2019-05-08 13:47:52 +03:00
|
|
|
#!/usr/bin/env python
|
2012-07-20 22:17:35 +04:00
|
|
|
|
|
|
|
"""
|
2020-12-31 13:46:27 +03:00
|
|
|
Copyright (c) 2006-2021 sqlmap developers (http://sqlmap.org/)
|
2017-10-11 15:50:46 +03:00
|
|
|
See the file 'LICENSE' for copying permission
|
2012-07-20 22:17:35 +04:00
|
|
|
"""
|
|
|
|
|
2013-01-15 19:05:33 +04:00
|
|
|
import re
|
|
|
|
|
|
|
|
from lib.core.agent import agent
|
2012-07-20 22:17:35 +04:00
|
|
|
from lib.core.bigarray import BigArray
|
|
|
|
from lib.core.common import Backend
|
|
|
|
from lib.core.common import clearConsoleLine
|
|
|
|
from lib.core.common import getLimitRange
|
2015-09-10 16:51:33 +03:00
|
|
|
from lib.core.common import getSafeExString
|
2012-07-20 22:17:35 +04:00
|
|
|
from lib.core.common import isInferenceAvailable
|
|
|
|
from lib.core.common import isListLike
|
|
|
|
from lib.core.common import isNoneValue
|
|
|
|
from lib.core.common import isNumPosStrValue
|
|
|
|
from lib.core.common import isTechniqueAvailable
|
|
|
|
from lib.core.common import prioritySortColumns
|
|
|
|
from lib.core.common import readInput
|
|
|
|
from lib.core.common import safeSQLIdentificatorNaming
|
2018-02-13 17:53:50 +03:00
|
|
|
from lib.core.common import singleTimeLogMessage
|
2018-04-17 18:08:57 +03:00
|
|
|
from lib.core.common import singleTimeWarnMessage
|
2012-07-20 22:17:35 +04:00
|
|
|
from lib.core.common import unArrayizeValue
|
|
|
|
from lib.core.common import unsafeSQLIdentificatorNaming
|
2019-10-29 17:00:53 +03:00
|
|
|
from lib.core.convert import getConsoleLength
|
2019-05-06 01:54:21 +03:00
|
|
|
from lib.core.convert import getUnicode
|
2012-07-20 22:17:35 +04:00
|
|
|
from lib.core.data import conf
|
|
|
|
from lib.core.data import kb
|
|
|
|
from lib.core.data import logger
|
|
|
|
from lib.core.data import queries
|
2012-08-21 13:30:01 +04:00
|
|
|
from lib.core.dicts import DUMP_REPLACEMENTS
|
2012-07-20 22:17:35 +04:00
|
|
|
from lib.core.enums import CHARSET_TYPE
|
|
|
|
from lib.core.enums import DBMS
|
|
|
|
from lib.core.enums import EXPECTED
|
|
|
|
from lib.core.enums import PAYLOAD
|
2012-12-06 17:14:19 +04:00
|
|
|
from lib.core.exception import SqlmapConnectionException
|
|
|
|
from lib.core.exception import SqlmapMissingMandatoryOptionException
|
|
|
|
from lib.core.exception import SqlmapNoneDataException
|
|
|
|
from lib.core.exception import SqlmapUnsupportedFeatureException
|
2012-07-20 22:17:35 +04:00
|
|
|
from lib.core.settings import CHECK_ZERO_COLUMNS_THRESHOLD
|
|
|
|
from lib.core.settings import CURRENT_DB
|
2021-01-11 19:36:23 +03:00
|
|
|
from lib.core.settings import METADB_SUFFIX
|
2012-07-20 22:17:35 +04:00
|
|
|
from lib.core.settings import NULL
|
2020-02-25 14:36:07 +03:00
|
|
|
from lib.core.settings import PLUS_ONE_DBMSES
|
2020-01-27 19:32:31 +03:00
|
|
|
from lib.core.settings import UPPER_CASE_DBMSES
|
2012-07-20 22:17:35 +04:00
|
|
|
from lib.request import inject
|
|
|
|
from lib.utils.hash import attackDumpedTable
|
2012-09-10 21:23:24 +04:00
|
|
|
from lib.utils.pivotdumptable import pivotDumpTable
|
2019-03-28 15:53:54 +03:00
|
|
|
from thirdparty import six
|
2019-05-03 00:51:54 +03:00
|
|
|
from thirdparty.six.moves import zip as _zip
|
2012-07-20 22:17:35 +04:00
|
|
|
|
2019-05-29 17:42:04 +03:00
|
|
|
class Entries(object):
|
2012-07-20 22:17:35 +04:00
|
|
|
"""
|
|
|
|
This class defines entries' enumeration functionalities for plugins.
