mirror of
https://github.com/sqlmapproject/sqlmap.git
synced 2024-11-29 04:53:48 +03:00
Patch for annoying retrieval of columns during dump (if -C used)
This commit is contained in:
parent
03da24b249
commit
058f63a050
|
@ -370,7 +370,7 @@ class Databases:
|
||||||
|
|
||||||
return kb.data.cachedTables
|
return kb.data.cachedTables
|
||||||
|
|
||||||
def getColumns(self, onlyColNames=False, colTuple=None, bruteForce=None):
|
def getColumns(self, onlyColNames=False, colTuple=None, bruteForce=None, dumpMode=False):
|
||||||
self.forceDbmsEnum()
|
self.forceDbmsEnum()
|
||||||
|
|
||||||
if conf.db is None or conf.db == CURRENT_DB:
|
if conf.db is None or conf.db == CURRENT_DB:
|
||||||
|
@ -517,10 +517,6 @@ class Databases:
|
||||||
condQueryStr = "%%s%s" % colCondParam
|
condQueryStr = "%%s%s" % colCondParam
|
||||||
condQuery = " AND (%s)" % " OR ".join(condQueryStr % (condition, unsafeSQLIdentificatorNaming(col)) for col in sorted(colList))
|
condQuery = " AND (%s)" % " OR ".join(condQueryStr % (condition, unsafeSQLIdentificatorNaming(col)) for col in sorted(colList))
|
||||||
|
|
||||||
infoMsg += "for table '%s' " % unsafeSQLIdentificatorNaming(tbl)
|
|
||||||
infoMsg += "in database '%s'" % unsafeSQLIdentificatorNaming(conf.db)
|
|
||||||
logger.info(infoMsg)
|
|
||||||
|
|
||||||
if Backend.getIdentifiedDbms() in (DBMS.MYSQL, DBMS.PGSQL, DBMS.HSQLDB):
|
if Backend.getIdentifiedDbms() in (DBMS.MYSQL, DBMS.PGSQL, DBMS.HSQLDB):
|
||||||
query = rootQuery.inband.query % (unsafeSQLIdentificatorNaming(tbl), unsafeSQLIdentificatorNaming(conf.db))
|
query = rootQuery.inband.query % (unsafeSQLIdentificatorNaming(tbl), unsafeSQLIdentificatorNaming(conf.db))
|
||||||
query += condQuery
|
query += condQuery
|
||||||
|
@ -534,7 +530,14 @@ class Databases:
|
||||||
elif Backend.getIdentifiedDbms() in (DBMS.SQLITE, DBMS.FIREBIRD):
|
elif Backend.getIdentifiedDbms() in (DBMS.SQLITE, DBMS.FIREBIRD):
|
||||||
query = rootQuery.inband.query % tbl
|
query = rootQuery.inband.query % tbl
|
||||||
|
|
||||||
values = inject.getValue(query, blind=False, time=False)
|
if dumpMode and colList:
|
||||||
|
values = [(_,) for _ in colList]
|
||||||
|
else:
|
||||||
|
infoMsg += "for table '%s' " % unsafeSQLIdentificatorNaming(tbl)
|
||||||
|
infoMsg += "in database '%s'" % unsafeSQLIdentificatorNaming(conf.db)
|
||||||
|
logger.info(infoMsg)
|
||||||
|
|
||||||
|
values = inject.getValue(query, blind=False, time=False)
|
||||||
|
|
||||||
if Backend.isDbms(DBMS.MSSQL) and isNoneValue(values):
|
if Backend.isDbms(DBMS.MSSQL) and isNoneValue(values):
|
||||||
index, values = 1, []
|
index, values = 1, []
|
||||||
|
@ -612,10 +615,6 @@ class Databases:
|
||||||
condQueryStr = "%%s%s" % colCondParam
|
condQueryStr = "%%s%s" % colCondParam
|
||||||
condQuery = " AND (%s)" % " OR ".join(condQueryStr % (condition, unsafeSQLIdentificatorNaming(col)) for col in sorted(colList))
|
condQuery = " AND (%s)" % " OR ".join(condQueryStr % (condition, unsafeSQLIdentificatorNaming(col)) for col in sorted(colList))
|
||||||
|
|
||||||
