Skip to content

Commit f97b35d

Browse files
stamparmstamparm
committed
Patch for an Issue sqlmapproject#475 
1 parent 9a8bec7 commit f97b35d

3 files changed

Lines changed: 3 additions & 4 deletions

File tree

lib/core/agent.py

Lines changed: 2 additions & 2 deletions
Original file line numberDiff line numberDiff line change
@@ -525,7 +525,7 @@ def concatQuery(self, query, unpack=True):
525525
else:
526526
return query
527527

528-
if Backend.getIdentifiedDbms() in (DBMS.MYSQL, DBMS.HSQLDB):
528+
if Backend.getIdentifiedDbms() in (DBMS.MYSQL,):
529529
if fieldsExists:
530530
concatenatedQuery = concatenatedQuery.replace("SELECT ", "CONCAT('%s'," % kb.chars.start, 1)
531531
concatenatedQuery += ",'%s')" % kb.chars.stop
@@ -541,7 +541,7 @@ def concatQuery(self, query, unpack=True):
541541
elif fieldsNoSelect:
542542
concatenatedQuery = "CONCAT('%s',%s,'%s')" % (kb.chars.start, concatenatedQuery, kb.chars.stop)
543543

544-
elif Backend.getIdentifiedDbms() in (DBMS.PGSQL, DBMS.ORACLE, DBMS.SQLITE, DBMS.DB2, DBMS.FIREBIRD):
544+
elif Backend.getIdentifiedDbms() in (DBMS.PGSQL, DBMS.ORACLE, DBMS.SQLITE, DBMS.DB2, DBMS.FIREBIRD, DBMS.HSQLDB):
545545
if fieldsExists:
546546
concatenatedQuery = concatenatedQuery.replace("SELECT ", "'%s'||" % kb.chars.start, 1)
547547
concatenatedQuery += "||'%s'" % kb.chars.stop

plugins/dbms/hsqldb/fingerprint.py

Lines changed: 0 additions & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -103,7 +103,6 @@ def checkDbms(self):
103103
infoMsg = "testing %s" % DBMS.HSQLDB
104104
logger.info(infoMsg)
105105

106-
# TODO This gets mangled in UNION queries because of the dummy table
107106
result = inject.checkBooleanExpression("CASEWHEN(1=1,1,0)=1")
108107

109108
if result:

xml/queries.xml

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -641,7 +641,7 @@
641641
<comment query="--" query2="/*" query3="//"/>
642642
<substring query="SUBSTR((%s),%d,%d)"/>
643643
<concatenate query="CONCAT(%s,%s)"/>
644-
<case query="(CASE WHEN (%s) THEN 1 ELSE 0 END)"/>
644+
<case query="SELECT (CASE WHEN (%s) THEN 1 ELSE 0 END)"/>
645645
<hex query="RAWTOHEX(%s)"/>
646646
<inference query="ASCII(SUBSTR((%s),%d,1))>%d"/>
647647
<banner query="DATABASE_VERSION()"/>

0 commit comments

Comments
 (0)