|
|
|
|
"""
|
|
|
|
|
|
|
|
def __init__(self):
|
|
|
|
pass
|
|
|
|
|
|
|
|
def dumpTable(self, foundData=None):
|
|
|
|
self.forceDbmsEnum()
|
|
|
|
|
|
|
|
if conf.db is None or conf.db == CURRENT_DB:
|
|
|
|
if conf.db is None:
|
2012-10-04 20:28:36 +04:00
|
|
|
warnMsg = "missing database parameter. sqlmap is going "
|
2012-07-20 22:17:35 +04:00
|
|
|
warnMsg += "to use the current database to enumerate "
|
|
|
|
warnMsg += "table(s) entries"
|
|
|
|
logger.warn(warnMsg)
|
|
|
|
|
|
|
|
conf.db = self.getCurrentDb()
|
|
|
|
|
|
|
|
elif conf.db is not None:
|
2020-01-27 19:32:31 +03:00
|
|
|
if Backend.getIdentifiedDbms() in UPPER_CASE_DBMSES:
|
2012-07-20 22:17:35 +04:00
|
|
|
conf.db = conf.db.upper()
|
|
|
|
|
2018-02-13 17:53:50 +03:00
|
|
|
if ',' in conf.db:
|
2012-07-20 22:17:35 +04:00
|
|
|
errMsg = "only one database name is allowed when enumerating "
|
|
|
|
errMsg += "the tables' columns"
|
2013-01-04 02:20:55 +04:00
|
|
|
raise SqlmapMissingMandatoryOptionException(errMsg)
|
2012-07-20 22:17:35 +04:00
|
|
|
|
2019-11-04 14:53:29 +03:00
|
|
|
if conf.exclude and re.search(conf.exclude, conf.db, re.I) is not None:
|
2018-02-13 17:53:50 +03:00
|
|
|
infoMsg = "skipping database '%s'" % unsafeSQLIdentificatorNaming(conf.db)
|
|
|
|
singleTimeLogMessage(infoMsg)
|
|
|
|
return
|
|
|
|
|
2012-07-20 22:17:35 +04:00
|
|
|
conf.db = safeSQLIdentificatorNaming(conf.db)
|
|
|
|
|
|
|
|
if conf.tbl:
|
2020-01-27 19:32:31 +03:00
|
|
|
if Backend.getIdentifiedDbms() in UPPER_CASE_DBMSES:
|
2012-07-20 22:17:35 +04:00
|
|
|
conf.tbl = conf.tbl.upper()
|
|
|
|
|
2017-04-18 16:56:24 +03:00
|
|
|
tblList = conf.tbl.split(',')
|
2012-07-20 22:17:35 +04:00
|
|
|
else:
|
|
|
|
self.getTables()
|
|
|
|
|
|
|
|
if len(kb.data.cachedTables) > 0:
|
2019-05-15 11:30:47 +03:00
|
|
|
tblList = list(six.itervalues(kb.data.cachedTables))
|
2012-07-20 22:17:35 +04:00
|
|
|
|
2019-05-15 11:30:47 +03:00
|
|
|
if tblList and isListLike(tblList[0]):
|
2012-07-20 22:17:35 +04:00
|
|
|
tblList = tblList[0]
|
2015-09-24 14:44:51 +03:00
|
|
|
elif not conf.search:
|
2012-07-20 22:17:35 +04:00
|
|
|
errMsg = "unable to retrieve the tables "
|
|
|
|
errMsg += "in database '%s'" % unsafeSQLIdentificatorNaming(conf.db)
|
2013-01-04 02:20:55 +04:00
|
|
|
raise SqlmapNoneDataException(errMsg)
|
2015-09-24 14:44:51 +03:00
|
|
|
else:
|
|
|
|
return
|
2012-07-20 22:17:35 +04:00
|
|
|
|
|
|
|
for tbl in tblList:
|
|
|
|
tblList[tblList.index(tbl)] = safeSQLIdentificatorNaming(tbl, True)
|
|
|
|
|
|
|
|
for tbl in tblList:
|
2018-03-13 16:40:32 +03:00
|
|
|
if kb.dumpKeyboardInterrupt:
|
|
|
|
break
|
|
|
|
|
2019-11-04 14:53:29 +03:00
|
|
|
if conf.exclude and re.search(conf.exclude, tbl, re.I) is not None:
|
2018-02-13 17:53:50 +03:00
|
|
|
infoMsg = "skipping table '%s'" % unsafeSQLIdentificatorNaming(tbl)
|
|
|
|
singleTimeLogMessage(infoMsg)
|
|
|
|
continue
|
|
|
|
|
2012-07-20 22:17:35 +04:00
|
|
|
conf.tbl = tbl
|
|
|
|
kb.data.dumpedTable = {}
|
|
|
|
|
|
|
|
if foundData is None:
|
|
|
|
kb.data.cachedColumns = {}
|
2015-09-22 13:33:11 +03:00
|
|
|
self.getColumns(onlyColNames=True, dumpMode=True)
|
2012-07-20 22:17:35 +04:00
|
|
|
else:
|
|
|
|
kb.data.cachedColumns = foundData
|
|
|
|
|
|
|
|
try:
|
2016-09-23 13:33:27 +03:00
|
|
|
if Backend.isDbms(DBMS.INFORMIX):
|
|
|
|
kb.dumpTable = "%s:%s" % (conf.db, tbl)
|
2020-05-20 16:35:20 +03:00
|
|
|
elif Backend.isDbms(DBMS.SQLITE):
|
|
|
|
kb.dumpTable = tbl
|
2016-09-23 13:33:27 +03:00
|
|
|
else:
|
|
|
|
kb.dumpTable = "%s.%s" % (conf.db, tbl)
|
2012-07-20 22:17:35 +04:00
|
|
|
|
2018-09-22 00:25:25 +03:00
|
|
|
if safeSQLIdentificatorNaming(conf.db) not in kb.data.cachedColumns or safeSQLIdentificatorNaming(tbl, True) not in kb.data.cachedColumns[safeSQLIdentificatorNaming(conf.db)] or not kb.data.cachedColumns[safeSQLIdentificatorNaming(conf.db)][safeSQLIdentificatorNaming(tbl, True)]:
|
2021-01-11 19:36:23 +03:00
|
|
|
warnMsg = "unable to enumerate the columns for table '%s'" % unsafeSQLIdentificatorNaming(tbl)
|
|
|
|
if METADB_SUFFIX not in conf.db:
|
|
|
|
warnMsg += " in database '%s'" % unsafeSQLIdentificatorNaming(conf.db)
|
2012-07-20 22:17:35 +04:00
|
|
|
warnMsg += ", skipping" if len(tblList) > 1 else ""
|
|
|
|
