Thanks to visit codestin.com
Credit goes to github.com

Skip to content

Commit 2420a4b

Browse files
stamparmstamparm
committed
Update for an Issue #342 and #372 
1 parent 9b4eaa9 commit 2420a4b

2 files changed

Lines changed: 10 additions & 8 deletions

File tree

lib/core/agent.py

Lines changed: 2 additions & 8 deletions
Original file line numberDiff line numberDiff line change
@@ -888,23 +888,17 @@ def forgeQueryOutputLength(self, expression):
888888
lengthQuery = queries[Backend.getIdentifiedDbms()].length.query
889889
select = re.search("\ASELECT\s+", expression, re.I)
890890
selectTopExpr = re.search("\ASELECT\s+TOP\s+[\d]+\s+(.+?)\s+FROM", expression, re.I)
891-
selectDistinctExpr = re.search("\ASELECT\s+DISTINCT\((.+?)\)\s+FROM", expression, re.I)
892891
selectFromExpr = re.search("\ASELECT\s+(.+?)\s+FROM", expression, re.I)
893892
selectExpr = re.search("\ASELECT\s+(.+)$", expression, re.I)
894893

895894
_, _, _, _, _, _, fieldsStr, _ = self.getFields(expression)
896895

897-
if any((selectTopExpr, selectDistinctExpr, selectFromExpr, selectExpr)):
896+
if any((selectTopExpr, selectFromExpr, selectExpr)):
898897
query = fieldsStr
899898
else:
900899
query = expression
901900

902-
if selectDistinctExpr:
903-
lengthExpr = "SELECT %s FROM (%s)" % (lengthQuery % query, expression)
904-
905-
if Backend.getIdentifiedDbms() in (DBMS.MYSQL, DBMS.PGSQL):
906-
lengthExpr += " AS %s" % randomStr(lowercase=True)
907-
elif select:
901+
if select:
908902
lengthExpr = expression.replace(query, lengthQuery % query, 1)
909903
else:
910904
lengthExpr = lengthQuery % expression

lib/request/inject.py

Lines changed: 8 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -25,6 +25,7 @@
2525
from lib.core.common import parseUnionPage
2626
from lib.core.common import popValue
2727
from lib.core.common import pushValue
28+
from lib.core.common import randomStr
2829
from lib.core.common import readInput
2930
from lib.core.common import singleTimeWarnMessage
3031
from lib.core.data import conf
@@ -76,6 +77,13 @@ def _goInference(payload, expression, charsetType=None, firstChar=None, lastChar
7677

7778
if not (timeBasedCompare and kb.dnsTest):
7879
if (conf.eta or conf.threads > 1) and Backend.getIdentifiedDbms() and not re.search("(COUNT|LTRIM)\(", expression, re.I) and not timeBasedCompare:
80+
81+
if field and re.search("\ASELECT\s+DISTINCT\((.+?)\)\s+FROM", expression, re.I):
82+
expression = "SELECT %s FROM (%s)" % (field, expression)
83+
84+
if Backend.getIdentifiedDbms() in (DBMS.MYSQL, DBMS.PGSQL):
85+
expression += " AS %s" % randomStr(lowercase=True)
86+
7987
if field and conf.hexConvert:
8088
nulledCastedField = agent.nullAndCastField(field)
8189
injExpression = expression.replace(field, nulledCastedField, 1)

0 commit comments

Comments
 (0)