Thanks to visit codestin.com
Credit goes to github.com

Skip to content

Commit fd7cb91

Browse files
bdamelebdamele
committed
Major bug fix to forge SQL injection payload on Oracle
1 parent bc44821 commit fd7cb91

1 file changed

Lines changed: 1 addition & 1 deletion

File tree

lib/core/agent.py

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -334,7 +334,7 @@ def concatQuery(self, query):
334334
elif fieldsNoSelect:
335335
concatQuery = "'%s'||%s||'%s'" % (temp.start, concatQuery, temp.stop)
336336

337-
if kb.dbms == "Oracle" and ( fieldsSelect or fieldsNoSelect ):
337+
if kb.dbms == "Oracle" and " FROM " not in concatQuery and ( fieldsSelect or fieldsNoSelect ):
338338
concatQuery += " FROM DUAL"
339339

340340
elif kb.dbms == "Microsoft SQL Server":

0 commit comments

Comments
 (0)