logger.warn(warnMsg)
|
|
|
|
|
|
|
|
continue
|
|
|
|
|
2013-01-15 19:05:33 +04:00
|
|
|
columns = kb.data.cachedColumns[safeSQLIdentificatorNaming(conf.db)][safeSQLIdentificatorNaming(tbl, True)]
|
2019-01-22 05:14:23 +03:00
|
|
|
colList = sorted(column for column in columns if column)
|
2014-01-13 13:05:49 +04:00
|
|
|
|
2018-02-13 17:53:50 +03:00
|
|
|
if conf.exclude:
|
2019-11-04 14:53:29 +03:00
|
|
|
colList = [_ for _ in colList if re.search(conf.exclude, _, re.I) is None]
|
2014-01-13 13:05:49 +04:00
|
|
|
|
|
|
|
if not colList:
|
|
|
|
warnMsg = "skipping table '%s'" % unsafeSQLIdentificatorNaming(tbl)
|
2021-01-11 19:36:23 +03:00
|
|
|
if METADB_SUFFIX not in conf.db:
|
|
|
|
warnMsg += " in database '%s'" % unsafeSQLIdentificatorNaming(conf.db)
|
2014-01-13 13:05:49 +04:00
|
|
|
warnMsg += " (no usable column names)"
|
|
|
|
logger.warn(warnMsg)
|
|
|
|
continue
|
|
|
|
|
2020-05-13 14:45:52 +03:00
|
|
|
kb.dumpColumns = [unsafeSQLIdentificatorNaming(_) for _ in colList]
|
2020-10-27 16:06:56 +03:00
|
|
|
colNames = colString = ','.join(column for column in colList)
|
2012-07-20 22:17:35 +04:00
|
|
|
rootQuery = queries[Backend.getIdentifiedDbms()].dump_table
|
|
|
|
|
|
|
|
infoMsg = "fetching entries"
|
|
|
|
if conf.col:
|
2013-01-15 19:05:33 +04:00
|
|
|
infoMsg += " of column(s) '%s'" % colNames
|
2012-07-20 22:17:35 +04:00
|
|
|
infoMsg += " for table '%s'" % unsafeSQLIdentificatorNaming(tbl)
|
2021-01-11 19:36:23 +03:00
|
|
|
if METADB_SUFFIX not in conf.db:
|
|
|
|
infoMsg += " in database '%s'" % unsafeSQLIdentificatorNaming(conf.db)
|
2012-07-20 22:17:35 +04:00
|
|
|
logger.info(infoMsg)
|
|
|
|
|
2013-01-15 19:05:33 +04:00
|
|
|
for column in colList:
|
|
|
|
_ = agent.preprocessField(tbl, column)
|
|
|
|
if _ != column:
|
2020-07-28 12:22:05 +03:00
|
|
|
colString = re.sub(r"\b%s\b" % re.escape(column), _.replace("\\", r"\\"), colString)
|
2013-01-15 19:05:33 +04:00
|
|
|
|
2012-07-20 22:17:35 +04:00
|
|
|
entriesCount = 0
|
|
|
|
|
2012-12-05 13:45:17 +04:00
|
|
|
if any(isTechniqueAvailable(_) for _ in (PAYLOAD.TECHNIQUE.UNION, PAYLOAD.TECHNIQUE.ERROR, PAYLOAD.TECHNIQUE.QUERY)) or conf.direct:
|
2012-07-20 22:17:35 +04:00
|
|
|
entries = []
|
|
|
|
query = None
|
|
|
|
|
2020-01-31 13:33:31 +03:00
|
|
|
if Backend.getIdentifiedDbms() in (DBMS.ORACLE, DBMS.DB2, DBMS.DERBY, DBMS.ALTIBASE, DBMS.MIMERSQL):
|
2012-07-20 22:17:35 +04:00
|
|
|
query = rootQuery.inband.query % (colString, tbl.upper() if not conf.db else ("%s.%s" % (conf.db.upper(), tbl.upper())))
|
2021-01-11 19:36:23 +03:00
|
|
|
elif Backend.getIdentifiedDbms() in (DBMS.SQLITE, DBMS.ACCESS, DBMS.FIREBIRD, DBMS.MAXDB, DBMS.MCKOI, DBMS.EXTREMEDB, DBMS.RAIMA):
|
2012-07-20 22:17:35 +04:00
|
|
|
query = rootQuery.inband.query % (colString, tbl)
|
|
|
|
elif Backend.getIdentifiedDbms() in (DBMS.SYBASE, DBMS.MSSQL):
|
|
|
|
# Partial inband and error
|
|
|
|
if not (isTechniqueAvailable(PAYLOAD.TECHNIQUE.UNION) and kb.injection.data[PAYLOAD.TECHNIQUE.UNION].where == PAYLOAD.WHERE.ORIGINAL):
|
|
|
|
table = "%s.%s" % (conf.db, tbl)
|
|
|
|
|
2018-04-17 18:08:57 +03:00
|
|
|
if Backend.isDbms(DBMS.MSSQL) and not conf.forcePivoting:
|
|
|
|
warnMsg = "in case of table dumping problems (e.g. column entry order) "
|
|
|
|
warnMsg += "you are advised to rerun with '--force-pivoting'"
|
|
|
|
singleTimeWarnMessage(warnMsg)
|
|
|
|
|
2017-06-07 12:22:06 +03:00
|
|
|
query = rootQuery.blind.count % table
|
|
|
|
query = agent.whereQuery(query)
|
|
|
|
|
|
|
|
count = inject.getValue(query, blind=False, time=False, expected=EXPECTED.INT, charsetType=CHARSET_TYPE.DIGITS)
|
|
|
|
if isNumPosStrValue(count):
|
2017-06-07 17:07:27 +03:00
|
|
|
try:
|
|
|
|
indexRange = getLimitRange(count, plusOne=True)
|
|
|
|
|
|
|
|
for index in indexRange:
|
|
|
|
row = []
|
|
|
|
for column in colList:
|
|
|
|
query = rootQuery.blind.query3 % (column, column, table, index)
|
|
|
|
query = agent.whereQuery(query)
|
|
|
|
value = inject.getValue(query, blind=False, time=False, dump=True) or ""
|
|
|
|
row.append(value)
|
|
|
|
|
2019-06-26 12:31:13 +03:00
|
|
|
if not entries and isNoneValue(row):
|
|
|
|
break
|
|
|
|
|
2017-06-07 17:07:27 +03:00
|
|
|
entries.append(row)
|
|
|
|
|
|
|
|
except KeyboardInterrupt:
