From fd7cb9101c78173575a3beb3f9ada10a7c93c4db Mon Sep 17 00:00:00 2001
From: Bernardo Damele <bernardo.damele@gmail.com>
Date: Tue, 13 Jan 2009 23:15:57 +0000
Subject: [PATCH] Major bug fix to forge SQL injection payload on Oracle

---
 lib/core/agent.py | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/lib/core/agent.py b/lib/core/agent.py
index 81a02062c..dd03186df 100644
--- a/lib/core/agent.py
+++ b/lib/core/agent.py
@@ -334,7 +334,7 @@ class Agent:
             elif fieldsNoSelect:
                 concatQuery = "'%s'||%s||'%s'" % (temp.start, concatQuery, temp.stop)
 
-            if kb.dbms == "Oracle" and ( fieldsSelect or fieldsNoSelect ):
+            if kb.dbms == "Oracle" and " FROM " not in concatQuery and ( fieldsSelect or fieldsNoSelect ):
                 concatQuery += " FROM DUAL"
 
         elif kb.dbms == "Microsoft SQL Server":