minor fixes

stamparm · stamparm · commit b0a82387749b · 2012-05-09T14:58:16.000Z
diff --git a/lib/controller/controller.py b/lib/controller/controller.py
@@ -131,7 +131,7 @@ def __formatInjection(inj):
         title = sdata.title
         vector = sdata.vector
         if stype == PAYLOAD.TECHNIQUE.UNION:
-            count = re.sub(r"\(.+\)", "", sdata.payload).count(",") + 1
+            count = re.sub(r"(?i)(\(.+\))|(\blimit[^A-Za-z]+)", "", sdata.payload).count(',') + 1
             title = re.sub(r"\d+ to \d+", str(count), title)
             vector = agent.forgeInbandQuery("[QUERY]", vector[0], vector[1], vector[2], None, None, vector[5], vector[6])
             if count == 1:
diff --git a/lib/techniques/union/test.py b/lib/techniques/union/test.py
@@ -208,7 +208,7 @@ def __unionPosition(comment, place, parameter, prefix, suffix, count, where=PAYL
 
             unionErrorCase = kb.errorIsNone and wasLastRequestDBMSError()
 
-            if unionErrorCase:
+            if unionErrorCase and count > 1:
                 warnMsg = "combined UNION/error-based SQL injection case found on "
                 warnMsg += "column %d. sqlmap will try to find another " % (position + 1)
                 warnMsg += "column with better characteristics"
@@ -273,7 +273,7 @@ def __unionTestByCharBruteforce(comment, place, parameter, value, prefix, suffix
                     warnMsg += "forcing the "
                 warnMsg += "back-end DBMS (e.g. --dbms=mysql) "
 
-            if not all([validPayload, vector]):
+            if not all([validPayload, vector]) and not warnMsg.endswith("consider "):
                 singleTimeWarnMessage(warnMsg)
 
     return validPayload, vector