|
|
|
|
kb.dumpKeyboardInterrupt = True
|
|
|
|
clearConsoleLine()
|
|
|
|
warnMsg = "Ctrl+C detected in dumping phase"
|
|
|
|
logger.warn(warnMsg)
|
|
|
|
|
2019-06-26 12:31:13 +03:00
|
|
|
if isNoneValue(entries) and not kb.dumpKeyboardInterrupt:
|
2017-06-07 12:22:06 +03:00
|
|
|
try:
|
|
|
|
retVal = pivotDumpTable(table, colList, blind=False)
|
|
|
|
except KeyboardInterrupt:
|
|
|
|
retVal = None
|
|
|
|
kb.dumpKeyboardInterrupt = True
|
|
|
|
clearConsoleLine()
|
|
|
|
warnMsg = "Ctrl+C detected in dumping phase"
|
|
|
|
logger.warn(warnMsg)
|
|
|
|
|
|
|
|
if retVal:
|
|
|
|
entries, _ = retVal
|
2019-06-26 12:31:13 +03:00
|
|
|
entries = BigArray(_zip(*[entries[colName] for colName in colList]))
|
2012-07-20 22:17:35 +04:00
|
|
|
else:
|
|
|
|
query = rootQuery.inband.query % (colString, conf.db, tbl)
|
2021-02-15 16:07:04 +03:00
|
|
|
elif Backend.getIdentifiedDbms() in (DBMS.MYSQL, DBMS.PGSQL, DBMS.HSQLDB, DBMS.H2, DBMS.VERTICA, DBMS.PRESTO, DBMS.CRATEDB, DBMS.CACHE, DBMS.VIRTUOSO):
|
2012-07-20 22:17:35 +04:00
|
|
|
query = rootQuery.inband.query % (colString, conf.db, tbl, prioritySortColumns(colList)[0])
|
|
|
|
else:
|
|
|
|
query = rootQuery.inband.query % (colString, conf.db, tbl)
|
|
|
|
|
2017-01-02 17:14:59 +03:00
|
|
|
query = agent.whereQuery(query)
|
2014-02-11 19:20:45 +04:00
|
|
|
|
2017-06-07 17:07:27 +03:00
|
|
|
if not entries and query and not kb.dumpKeyboardInterrupt:
|
2017-03-06 14:05:58 +03:00
|
|
|
try:
|
|
|
|
entries = inject.getValue(query, blind=False, time=False, dump=True)
|
|
|
|
except KeyboardInterrupt:
|
|
|
|
entries = None
|
|
|
|
kb.dumpKeyboardInterrupt = True
|
|
|
|
clearConsoleLine()
|
|
|
|
warnMsg = "Ctrl+C detected in dumping phase"
|
|
|
|
logger.warn(warnMsg)
|
2012-07-20 22:17:35 +04:00
|
|
|
|
2012-10-28 01:42:52 +04:00
|
|
|
if not isNoneValue(entries):
|
2019-03-28 15:53:54 +03:00
|
|
|
if isinstance(entries, six.string_types):
|
2012-10-28 01:42:52 +04:00
|
|
|
entries = [entries]
|
|
|
|
elif not isListLike(entries):
|
|
|
|
entries = []
|
2012-07-20 22:17:35 +04:00
|
|
|
|
2012-10-28 01:42:52 +04:00
|
|
|
entriesCount = len(entries)
|
2012-07-20 22:17:35 +04:00
|
|
|
|
2012-10-28 01:42:52 +04:00
|
|
|
for index, column in enumerate(colList):
|
|
|
|
if column not in kb.data.dumpedTable:
|
|
|
|
kb.data.dumpedTable[column] = {"length": len(column), "values": BigArray()}
|
2012-07-20 22:17:35 +04:00
|
|
|
|
2012-10-28 01:42:52 +04:00
|
|
|
for entry in entries:
|
|
|
|
if entry is None or len(entry) == 0:
|
|
|
|
continue
|
2012-07-20 22:17:35 +04:00
|
|
|
|
2019-03-28 15:53:54 +03:00
|
|
|
if isinstance(entry, six.string_types):
|
2012-10-28 01:42:52 +04:00
|
|
|
colEntry = entry
|
|
|
|
else:
|
|
|
|
colEntry = unArrayizeValue(entry[index]) if index < len(entry) else u''
|
2012-07-20 22:17:35 +04:00
|
|
|
|
2019-10-29 17:00:53 +03:00
|
|
|
maxLen = max(getConsoleLength(column), getConsoleLength(DUMP_REPLACEMENTS.get(getUnicode(colEntry), getUnicode(colEntry))))
|
2012-07-20 22:17:35 +04:00
|
|
|
|
2012-10-28 01:42:52 +04:00
|
|
|
if maxLen > kb.data.dumpedTable[column]["length"]:
|
|
|
|
kb.data.dumpedTable[column]["length"] = maxLen
|
2012-07-20 22:17:35 +04:00
|
|
|
|
2012-10-28 01:42:52 +04:00
|
|
|
kb.data.dumpedTable[column]["values"].append(colEntry)
|
2012-07-20 22:17:35 +04:00
|
|
|
|
|
|
|
if not kb.data.dumpedTable and isInferenceAvailable() and not conf.direct:
|
|
|
|
infoMsg = "fetching number of "
|
|
|
|
if conf.col:
|
2013-01-15 19:05:33 +04:00
|
|
|
infoMsg += "column(s) '%s' " % colNames
|
2012-07-20 22:17:35 +04:00
|
|
|
infoMsg += "entries for table '%s' " % unsafeSQLIdentificatorNaming(tbl)
|
|
|
|
infoMsg += "in database '%s'" % unsafeSQLIdentificatorNaming(conf.db)
|
|
|
|
logger.info(infoMsg)
|
|
|
|
|
2020-01-31 13:33:31 +03:00
|
|
|
if Backend.getIdentifiedDbms() in (DBMS.ORACLE, DBMS.DB2, DBMS.DERBY, DBMS.ALTIBASE, DBMS.MIMERSQL):
|
2012-07-20 22:17:35 +04:00
|
|
|
query = rootQuery.blind.count % (tbl.upper() if not conf.db else ("%s.%s" % (conf.db.upper(), tbl.upper())))
|
2021-01-11 19:36:23 +03:00
|
|
|
elif Backend.getIdentifiedDbms() in (DBMS.SQLITE, DBMS.MAXDB, DBMS.ACCESS, DBMS.FIREBIRD, DBMS.MCKOI, DBMS.EXTREMEDB, DBMS.RAIMA):
|
2012-07-20 22:17:35 +04:00
