=1")
if result:

2
xml/queries.xml
View File

@ -641,7 +641,7 @@
<comment query="--" query2="/*" query3="//"/>
<substring query="SUBSTR((%s),%d,%d)"/>
<concatenate query="CONCAT(%s,%s)"/>
<case query="(CASE WHEN (%s) THEN 1 ELSE 0 END)"/>
<case query="SELECT (CASE WHEN (%s) THEN 1 ELSE 0 END)"/>
<hex query="RAWTOHEX(%s)"/>
<inference query="ASCII(SUBSTR((%s),%d,1))>%d"/>
<banner query="DATABASE_VERSION()"/>