mirror of
https://github.com/sqlmapproject/sqlmap.git
synced 2024-11-25 11:03:47 +03:00
some fixes
This commit is contained in:
Miroslav Stampar
parent
7733e5866a
commit
0eeb48f8f5
|
|
@ -2549,7 +2549,7 @@ def normalizeUnicode(value):
|
|||
|
||||
def safeSQLIdentificatorNaming(name, isTable=False):
|
||||
"""
|
||||
Returns a safe representation of SQL identificator name
|
||||
Returns a safe representation of SQL identificator name (internal data format)
|
||||
"""
|
||||
|
||||
retVal = name
|
||||
|
|
|
|||
|
|
@ -123,7 +123,7 @@ class Enumeration(GenericEnumeration):
|
|||
raise sqlmapNoneDataException, errMsg
|
||||
|
||||
for tbl in tblList:
|
||||
tblList[tblList.index(tbl)] = safeSQLIdentificatorNaming(tbl)
|
||||
tblList[tblList.index(tbl)] = safeSQLIdentificatorNaming(tbl, True)
|
||||
|
||||
rootQuery = queries[Backend.getIdentifiedDbms()].columns
|
||||
|
||||
|
|
@ -151,7 +151,7 @@ class Enumeration(GenericEnumeration):
|
|||
columns = {}
|
||||
|
||||
for columnname, datatype, length in zip(retVal[0]["%s.columnname" % randStr], retVal[0]["%s.datatype" % randStr], retVal[0]["%s.len" % randStr]):
|
||||
columns[columnname] = "%s(%s)" % (datatype, length)
|
||||
columns[safeSQLIdentificatorNaming(columnname)] = "%s(%s)" % (datatype, length)
|
||||
|
||||
table[tbl] = columns
|
||||
kb.data.cachedColumns[conf.db] = table
|
||||
|
|
|
|||
|
|
@ -212,8 +212,8 @@ class Enumeration(GenericEnumeration):
|
|||
|
||||
if colList:
|
||||
table = {}
|
||||
table[unsafeSQLIdentificatorNaming(tbl)] = dict(map(lambda x: (x, None), colList))
|
||||
kb.data.cachedColumns[unsafeSQLIdentificatorNaming(conf.db)] = table
|
||||
table[safeSQLIdentificatorNaming(tbl)] = dict(map(lambda x: (x, None), colList))
|
||||
kb.data.cachedColumns[safeSQLIdentificatorNaming(conf.db)] = table
|
||||
continue
|
||||
|
||||
infoMsg = "fetching columns "
|
||||
|
|
@ -233,8 +233,8 @@ class Enumeration(GenericEnumeration):
|
|||
for name, type_ in zip(retVal[0]["%s.name" % randStr], retVal[0]["%s.usertype" % randStr]):
|
||||
columns[name] = sybaseTypes.get(type_, type_)
|
||||
|
||||
table[unsafeSQLIdentificatorNaming(tbl)] = columns
|
||||
kb.data.cachedColumns[unsafeSQLIdentificatorNaming(conf.db)] = table
|
||||
table[safeSQLIdentificatorNaming(tbl)] = columns
|
||||
kb.data.cachedColumns[safeSQLIdentificatorNaming(conf.db)] = table
|
||||
|
||||
break
|
||||
|
||||
|
|
|
|||
|
|
@ -1005,9 +1005,9 @@ class Enumeration:
|
|||
columns[colName] = colType
|
||||
|
||||
if conf.db in kb.data.cachedColumns:
|
||||
kb.data.cachedColumns[unsafeSQLIdentificatorNaming(conf.db)][unsafeSQLIdentificatorNaming(tbl)] = columns
|
||||
kb.data.cachedColumns[safeSQLIdentificatorNaming(conf.db)][safeSQLIdentificatorNaming(tbl, True)] = columns
|
||||
else:
|
||||
kb.data.cachedColumns[unsafeSQLIdentificatorNaming(conf.db)] = {unsafeSQLIdentificatorNaming(tbl): columns}
|
||||
kb.data.cachedColumns[safeSQLIdentificatorNaming(conf.db)] = {safeSQLIdentificatorNaming(tbl, True): columns}
|
||||
|
||||
return kb.data.cachedColumns
|
||||
|
||||
|
|
@ -1086,10 +1086,10 @@ class Enumeration:
|
|||
columns[name] = columnData[1]
|
||||
|
||||
if conf.db in kb.data.cachedColumns:
|
||||
kb.data.cachedColumns[unsafeSQLIdentificatorNaming(conf.db)][unsafeSQLIdentificatorNaming(tbl)] = columns
|
||||
kb.data.cachedColumns[safeSQLIdentificatorNaming(conf.db)][safeSQLIdentificatorNaming(tbl, True)] = columns
|
||||
else:
|
||||
table[unsafeSQLIdentificatorNaming(tbl)] = columns
|
||||
kb.data.cachedColumns[unsafeSQLIdentificatorNaming(conf.db)] = table
|
||||
table[safeSQLIdentificatorNaming(tbl, True)] = columns
|
||||
kb.data.cachedColumns[safeSQLIdentificatorNaming(conf.db)] = table
|
||||
|
||||
if not kb.data.cachedColumns and not conf.direct:
|
||||
for tbl in tblList:
|
||||
|
|
@ -1208,10 +1208,10 @@ class Enumeration:
|
|||
|
||||
if columns:
|
||||
if conf.db in kb.data.cachedColumns:
|
||||
kb.data.cachedColumns[unsafeSQLIdentificatorNaming(conf.db)][unsafeSQLIdentificatorNaming(tbl)] = columns
|
||||
kb.data.cachedColumns[safeSQLIdentificatorNaming(conf.db)][safeSQLIdentificatorNaming(tbl, True)] = columns
|
||||
else:
|
||||
table[unsafeSQLIdentificatorNaming(tbl)] = columns
|
||||
kb.data.cachedColumns[unsafeSQLIdentificatorNaming(conf.db)] = table
|
||||
table[safeSQLIdentificatorNaming(tbl, True)] = columns
|
||||
kb.data.cachedColumns[safeSQLIdentificatorNaming(conf.db)] = table
|
||||
|
||||
if not kb.data.cachedColumns:
|
||||
errMsg = "unable to retrieve the columns for any "
|
||||
|
|
@ -1261,13 +1261,13 @@ class Enumeration:
|
|||
count = inject.getValue(query, expected=EXPECTED.INT, charsetType=2)
|
||||
|
||||
if count is not None and isinstance(count, basestring) and count.isdigit():
|
||||
if unsafeSQLIdentificatorNaming(db) not in kb.data.cachedCounts:
|
||||
kb.data.cachedCounts[unsafeSQLIdentificatorNaming(db)] = {}
|
||||
if safeSQLIdentificatorNaming(db) not in kb.data.cachedCounts:
|
||||
kb.data.cachedCounts[safeSQLIdentificatorNaming(db)] = {}
|
||||
|
||||
if int(count) in kb.data.cachedCounts[unsafeSQLIdentificatorNaming(db)]:
|
||||
kb.data.cachedCounts[unsafeSQLIdentificatorNaming(db)][int(count)].append(unsafeSQLIdentificatorNaming(table))
|
||||
if int(count) in kb.data.cachedCounts[safeSQLIdentificatorNaming(db)]:
|
||||
kb.data.cachedCounts[safeSQLIdentificatorNaming(db)][int(count)].append(safeSQLIdentificatorNaming(table, True))
|
||||
else:
|
||||
kb.data.cachedCounts[unsafeSQLIdentificatorNaming(db)][int(count)] = [unsafeSQLIdentificatorNaming(table)]
|
||||
kb.data.cachedCounts[safeSQLIdentificatorNaming(db)][int(count)] = [safeSQLIdentificatorNaming(table, True)]
|
||||
|
||||
def getCount(self):
|
||||
if not conf.tbl:
|
||||
|
|
@ -1481,10 +1481,10 @@ class Enumeration:
|
|||
self.getColumns(onlyColNames=True)
|
||||
|
||||
try:
|
||||
if not unsafeSQLIdentificatorNaming(conf.db) in kb.data.cachedColumns \
|
||||
or unsafeSQLIdentificatorNaming(tbl) not in \
|
||||
kb.data.cachedColumns[unsafeSQLIdentificatorNaming(conf.db)] \
|
||||
or not kb.data.cachedColumns[unsafeSQLIdentificatorNaming(conf.db)][unsafeSQLIdentificatorNaming(tbl)]:
|
||||
if not safeSQLIdentificatorNaming(conf.db) in kb.data.cachedColumns \
|
||||
or safeSQLIdentificatorNaming(tbl, True) not in \
|
||||
kb.data.cachedColumns[safeSQLIdentificatorNaming(conf.db)] \
|
||||
or not kb.data.cachedColumns[safeSQLIdentificatorNaming(conf.db)][safeSQLIdentificatorNaming(tbl, True)]:
|
||||
warnMsg = "unable to enumerate the columns for table "
|
||||
warnMsg += "'%s' on database" % unsafeSQLIdentificatorNaming(tbl)
|
||||
warnMsg += " '%s', skipping" % unsafeSQLIdentificatorNaming(conf.db)
|
||||
|
|
@ -1492,7 +1492,7 @@ class Enumeration:
|
|||
|
||||
continue
|
||||
|
||||
colList = kb.data.cachedColumns[unsafeSQLIdentificatorNaming(conf.db)][unsafeSQLIdentificatorNaming(tbl)].keys()
|
||||
colList = kb.data.cachedColumns[safeSQLIdentificatorNaming(conf.db)][safeSQLIdentificatorNaming(tbl, True)].keys()
|
||||
colString = ", ".join(column for column in colList)
|
||||
rootQuery = queries[Backend.getIdentifiedDbms()].dump_table
|
||||
|
||||
|
|
@ -1678,8 +1678,8 @@ class Enumeration:
|
|||
|
||||
if len(kb.data.dumpedTable) > 0:
|
||||
kb.data.dumpedTable["__infos__"] = { "count": entriesCount,
|
||||
"table": unsafeSQLIdentificatorNaming(tbl),
|
||||
"db": unsafeSQLIdentificatorNaming(conf.db) }
|
||||
"table": safeSQLIdentificatorNaming(tbl, True),
|
||||
"db": safeSQLIdentificatorNaming(conf.db) }
|
||||
|
||||
attackDumpedTable()
|
||||
conf.dumper.dbTableValues(kb.data.dumpedTable)
|
||||
|
|
|
|||
Loading…
Reference in New Issue
Block a user