|
|
|
query = rootQuery.blind.count % tbl
|
|
|
|
elif Backend.getIdentifiedDbms() in (DBMS.SYBASE, DBMS.MSSQL):
|
|
|
|
query = rootQuery.blind.count % ("%s.%s" % (conf.db, tbl))
|
2016-09-23 13:33:27 +03:00
|
|
|
elif Backend.isDbms(DBMS.INFORMIX):
|
|
|
|
query = rootQuery.blind.count % (conf.db, tbl)
|
2012-07-20 22:17:35 +04:00
|
|
|
else:
|
|
|
|
query = rootQuery.blind.count % (conf.db, tbl)
|
2012-10-25 11:56:36 +04:00
|
|
|
|
2017-01-02 17:14:59 +03:00
|
|
|
query = agent.whereQuery(query)
|
2014-02-11 19:20:45 +04:00
|
|
|
|
2012-10-28 02:36:09 +04:00
|
|
|
count = inject.getValue(query, union=False, error=False, expected=EXPECTED.INT, charsetType=CHARSET_TYPE.DIGITS)
|
2012-07-20 22:17:35 +04:00
|
|
|
|
|
|
|
lengths = {}
|
|
|
|
entries = {}
|
|
|
|
|
|
|
|
if count == 0:
|
|
|
|
warnMsg = "table '%s' " % unsafeSQLIdentificatorNaming(tbl)
|
|
|
|
warnMsg += "in database '%s' " % unsafeSQLIdentificatorNaming(conf.db)
|
|
|
|
warnMsg += "appears to be empty"
|
|
|
|
logger.warn(warnMsg)
|
|
|
|
|
|
|
|
for column in colList:
|
|
|
|
lengths[column] = len(column)
|
|
|
|
entries[column] = []
|
|
|
|
|
|
|
|
elif not isNumPosStrValue(count):
|
|
|
|
warnMsg = "unable to retrieve the number of "
|
|
|
|
if conf.col:
|
2013-01-15 19:05:33 +04:00
|
|
|
warnMsg += "column(s) '%s' " % colNames
|
2012-07-20 22:17:35 +04:00
|
|
|
warnMsg += "entries for table '%s' " % unsafeSQLIdentificatorNaming(tbl)
|
|
|
|
warnMsg += "in database '%s'" % unsafeSQLIdentificatorNaming(conf.db)
|
|
|
|
logger.warn(warnMsg)
|
|
|
|
|
|
|
|
continue
|
|
|
|
|
2021-01-11 19:36:23 +03:00
|
|
|
elif Backend.getIdentifiedDbms() in (DBMS.ACCESS, DBMS.SYBASE, DBMS.MAXDB, DBMS.MSSQL, DBMS.INFORMIX, DBMS.MCKOI, DBMS.RAIMA):
|
|
|
|
if Backend.getIdentifiedDbms() in (DBMS.ACCESS, DBMS.MCKOI, DBMS.RAIMA):
|
2012-07-20 22:17:35 +04:00
|
|
|
table = tbl
|
2020-02-02 16:51:24 +03:00
|
|
|
elif Backend.getIdentifiedDbms() in (DBMS.SYBASE, DBMS.MSSQL, DBMS.MAXDB):
|
2012-07-20 22:17:35 +04:00
|
|
|
table = "%s.%s" % (conf.db, tbl)
|
2017-12-11 16:49:30 +03:00
|
|
|
elif Backend.isDbms(DBMS.INFORMIX):
|
|
|
|
table = "%s:%s" % (conf.db, tbl)
|
2012-07-20 22:17:35 +04:00
|
|
|
|
2018-04-17 18:08:57 +03:00
|
|
|
if Backend.isDbms(DBMS.MSSQL) and not conf.forcePivoting:
|
|
|
|
warnMsg = "in case of table dumping problems (e.g. column entry order) "
|
|
|
|
warnMsg += "you are advised to rerun with '--force-pivoting'"
|
|
|
|
singleTimeWarnMessage(warnMsg)
|
|
|
|
|
2017-06-07 17:07:27 +03:00
|
|
|
try:
|
|
|
|
indexRange = getLimitRange(count, plusOne=True)
|
|
|
|
|
|
|
|
for index in indexRange:
|
|
|
|
for column in colList:
|
|
|
|
query = rootQuery.blind.query3 % (column, column, table, index)
|
|
|
|
query = agent.whereQuery(query)
|
2017-06-07 12:22:06 +03:00
|
|
|
|
2017-06-07 17:07:27 +03:00
|
|
|
value = inject.getValue(query, union=False, error=False, dump=True) or ""
|
2017-06-07 12:22:06 +03:00
|
|
|
|
2017-06-07 17:07:27 +03:00
|
|
|
if column not in lengths:
|
|
|
|
lengths[column] = 0
|
2017-06-07 12:22:06 +03:00
|
|
|
|
2017-06-07 17:07:27 +03:00
|
|
|
if column not in entries:
|
|
|
|
entries[column] = BigArray()
|
2017-06-07 12:22:06 +03:00
|
|
|
|
2017-06-07 17:07:27 +03:00
|
|
|
lengths[column] = max(lengths[column], len(DUMP_REPLACEMENTS.get(getUnicode(value), getUnicode(value))))
|
|
|
|
entries[column].append(value)
|
|
|
|
|
|
|
|
except KeyboardInterrupt:
|
|
|
|
kb.dumpKeyboardInterrupt = True
|
|
|
|
clearConsoleLine()
|
|
|
|
warnMsg = "Ctrl+C detected in dumping phase"
|
|
|
|
logger.warn(warnMsg)
|
2017-06-07 12:22:06 +03:00
|
|
|
|
2017-06-07 17:07:27 +03:00
|
|
|
if not entries and not kb.dumpKeyboardInterrupt:
|
2017-06-07 12:22:06 +03:00
|
|
|
try:
|
|
|
|
retVal = pivotDumpTable(table, colList, count, blind=True)
|
|
|
|
except KeyboardInterrupt:
|
|
|
|
retVal = None
|
|
|
|
kb.dumpKeyboardInterrupt = True
|
|
|
|
clearConsoleLine()
|
|
|
|
warnMsg = "Ctrl+C detected in dumping phase"
|
|
|
|
logger.warn(warnMsg)
|
2012-07-20 22:17:35 +04:00
|
|
|
|
2017-06-07 12:22:06 +03:00
|
|
|
if retVal:
|
|
|
|
entries, lengths = retVal
|
2012-07-20 22:17:35 +04:00
|
|
|
|
|
|
|
else:
|
|
|
|
emptyColumns = []
|
2020-02-25 14:36:07 +03:00
|
|
|
