Patch for an Issue #475

lib/core/agent.py

@@ -525,7 +525,7 @@ class Agent(object):
         else:
             return query
 
-        if Backend.getIdentifiedDbms() in (DBMS.MYSQL, DBMS.HSQLDB):
+        if Backend.getIdentifiedDbms() in (DBMS.MYSQL,):
             if fieldsExists:
                 concatenatedQuery = concatenatedQuery.replace("SELECT ", "CONCAT('%s'," % kb.chars.start, 1)
                 concatenatedQuery += ",'%s')" % kb.chars.stop
@@ -541,7 +541,7 @@ class Agent(object):
             elif fieldsNoSelect:
                 concatenatedQuery = "CONCAT('%s',%s,'%s')" % (kb.chars.start, concatenatedQuery, kb.chars.stop)
 
-        elif Backend.getIdentifiedDbms() in (DBMS.PGSQL, DBMS.ORACLE, DBMS.SQLITE, DBMS.DB2, DBMS.FIREBIRD):
+        elif Backend.getIdentifiedDbms() in (DBMS.PGSQL, DBMS.ORACLE, DBMS.SQLITE, DBMS.DB2, DBMS.FIREBIRD, DBMS.HSQLDB):
             if fieldsExists:
                 concatenatedQuery = concatenatedQuery.replace("SELECT ", "'%s'||" % kb.chars.start, 1)
                 concatenatedQuery += "||'%s'" % kb.chars.stop

plugins/dbms/hsqldb/fingerprint.py

@@ -103,7 +103,6 @@ class Fingerprint(GenericFingerprint):
         infoMsg = "testing %s" % DBMS.HSQLDB
         logger.info(infoMsg)
 
-        # TODO This gets mangled in UNION queries because of the dummy table
         result = inject.checkBooleanExpression("CASEWHEN(1=1,1,0)=1")
 
         if result:

xml/queries.xml

@@ -641,7 +641,7 @@
         <comment query="--" query2="/*" query3="//"/>
         <substring query="SUBSTR((%s),%d,%d)"/>
         <concatenate query="CONCAT(%s,%s)"/>
-        <case query="(CASE WHEN (%s) THEN 1 ELSE 0 END)"/>
+        <case query="SELECT (CASE WHEN (%s) THEN 1 ELSE 0 END)"/>
         <hex query="RAWTOHEX(%s)"/>
         <inference query="ASCII(SUBSTR((%s),%d,1))>%d"/>
         <banner query="DATABASE_VERSION()"/>