Major bug fix to forge SQL injection payload on Oracle

2025-02-27 09:20:37 +03:00 · 2009-01-13 23:15:57 +00:00 · 2009-01-13 23:15:57 +00:00 · fd7cb9101c
commit fd7cb9101c
parent bc448211c5
1 changed files with 1 additions and 1 deletions
--- a/lib/core/agent.py
+++ b/lib/core/agent.py
@ -334,7 +334,7 @@ class Agent:
            elif fieldsNoSelect:
                concatQuery = "'%s'||%s||'%s'" % (temp.start, concatQuery, temp.stop)
-            if kb.dbms == "Oracle" and ( fieldsSelect or fieldsNoSelect ):
+            if kb.dbms == "Oracle" and " FROM " not in concatQuery and ( fieldsSelect or fieldsNoSelect ):
                concatQuery += " FROM DUAL"
        elif kb.dbms == "Microsoft SQL Server":