fix: missing value on dbms attribute makes Oracle paylods be executed on other dbms

r0oth3x49 / ghauri

An advanced cross-platform tool that automates the process of detecting and exploiting SQL injection security flaws

MIT License

3.11k stars 311 forks source link

fix: missing value on dbms attribute makes Oracle paylods be executed on other dbms #161

Closed oppsec closed 4 months ago

oppsec commented 4 months ago

Hello!

While testing for some SQL Injections on my Postgresql environment I noticed that Oracle payloads are being executed because there is no value for the dbms attribute.

Best regards, oppsec.

r0oth3x49 commented 4 months ago

it is fixed in the up coming updates including few other fixes plus a single additional request to the target url won't bother that much i guess. so closing this PR and once update is pushed this will be fixed already.