mirror of
https://github.com/sqlmapproject/sqlmap.git
synced 2026-07-11 19:13:12 +00:00
Major enhancement to support Partial UNION query SQL injection technique too.
Minor code cleanup.
This commit is contained in:
parent
9dbad512f1
commit
072eb7154c
6 changed files with 303 additions and 139 deletions
|
|
@ -909,17 +909,6 @@ class Enumeration:
|
|||
index += 1
|
||||
|
||||
if not self.dumpedTable:
|
||||
if conf.unionUse:
|
||||
warnMsg = "unable to retrieve the "
|
||||
if conf.col:
|
||||
warnMsg += "columns '%s' " % colString
|
||||
warnMsg += "entries for table '%s' " % conf.tbl
|
||||
warnMsg += "on database '%s'" % conf.db
|
||||
warnMsg += " through UNION query SQL injection, "
|
||||
warnMsg += "probably because it has no entries, going "
|
||||
warnMsg += "blind to confirm"
|
||||
logger.warn(warnMsg)
|
||||
|
||||
infoMsg = "fetching number of "
|
||||
if conf.col:
|
||||
infoMsg += "columns '%s' " % colString
|
||||
|
|
@ -1041,12 +1030,6 @@ class Enumeration:
|
|||
infoMsg = "fetching SQL SELECT query output: '%s'" % query
|
||||
logger.info(infoMsg)
|
||||
|
||||
if query.startswith("select "):
|
||||
query = query.replace("select ", "SELECT ", 1)
|
||||
|
||||
if " from " in query:
|
||||
query = query.replace(" from ", " FROM ")
|
||||
|
||||
output = inject.getValue(query, fromUser=True)
|
||||
|
||||
if output == "Quit":
|
||||
|
|
|
|||
Loading…
Add table
Add a link
Reference in a new issue