mirror of
https://github.com/sqlmapproject/sqlmap.git
synced 2024-11-28 20:43:49 +03:00
Patch for annoying retrieval of columns during dump (if -C used)
This commit is contained in:
parent
03da24b249
commit
058f63a050
|
@ -370,7 +370,7 @@ class Databases:
|
|||
|
||||
return kb.data.cachedTables
|
||||
|
||||
def getColumns(self, onlyColNames=False, colTuple=None, bruteForce=None):
|
||||
def getColumns(self, onlyColNames=False, colTuple=None, bruteForce=None, dumpMode=False):
|
||||
self.forceDbmsEnum()
|
||||
|
||||
if conf.db is None or conf.db == CURRENT_DB:
|
||||
|
@ -517,10 +517,6 @@ class Databases:
|
|||
condQueryStr = "%%s%s" % colCondParam
|
||||
condQuery = " AND (%s)" % " OR ".join(condQueryStr % (condition, unsafeSQLIdentificatorNaming(col)) for col in sorted(colList))
|
||||
|
||||
infoMsg += "for table '%s' " % unsafeSQLIdentificatorNaming(tbl)
|
||||
infoMsg += "in database '%s'" % unsafeSQLIdentificatorNaming(conf.db)
|
||||
logger.info(infoMsg)
|
||||
|
||||
if Backend.getIdentifiedDbms() in (DBMS.MYSQL, DBMS.PGSQL, DBMS.HSQLDB):
|
||||
query = rootQuery.inband.query % (unsafeSQLIdentificatorNaming(tbl), unsafeSQLIdentificatorNaming(conf.db))
|
||||
query += condQuery
|
||||
|
@ -534,6 +530,13 @@ class Databases:
|
|||
elif Backend.getIdentifiedDbms() in (DBMS.SQLITE, DBMS.FIREBIRD):
|
||||
query = rootQuery.inband.query % tbl
|
||||
|
||||
if dumpMode and colList:
|
||||
values = [(_,) for _ in colList]
|
||||
else:
|
||||
infoMsg += "for table '%s' " % unsafeSQLIdentificatorNaming(tbl)
|
||||
infoMsg += "in database '%s'" % unsafeSQLIdentificatorNaming(conf.db)
|
||||
logger.info(infoMsg)
|
||||
|
||||
values = inject.getValue(query, blind=False, time=False)
|
||||
|
||||
if Backend.isDbms(DBMS.MSSQL) and isNoneValue(values):
|
||||
|
@ -612,10 +615,6 @@ class Databases:
|
|||
condQueryStr = "%%s%s" % colCondParam
|
||||
condQuery = " AND (%s)" % " OR ".join(condQueryStr % (condition, unsafeSQLIdentificatorNaming(col)) for col in sorted(colList))
|
||||
|
||||
infoMsg += "for table '%s' " % unsafeSQLIdentificatorNaming(tbl)
|
||||
infoMsg += "in database '%s'" % unsafeSQLIdentificatorNaming(conf.db)
|
||||
logger.info(infoMsg)
|
||||
|
||||
if Backend.getIdentifiedDbms() in (DBMS.MYSQL, DBMS.PGSQL, DBMS.HSQLDB):
|
||||
query = rootQuery.blind.count % (unsafeSQLIdentificatorNaming(tbl), unsafeSQLIdentificatorNaming(conf.db))
|
||||
query += condQuery
|
||||
|
@ -639,11 +638,20 @@ class Databases:
|
|||
parseSqliteTableSchema(value)
|
||||
return kb.data.cachedColumns
|
||||
|
||||
count = inject.getValue(query, union=False, error=False, expected=EXPECTED.INT, charsetType=CHARSET_TYPE.DIGITS)
|
||||
|
||||
table = {}
|
||||
columns = {}
|
||||
|
||||
if dumpMode and colList:
|
||||
count = 0
|
||||
for value in colList:
|
||||
columns[safeSQLIdentificatorNaming(value)] = None
|
||||
else:
|
||||
infoMsg += "for table '%s' " % unsafeSQLIdentificatorNaming(tbl)
|
||||
infoMsg += "in database '%s'" % unsafeSQLIdentificatorNaming(conf.db)
|
||||
logger.info(infoMsg)
|
||||
|
||||
count = inject.getValue(query, union=False, error=False, expected=EXPECTED.INT, charsetType=CHARSET_TYPE.DIGITS)
|
||||
|
||||
if not isNumPosStrValue(count):
|
||||
if Backend.isDbms(DBMS.MSSQL):
|
||||
count, index, values = 0, 1, []
|
||||
|
|
|
@ -103,7 +103,7 @@ class Entries:
|
|||
|
||||
if foundData is None:
|
||||
kb.data.cachedColumns = {}
|
||||
self.getColumns(onlyColNames=True)
|
||||
self.getColumns(onlyColNames=True, dumpMode=True)
|
||||
else:
|
||||
kb.data.cachedColumns = foundData
|
||||
|
||||
|
|
Loading…
Reference in New Issue
Block a user