plusOne = Backend.getIdentifiedDbms() in PLUS_ONE_DBMSES
|
2015-09-28 12:11:39 +03:00
|
|
|
indexRange = getLimitRange(count, plusOne=plusOne)
|
2012-07-20 22:17:35 +04:00
|
|
|
|
|
|
|
if len(colList) < len(indexRange) > CHECK_ZERO_COLUMNS_THRESHOLD:
|
2016-05-16 18:09:05 +03:00
|
|
|
debugMsg = "checking for empty columns"
|
|
|
|
logger.debug(infoMsg)
|
|
|
|
|
2012-07-20 22:17:35 +04:00
|
|
|
for column in colList:
|
2016-05-16 18:09:05 +03:00
|
|
|
if not inject.checkBooleanExpression("(SELECT COUNT(%s) FROM %s)>0" % (column, kb.dumpTable)):
|
2012-07-20 22:17:35 +04:00
|
|
|
emptyColumns.append(column)
|
|
|
|
debugMsg = "column '%s' of table '%s' will not be " % (column, kb.dumpTable)
|
|
|
|
debugMsg += "dumped as it appears to be empty"
|
|
|
|
logger.debug(debugMsg)
|
|
|
|
|
|
|
|
try:
|
|
|
|
for index in indexRange:
|
|
|
|
for column in colList:
|
|
|
|
value = ""
|
|
|
|
|
|
|
|
if column not in lengths:
|
|
|
|
lengths[column] = 0
|
|
|
|
|
|
|
|
if column not in entries:
|
|
|
|
entries[column] = BigArray()
|
|
|
|
|
2020-02-25 14:36:07 +03:00
|
|
|
if Backend.getIdentifiedDbms() in (DBMS.MYSQL, DBMS.PGSQL, DBMS.HSQLDB, DBMS.H2, DBMS.VERTICA, DBMS.PRESTO, DBMS.CRATEDB, DBMS.CACHE):
|
2013-01-15 19:05:33 +04:00
|
|
|
query = rootQuery.blind.query % (agent.preprocessField(tbl, column), conf.db, conf.tbl, sorted(colList, key=len)[0], index)
|
2020-01-31 13:33:31 +03:00
|
|
|
elif Backend.getIdentifiedDbms() in (DBMS.ORACLE, DBMS.DB2, DBMS.DERBY, DBMS.ALTIBASE,):
|
2016-09-23 18:21:48 +03:00
|
|
|
query = rootQuery.blind.query % (agent.preprocessField(tbl, column), tbl.upper() if not conf.db else ("%s.%s" % (conf.db.upper(), tbl.upper())), index)
|
2020-01-31 13:33:31 +03:00
|
|
|
elif Backend.getIdentifiedDbms() in (DBMS.MIMERSQL,):
|
|
|
|
query = rootQuery.blind.query % (agent.preprocessField(tbl, column), tbl.upper() if not conf.db else ("%s.%s" % (conf.db.upper(), tbl.upper())), sorted(colList, key=len)[0], index)
|
2020-02-26 19:33:47 +03:00
|
|
|
elif Backend.getIdentifiedDbms() in (DBMS.SQLITE, DBMS.EXTREMEDB):
|
2013-01-15 19:05:33 +04:00
|
|
|
query = rootQuery.blind.query % (agent.preprocessField(tbl, column), tbl, index)
|
2012-07-20 22:17:35 +04:00
|
|
|
elif Backend.isDbms(DBMS.FIREBIRD):
|
2013-01-15 19:05:33 +04:00
|
|
|
query = rootQuery.blind.query % (index, agent.preprocessField(tbl, column), tbl)
|
2021-02-15 16:07:04 +03:00
|
|
|
elif Backend.getIdentifiedDbms() in (DBMS.INFORMIX, DBMS.VIRTUOSO):
|
2016-09-23 18:21:48 +03:00
|
|
|
query = rootQuery.blind.query % (index, agent.preprocessField(tbl, column), conf.db, tbl, sorted(colList, key=len)[0])
|
2020-03-02 14:43:12 +03:00
|
|
|
elif Backend.isDbms(DBMS.FRONTBASE):
|
|
|
|
query = rootQuery.blind.query % (index, agent.preprocessField(tbl, column), conf.db, tbl)
|
2020-02-02 16:51:24 +03:00
|
|
|
else:
|
2020-01-17 19:14:41 +03:00
|
|
|
query = rootQuery.blind.query % (agent.preprocessField(tbl, column), conf.db, tbl, index)
|
2012-07-20 22:17:35 +04:00
|
|
|
|
2017-01-02 17:14:59 +03:00
|
|
|
query = agent.whereQuery(query)
|
2014-02-11 19:20:45 +04:00
|
|
|
|
2012-10-28 02:36:09 +04:00
|
|
|
value = NULL if column in emptyColumns else inject.getValue(query, union=False, error=False, dump=True)
|
2012-10-22 13:49:23 +04:00
|
|
|
value = '' if value is None else value
|
2012-07-20 22:17:35 +04:00
|
|
|
|
2016-05-30 13:03:33 +03:00
|
|
|
lengths[column] = max(lengths[column], len(DUMP_REPLACEMENTS.get(getUnicode(value), getUnicode(value))))
|
2012-07-20 22:17:35 +04:00
|
|
|
entries[column].append(value)
|
|
|
|
|
|
|
|
except KeyboardInterrupt:
|
2016-03-23 12:33:32 +03:00
|
|
|
kb.dumpKeyboardInterrupt = True
|
2012-07-20 22:17:35 +04:00
|
|
|
clearConsoleLine()
|
|
|
|
warnMsg = "Ctrl+C detected in dumping phase"
|
|
|
|
logger.warn(warnMsg)
|
|
|
|
|
|
|
|
for column, columnEntries in entries.items():
|
|
|
|
length = max(lengths[column], len(column))
|
|
|
|
|
|
|
|
kb.data.dumpedTable[column] = {"length": length, "values": columnEntries}
|
|
|
|
|
|
|
|
entriesCount = len(columnEntries)
|
|
|
|
|
|
|
|
if len(kb.data.dumpedTable) == 0 or (entriesCount == 0 and kb.permissionFlag):
|
|
|
|
warnMsg = "unable to retrieve the entries "
|
|
|
|
if conf.col:
|
2013-01-15 19:05:33 +04:00
|
|
|
