[sqlmap-users] Bug

SourceForge Headquarters 225 Broadway Suite 1600 San Diego, CA 92101 +1 (858) 422-6466

Hello SQLMAP users.

Version: sqlmap/0.8-rc7
When using partial (single row) inband sql injection with mssql sqlmap uses 
construction like this

field1=field1_value union all select top 1 some_field from some_table where 
some_field not in (select top N some_field from some_table)

Microsoft says that unordered result set with top clause are nondeterministic. 
Even more, results obtained with different N are the same. May be it's better 
to use skip/limit clause or something like this

field1=field1_value union all select top 1 some_field from some_table where 
some_field not in (select top N some_field from some_table order by 1) and 
some_field in (select top N+1 some_field from some_table order by 1)

Regards, Daliev Ilya