infoMsg += "for table '%s' " % unsafeSQLIdentificatorNaming(tbl)
|
|
||||||
infoMsg += "in database '%s'" % unsafeSQLIdentificatorNaming(conf.db)
|
|
||||||
logger.info(infoMsg)
|
|
||||||
|
|
||||||
if Backend.getIdentifiedDbms() in (DBMS.MYSQL, DBMS.PGSQL, DBMS.HSQLDB):
|
if Backend.getIdentifiedDbms() in (DBMS.MYSQL, DBMS.PGSQL, DBMS.HSQLDB):
|
||||||
query = rootQuery.blind.count % (unsafeSQLIdentificatorNaming(tbl), unsafeSQLIdentificatorNaming(conf.db))
|
query = rootQuery.blind.count % (unsafeSQLIdentificatorNaming(tbl), unsafeSQLIdentificatorNaming(conf.db))
|
||||||
query += condQuery
|
query += condQuery
|
||||||
|
@ -639,22 +638,31 @@ class Databases:
|
||||||
parseSqliteTableSchema(value)
|
parseSqliteTableSchema(value)
|
||||||
return kb.data.cachedColumns
|
return kb.data.cachedColumns
|
||||||
|
|
||||||
count = inject.getValue(query, union=False, error=False, expected=EXPECTED.INT, charsetType=CHARSET_TYPE.DIGITS)
|
|
||||||
|
|
||||||
table = {}
|
table = {}
|
||||||
columns = {}
|
columns = {}
|
||||||
|
|
||||||
if not isNumPosStrValue(count):
|
if dumpMode and colList:
|
||||||
if Backend.isDbms(DBMS.MSSQL):
|
count = 0
|
||||||
count, index, values = 0, 1, []
|
for value in colList:
|
||||||
while True:
|
columns[safeSQLIdentificatorNaming(value)] = None
|
||||||
query = rootQuery.blind.query3 % (conf.db, tbl, index)
|
else:
|
||||||
value = unArrayizeValue(inject.getValue(query, union=False, error=False))
|
infoMsg += "for table '%s' " % unsafeSQLIdentificatorNaming(tbl)
|
||||||
if isNoneValue(value) or value == " ":
|
infoMsg += "in database '%s'" % unsafeSQLIdentificatorNaming(conf.db)
|
||||||
break
|
logger.info(infoMsg)
|
||||||
else:
|
|
||||||
columns[safeSQLIdentificatorNaming(value)] = None
|
count = inject.getValue(query, union=False, error=False, expected=EXPECTED.INT, charsetType=CHARSET_TYPE.DIGITS)
|
||||||
index += 1
|
|
||||||
|
if not isNumPosStrValue(count):
|
||||||
|
if Backend.isDbms(DBMS.MSSQL):
|
||||||
|
count, index, values = 0, 1, []
|
||||||
|
while True:
|
||||||
|
query = rootQuery.blind.query3 % (conf.db, tbl, index)
|
||||||
|
value = unArrayizeValue(inject.getValue(query, union=False, error=False))
|
||||||
|
if isNoneValue(value) or value == " ":
|
||||||
|
break
|
||||||
|
else:
|
||||||
|
columns[safeSQLIdentificatorNaming(value)] = None
|
||||||
|
index += 1
|
||||||
|
|
||||||
if not columns:
|
if not columns:
|
||||||
errMsg = "unable to retrieve the %scolumns " % ("number of " if not Backend.isDbms(DBMS.MSSQL) else "")
|
errMsg = "unable to retrieve the %scolumns " % ("number of " if not Backend.isDbms(DBMS.MSSQL) else "")
|
||||||
|
|
|
@ -103,7 +103,7 @@ class Entries:
|
||||||
|
|
||||||
if foundData is None:
|
if foundData is None:
|
||||||
kb.data.cachedColumns = {}
|
kb.data.cachedColumns = {}
|
||||||
self.getColumns(onlyColNames=True)
|
self.getColumns(onlyColNames=True, dumpMode=True)
|
||||||
else:
|
else:
|
||||||
kb.data.cachedColumns = foundData
|
kb.data.cachedColumns = foundData
|
||||||
|
|
||||||
|
|
Loading…
Reference in New Issue
Block a user