sqlmapproject/sqlmap
1
1
Fork 0
mirror of https://github.com/sqlmapproject/sqlmap.git synced 2024-11-25 11:03:47 +03:00
Code Issues Packages Projects Releases Wiki Activity

minor bug fix to ignore provided -D when brute-forcing columns/tables names and the DBMS is either Access, Firebird or SQLite

Browse Source
This commit is contained in:
Bernardo Damele 2013-01-23 15:52:03 +00:00
parent c83f468a37
commit 012815333c
1 changed files with 4 additions and 2 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

6
lib/techniques/brute/use.py
View File

@ -49,6 +49,7 @@ def _addPageTextWords():
def tableExists(tableFile, regex=None): def tableExists(tableFile, regex=None):
result = inject.checkBooleanExpression("%s" % safeStringFormat(BRUTE_TABLE_EXISTS_TEMPLATE, (randomInt(1), randomStr()))) result = inject.checkBooleanExpression("%s" % safeStringFormat(BRUTE_TABLE_EXISTS_TEMPLATE, (randomInt(1), randomStr())))
if result: if result:
errMsg = "can't use table existence check because of detected invalid results " errMsg = "can't use table existence check because of detected invalid results "
errMsg += "(most probably caused by inability of the used injection " errMsg += "(most probably caused by inability of the used injection "
@ -82,7 +83,7 @@ def tableExists(tableFile, regex=None):
kb.locks.count.release() kb.locks.count.release()
break break
if conf.db and METADB_SUFFIX not in conf.db: if conf.db and METADB_SUFFIX not in conf.db and Backend.getIdentifiedDbms() not in (DBMS.SQLITE, DBMS.ACCESS, DBMS.FIREBIRD):
fullTableName = "%s%s%s" % (conf.db, '..' if Backend.getIdentifiedDbms() in (DBMS.MSSQL, DBMS.SYBASE) else '.', table) fullTableName = "%s%s%s" % (conf.db, '..' if Backend.getIdentifiedDbms() in (DBMS.MSSQL, DBMS.SYBASE) else '.', table)
else: else:
fullTableName = table fullTableName = table
@ -155,7 +156,8 @@ def columnExists(columnFile, regex=None):
columns = filterListValue(columns, regex) columns = filterListValue(columns, regex)
table = safeSQLIdentificatorNaming(conf.tbl, True) table = safeSQLIdentificatorNaming(conf.tbl, True)
if conf.db and METADB_SUFFIX not in conf.db:
if conf.db and METADB_SUFFIX not in conf.db and Backend.getIdentifiedDbms() not in (DBMS.SQLITE, DBMS.ACCESS, DBMS.FIREBIRD):
table = "%s.%s" % (safeSQLIdentificatorNaming(conf.db), table) table = "%s.%s" % (safeSQLIdentificatorNaming(conf.db), table)
kb.threadContinue = True kb.threadContinue = True