Minor bug fix with --sql-query/shell when providing a statement with DISTINCT

bdamele · bdamele · commit 80df1fdcf9eb · 2010-01-05T16:15:31.000Z
diff --git a/lib/core/agent.py b/lib/core/agent.py
@@ -502,6 +502,12 @@ def limitQuery(self, num, query, field):
             if " ORDER BY " in limitedQuery:
                 limitedQuery = limitedQuery[:limitedQuery.index(" ORDER BY ")]
 
+            notDistincts = re.findall("DISTINCT[\(\s+](.+?)\)*\s+", limitedQuery, re.I)
+
+            for notDistinct in notDistincts:
+                limitedQuery = limitedQuery.replace("DISTINCT(%s)" % notDistinct, notDistinct)
+                limitedQuery = limitedQuery.replace("DISTINCT %s" % notDistinct, notDistinct)
+
             if limitedQuery.startswith("SELECT TOP ") or limitedQuery.startswith("TOP "):
                 topNums         = re.search(queries[kb.dbms].limitregexp, limitedQuery, re.I)
 
@@ -517,11 +523,13 @@ def limitQuery(self, num, query, field):
                     limitedQuery    = limitedQuery.replace("TOP %s " % topNum, "")
 
             if forgeNotIn:
-                limitedQuery  = limitedQuery.replace("SELECT ", (limitStr % 1), 1)
+                limitedQuery = limitedQuery.replace("SELECT ", (limitStr % 1), 1)
+
                 if " WHERE " in limitedQuery:
                     limitedQuery  = "%s AND %s " % (limitedQuery, field)
                 else:
                     limitedQuery  = "%s WHERE %s " % (limitedQuery, field)
+
                 limitedQuery += "NOT IN (%s" % (limitStr % num)
                 limitedQuery += "%s %s)" % (field, fromFrom)
 
diff --git a/lib/core/common.py b/lib/core/common.py
@@ -510,7 +510,7 @@ def parsePasswordHash(password):
             password += "%suppercase: %s" % (blank, hexPassword[54:])
 
     return password
-        
+
 def cleanQuery(query):
     upperQuery = query
 
diff --git a/lib/core/settings.py b/lib/core/settings.py
@@ -74,6 +74,7 @@
                              "select ",
                              "show ",
                              " top ",
+                             " distinct ",
                              " from ",
                              " from dual",
                              " where ",
diff --git a/lib/request/inject.py b/lib/request/inject.py
@@ -350,6 +350,8 @@ def getValue(expression, blind=True, inband=True, fromUser=False, expected=None,
     expression = expandAsteriskForColumns(expression)
     value      = None
 
+    expression = expression.replace("DISTINCT ", "")
+
     if inband and kb.unionPosition:
         if kb.dbms == "Oracle" and " ORDER BY " in expression:
             expression = expression[:expression.index(" ORDER BY ")]
diff --git a/plugins/generic/enumeration.py b/plugins/generic/enumeration.py
@@ -1076,8 +1076,8 @@ def dumpAll(self):
                     dumper.dbTableValues(data)
 
     def sqlQuery(self, query):
-        output      = None
-        sqlType     = None
+        output  = None
+        sqlType = None
 
         for sqlTitle, sqlStatements in SQL_STATEMENTS.items():
             for sqlStatement in sqlStatements:
