Thanks to visit codestin.com
Credit goes to github.com

Skip to content

Commit 7c16bfe

Browse files
stamparmstamparm
committed
Fix for error-based MsSQL dumping (in some cases failed because of wrong order - e.g. MIN(SUBSTRING( instead of SUBSTRING(MIN )
1 parent a7e1e85 commit 7c16bfe

1 file changed

Lines changed: 5 additions & 1 deletion

File tree

lib/techniques/error/use.py

Lines changed: 5 additions & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -75,7 +75,11 @@ def __oneShotErrorUse(expression, field=None):
7575
if field:
7676
nulledCastedField = agent.nullAndCastField(field)
7777

78-
if any(Backend.isDbms(dbms) for dbms in (DBMS.MYSQL, DBMS.MSSQL)):
78+
if any(Backend.isDbms(dbms) for dbms in (DBMS.MYSQL, DBMS.MSSQL)) and not any(_ in field for _ in ("COUNT", "CASE")): # skip chunking of scalar expression (unneeded)
79+
extendedField = re.search(r"[^ ,]*%s[^ ,]*" % re.escape(field), expression).group(0)
80+
if extendedField != field: # e.g. MIN(surname)
81+
nulledCastedField = extendedField.replace(field, nulledCastedField)
82+
field = extendedField
7983
nulledCastedField = queries[Backend.getIdentifiedDbms()].substring.query % (nulledCastedField, offset, chunk_length)
8084

8185
# Forge the error-based SQL injection request

0 commit comments

Comments
 (0)