warnMsg += "of columns '%s' " % colNames
|
2012-07-20 22:17:35 +04:00
|
|
|
warnMsg += "for table '%s' " % unsafeSQLIdentificatorNaming(tbl)
|
|
|
|
warnMsg += "in database '%s'%s" % (unsafeSQLIdentificatorNaming(conf.db), " (permission denied)" if kb.permissionFlag else "")
|
|
|
|
logger.warn(warnMsg)
|
|
|
|
else:
|
|
|
|
kb.data.dumpedTable["__infos__"] = {"count": entriesCount,
|
|
|
|
"table": safeSQLIdentificatorNaming(tbl, True),
|
|
|
|
"db": safeSQLIdentificatorNaming(conf.db)}
|
2014-11-08 23:54:34 +03:00
|
|
|
try:
|
|
|
|
attackDumpedTable()
|
2019-01-22 02:40:48 +03:00
|
|
|
except (IOError, OSError) as ex:
|
2014-11-08 23:54:34 +03:00
|
|
|
errMsg = "an error occurred while attacking "
|
2015-09-10 16:51:33 +03:00
|
|
|
errMsg += "table dump ('%s')" % getSafeExString(ex)
|
2014-11-08 23:54:34 +03:00
|
|
|
logger.critical(errMsg)
|
2012-07-20 22:17:35 +04:00
|
|
|
conf.dumper.dbTableValues(kb.data.dumpedTable)
|
|
|
|
|
2019-01-22 02:40:48 +03:00
|
|
|
except SqlmapConnectionException as ex:
|
2014-11-08 23:54:34 +03:00
|
|
|
errMsg = "connection exception detected in dumping phase "
|
2015-09-10 16:51:33 +03:00
|
|
|
errMsg += "('%s')" % getSafeExString(ex)
|
2012-07-20 22:17:35 +04:00
|
|
|
logger.critical(errMsg)
|
|
|
|
|
|
|
|
finally:
|
2016-07-15 00:18:28 +03:00
|
|
|
kb.dumpColumns = None
|
2012-07-20 22:17:35 +04:00
|
|
|
kb.dumpTable = None
|
|
|
|
|
|
|
|
def dumpAll(self):
|
|
|
|
if conf.db is not None and conf.tbl is None:
|
|
|
|
self.dumpTable()
|
|
|
|
return
|
|
|
|
|
|
|
|
if Backend.isDbms(DBMS.MYSQL) and not kb.data.has_information_schema:
|
|
|
|
errMsg = "information_schema not available, "
|
|
|
|
errMsg += "back-end DBMS is MySQL < 5.0"
|
2013-01-04 02:20:55 +04:00
|
|
|
raise SqlmapUnsupportedFeatureException(errMsg)
|
2012-07-20 22:17:35 +04:00
|
|
|
|
|
|
|
infoMsg = "sqlmap will dump entries of all tables from all databases now"
|
|
|
|
logger.info(infoMsg)
|
|
|
|
|
|
|
|
conf.tbl = None
|
|
|
|
conf.col = None
|
|
|
|
|
|
|
|
self.getTables()
|
|
|
|
|
|
|
|
if kb.data.cachedTables:
|
|
|
|
if isinstance(kb.data.cachedTables, list):
|
2018-03-13 15:45:42 +03:00
|
|
|
kb.data.cachedTables = {None: kb.data.cachedTables}
|
2012-07-20 22:17:35 +04:00
|
|
|
|
|
|
|
for db, tables in kb.data.cachedTables.items():
|
|
|
|
conf.db = db
|
|
|
|
|
|
|
|
for table in tables:
|
2019-11-04 14:53:29 +03:00
|
|
|
if conf.exclude and re.search(conf.exclude, table, re.I) is not None:
|
2018-02-13 17:53:50 +03:00
|
|
|
infoMsg = "skipping table '%s'" % unsafeSQLIdentificatorNaming(table)
|
|
|
|
logger.info(infoMsg)
|
|
|
|
continue
|
|
|
|
|
2012-07-20 22:17:35 +04:00
|
|
|
try:
|
|
|
|
conf.tbl = table
|
|
|
|
kb.data.cachedColumns = {}
|
|
|
|
kb.data.dumpedTable = {}
|
|
|
|
|
|
|
|
self.dumpTable()
|
2012-12-06 17:14:19 +04:00
|
|
|
except SqlmapNoneDataException:
|
2013-02-15 19:48:58 +04:00
|
|
|
infoMsg = "skipping table '%s'" % unsafeSQLIdentificatorNaming(table)
|
2012-07-20 22:17:35 +04:00
|
|
|
logger.info(infoMsg)
|
|
|
|
|
|
|
|
def dumpFoundColumn(self, dbs, foundCols, colConsider):
|
2019-11-01 01:04:26 +03:00
|
|
|
message = "do you want to dump found column(s) entries? [Y/n] "
|
2012-07-20 22:17:35 +04:00
|
|
|
|
2017-04-18 16:48:05 +03:00
|
|
|
if not readInput(message, default='Y', boolean=True):
|
2012-07-20 22:17:35 +04:00
|
|
|
return
|
|
|
|
|
|
|
|
dumpFromDbs = []
|
|
|
|
message = "which database(s)?\n[a]ll (default)\n"
|
|
|
|
|
|
|
|
for db, tblData in dbs.items():
|
|
|
|
if tblData:
|
2013-02-15 19:48:58 +04:00
|
|
|
message += "[%s]\n" % unsafeSQLIdentificatorNaming(db)
|
2012-07-20 22:17:35 +04:00
|
|
|
|
|
|
|
message += "[q]uit"
|
2017-04-18 16:48:05 +03:00
|
|
|
choice = readInput(message, default='a')
|
2012-07-20 22:17:35 +04:00
|
|
|
|
2017-04-18 16:48:05 +03:00
|
|
|
if not choice or choice in ('a', 'A'):
|
2019-01-22 05:00:44 +03:00
|
|
|
dumpFromDbs = list(dbs.keys())
|
2017-04-18 16:48:05 +03:00
|
|
|
elif choice in ('q', 'Q'):
|
2012-07-20 22:17:35 +04:00
|
|
|
return
|
|
|
|
else:
|
2017-04-18 16:56:24 +03:00
|
|
|
dumpFromDbs = choice.replace(" ", "").split(',')
|
2012-07-20 22:17:35 +04:00
|
|
|
|
|
|
|
for db, tblData in dbs.items():
|
|
|
|
if db not in dumpFromDbs or not tblData:
|
|
|
