Skip to content

Commit f26ea04

Browse files
stamparmstamparm
committed
Fix for an Issue sqlmapproject#175 
1 parent e4bc471 commit f26ea04

File tree

3 files changed

+5
-8
lines changed

3 files changed

+5
-8
lines changed

lib/core/agent.py

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -751,7 +751,7 @@ def limitQuery(self, num, query, field=None, uniqueField=None):
751751
limitedQuery = "%s WHERE ISNULL(%s,' ') " % (limitedQuery, uniqueField or field)
752752

753753
limitedQuery += "NOT IN (%s" % (limitStr % num)
754-
limitedQuery += "ISNULL(%s,' ') %s ORDER BY %s) ORDER BY %s" % (uniqueField or field, fromFrom, uniqueField or "1", uniqueField or "1")
754+
limitedQuery += "%s %s ORDER BY %s) ORDER BY %s" % (self.nullAndCastField(uniqueField or field), fromFrom, uniqueField or "1", uniqueField or "1")
755755
else:
756756
if " WHERE " in limitedQuery:
757757
limitedQuery = "%s AND %s " % (limitedQuery, field)

plugins/generic/databases.py

Lines changed: 3 additions & 6 deletions
Original file line numberDiff line numberDiff line change
@@ -604,9 +604,7 @@ def getColumns(self, onlyColNames=False, colTuple=None, bruteForce=None):
604604
table = {}
605605
columns = {}
606606

607-
indexRange = getLimitRange(count)
608-
609-
for index in indexRange:
607+
for index in getLimitRange(count):
610608
if Backend.getIdentifiedDbms() in (DBMS.MYSQL, DBMS.PGSQL):
611609
query = rootQuery.blind.query % (unsafeSQLIdentificatorNaming(tbl), unsafeSQLIdentificatorNaming(conf.db))
612610
query += condQuery
@@ -616,16 +614,15 @@ def getColumns(self, onlyColNames=False, colTuple=None, bruteForce=None):
616614
query += condQuery
617615
field = None
618616
elif Backend.isDbms(DBMS.MSSQL):
619-
query = rootQuery.blind.query % (conf.db, conf.db, conf.db, conf.db,
620-
conf.db, conf.db, unsafeSQLIdentificatorNaming(tbl).split(".")[-1])
617+
query = rootQuery.blind.query.replace("'%s'", "'%s'" % unsafeSQLIdentificatorNaming(tbl).split(".")[-1]).replace("%s", conf.db).replace("%d", str(index))
621618
query += condQuery.replace("[DB]", conf.db)
622619
field = condition.replace("[DB]", conf.db)
623620
elif Backend.isDbms(DBMS.FIREBIRD):
624621
query = rootQuery.blind.query % (tbl)
625622
query += condQuery
626623
field = None
627624

628-
query = agent.limitQuery(index, query, field)
625+
query = agent.limitQuery(index, query, field, field)
629626
column = inject.getValue(query, inband=False, error=False)
630627

631628
if not isNoneValue(column):

xml/queries.xml

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -195,7 +195,7 @@
195195
</tables>
196196
<columns>
197197
<inband query="SELECT %s..syscolumns.name,TYPE_NAME(%s..syscolumns.xtype) FROM %s..syscolumns,%s..sysobjects WHERE %s..syscolumns.id=%s..sysobjects.id AND %s..sysobjects.name='%s'" condition="[DB]..syscolumns.name"/>
198-
<blind query="SELECT %s..syscolumns.name FROM %s..syscolumns,%s..sysobjects WHERE %s..syscolumns.id=%s..sysobjects.id AND %s..sysobjects.name='%s'" query2="SELECT TYPE_NAME(%s..syscolumns.xtype) FROM %s..syscolumns,%s..sysobjects WHERE %s..syscolumns.name='%s' AND %s..syscolumns.id=%s..sysobjects.id AND %s..sysobjects.name='%s'" count="SELECT LTRIM(STR(COUNT(name))) FROM %s..syscolumns WHERE id=(SELECT id FROM %s..sysobjects WHERE name='%s')" condition="[DB]..syscolumns.name"/>
198+
<blind query="SELECT TOP 1 %s..syscolumns.name FROM %s..syscolumns,%s..sysobjects WHERE %s..syscolumns.id=%s..sysobjects.id AND %s..sysobjects.name='%s' AND %s..syscolumns.name NOT IN (SELECT TOP %d %s..syscolumns.name FROM %s..syscolumns,%s..sysobjects WHERE %s..syscolumns.id=%s..sysobjects.id AND %s..sysobjects.name='%s' ORDER BY %s..syscolumns.name) ORDER BY %s..syscolumns.name" query2="SELECT TYPE_NAME(%s..syscolumns.xtype) FROM %s..syscolumns,%s..sysobjects WHERE %s..syscolumns.name='%s' AND %s..syscolumns.id=%s..sysobjects.id AND %s..sysobjects.name='%s'" count="SELECT LTRIM(STR(COUNT(name))) FROM %s..syscolumns WHERE id=(SELECT id FROM %s..sysobjects WHERE name='%s')" condition="[DB]..syscolumns.name"/>
199199
</columns>
200200
<dump_table>
201201
<inband query="SELECT %s FROM %s.%s"/>

0 commit comments

Comments
 (0)