sqlmap icon indicating copy to clipboard operation
sqlmap copied to clipboard
verified publisher icon sqlmapproject

The ORDER BY clause is missing.

Open Nzoth9 opened this issue 2 years ago • 0 comments

Running environment:

  • sqlmap version: 1.7.1.4#dev
  • Installation method: git
  • Operating system: MacOS
  • Python version [e.g. 3.9.6]

Target details:

  • MySQL
  • Union Based

Hi, @stamparm! How are you? I'm sorry you're busy. if use a multi-column ORDER BY statement with --sql-shell or --sql-query, the ORDER BY is cleared.

  • SELECT id,user_id FROM DB.TB ORDER BY id DESC
[12:40:22] [DEBUG] got HTTP error code: 500 ('Internal Server Error')
[12:40:22] [PAYLOAD] 1234") UNION SELECT NULL,NULL,NULL,CONCAT(0x717a7a7671,IFNULL(CAST(COUNT(*) AS CHAR),0x20),0x7178717671),NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL FROM DB.TB DESC--

ORDER BY is cleared, works with just one column.

Again, I think something in /lib/core/agent.py is wrong. Thank you for always.

Nzoth9 avatar Jan 20 '23 03:01 Nzoth9