|
continue
|
|
|
|
|
|
|
|
conf.db = db
|
|
|
|
dumpFromTbls = []
|
2013-02-15 19:58:02 +04:00
|
|
|
message = "which table(s) of database '%s'?\n" % unsafeSQLIdentificatorNaming(db)
|
2012-07-20 22:17:35 +04:00
|
|
|
message += "[a]ll (default)\n"
|
|
|
|
|
|
|
|
for tbl in tblData:
|
|
|
|
message += "[%s]\n" % tbl
|
|
|
|
|
|
|
|
message += "[s]kip\n"
|
|
|
|
message += "[q]uit"
|
2017-04-18 16:48:05 +03:00
|
|
|
choice = readInput(message, default='a')
|
2012-07-20 22:17:35 +04:00
|
|
|
|
2017-04-18 16:48:05 +03:00
|
|
|
if not choice or choice in ('a', 'A'):
|
2012-07-20 22:17:35 +04:00
|
|
|
dumpFromTbls = tblData
|
2017-04-18 16:48:05 +03:00
|
|
|
elif choice in ('s', 'S'):
|
2012-07-20 22:17:35 +04:00
|
|
|
continue
|
2017-04-18 16:48:05 +03:00
|
|
|
elif choice in ('q', 'Q'):
|
2012-07-20 22:17:35 +04:00
|
|
|
return
|
|
|
|
else:
|
2017-04-18 16:56:24 +03:00
|
|
|
dumpFromTbls = choice.replace(" ", "").split(',')
|
2012-07-20 22:17:35 +04:00
|
|
|
|
|
|
|
for table, columns in tblData.items():
|
|
|
|
if table not in dumpFromTbls:
|
|
|
|
continue
|
|
|
|
|
|
|
|
conf.tbl = table
|
2019-01-22 15:06:13 +03:00
|
|
|
colList = [_ for _ in columns if _]
|
2014-01-13 13:05:49 +04:00
|
|
|
|
2018-02-13 17:53:50 +03:00
|
|
|
if conf.exclude:
|
2019-11-04 14:53:29 +03:00
|
|
|
colList = [_ for _ in colList if re.search(conf.exclude, _, re.I) is None]
|
2014-01-13 13:05:49 +04:00
|
|
|
|
2017-04-18 16:48:05 +03:00
|
|
|
conf.col = ','.join(colList)
|
2012-07-20 22:17:35 +04:00
|
|
|
kb.data.cachedColumns = {}
|
|
|
|
kb.data.dumpedTable = {}
|
|
|
|
|
|
|
|
data = self.dumpTable(dbs)
|
|
|
|
|
|
|
|
if data:
|
|
|
|
conf.dumper.dbTableValues(data)
|
2012-07-21 00:46:36 +04:00
|
|
|
|
|
|
|
def dumpFoundTables(self, tables):
|
2019-11-01 01:04:26 +03:00
|
|
|
message = "do you want to dump found table(s) entries? [Y/n] "
|
2012-07-21 00:46:36 +04:00
|
|
|
|
2017-04-18 16:48:05 +03:00
|
|
|
if not readInput(message, default='Y', boolean=True):
|
2012-07-21 00:46:36 +04:00
|
|
|
return
|
|
|
|
|
|
|
|
dumpFromDbs = []
|
|
|
|
message = "which database(s)?\n[a]ll (default)\n"
|
|
|
|
|
|
|
|
for db, tablesList in tables.items():
|
|
|
|
if tablesList:
|
2013-02-15 19:48:58 +04:00
|
|
|
message += "[%s]\n" % unsafeSQLIdentificatorNaming(db)
|
2012-07-21 00:46:36 +04:00
|
|
|
|
|
|
|
message += "[q]uit"
|
2017-04-18 16:48:05 +03:00
|
|
|
choice = readInput(message, default='a')
|
2012-07-21 00:46:36 +04:00
|
|
|
|
2017-04-18 16:48:05 +03:00
|
|
|
if not choice or choice.lower() == 'a':
|
2019-01-22 05:00:44 +03:00
|
|
|
dumpFromDbs = list(tables.keys())
|
2017-04-18 16:48:05 +03:00
|
|
|
elif choice.lower() == 'q':
|
2012-07-21 00:46:36 +04:00
|
|
|
return
|
|
|
|
else:
|
2017-04-18 16:48:05 +03:00
|
|
|
dumpFromDbs = choice.replace(" ", "").split(',')
|
2012-07-21 00:46:36 +04:00
|
|
|
|
|
|
|
for db, tablesList in tables.items():
|
|
|
|
if db not in dumpFromDbs or not tablesList:
|
|
|
|
continue
|
|
|
|
|
|
|
|
conf.db = db
|
|
|
|
dumpFromTbls = []
|
2013-02-15 19:48:58 +04:00
|
|
|
message = "which table(s) of database '%s'?\n" % unsafeSQLIdentificatorNaming(db)
|
2012-07-21 00:46:36 +04:00
|
|
|
message += "[a]ll (default)\n"
|
|
|
|
|
|
|
|
for tbl in tablesList:
|
2013-02-15 19:48:58 +04:00
|
|
|
message += "[%s]\n" % unsafeSQLIdentificatorNaming(tbl)
|
2012-07-21 00:46:36 +04:00
|
|
|
|
|
|
|
message += "[s]kip\n"
|
|
|
|
message += "[q]uit"
|
2017-04-18 16:48:05 +03:00
|
|
|
choice = readInput(message, default='a')
|
2012-07-21 00:46:36 +04:00
|
|
|
|
2017-04-18 16:48:05 +03:00
|
|
|
if not choice or choice.lower() == 'a':
|
2012-07-21 00:46:36 +04:00
|
|
|
dumpFromTbls = tablesList
|
2017-04-18 16:48:05 +03:00
|
|
|
elif choice.lower() == 's':
|
2012-07-21 00:46:36 +04:00
|
|
|
continue
|
2017-04-18 16:48:05 +03:00
|
|
|
elif choice.lower() == 'q':
|
2012-07-21 00:46:36 +04:00
|
|
|
return
|
|
|
|
else:
|
2017-04-18 16:48:05 +03:00
|
|
|
dumpFromTbls = choice.replace(" ", "").split(',')
|
2012-07-21 00:46:36 +04:00
|
|
|
|
|
|
|
for table in dumpFromTbls:
|
|
|
|
conf.tbl = table
|
|
|
|
kb.data.cachedColumns = {}
|
|
|
|
kb.data.dumpedTable = {}
|
|
|
|
|
|
|
|
data = self.dumpTable()
|
|
|
|
|
|
|
|
if data:
|
|
|
|
conf.dumper.dbTableValues(data)
|