sqlmapproject/sqlmap
1
1
Fork 0
mirror of https://github.com/sqlmapproject/sqlmap.git synced 2024-11-22 01:26:42 +03:00
Code Issues Packages Projects Releases Wiki Activity

Minor just in case commit (plural/singular unArrayize())

Browse Source
This commit is contained in:
Miroslav Stampar 2012-12-21 10:15:42 +01:00
parent b94a5d42d4
commit 0f62e677b5
3 changed files with 34 additions and 31 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

38
plugins/generic/databases.py
View File

@ -103,10 +103,10 @@ class Databases:
query = rootQuery.inband.query2
else:
query = rootQuery.inband.query
value = inject.getValue(query, blind=False, time=False)
values = inject.getValue(query, blind=False, time=False)
if not isNoneValue(value):
kb.data.cachedDbs = arrayizeValue(value)
if not isNoneValue(values):
kb.data.cachedDbs = arrayizeValue(values)
if not kb.data.cachedDbs and isInferenceAvailable() and not conf.direct:
infoMsg = "fetching number of databases"
@ -132,7 +132,7 @@ class Databases:
query = rootQuery.blind.query2 % index
else:
query = rootQuery.blind.query % index
db = inject.getValue(query, union=False, error=False)
db = unArrayizeValue(inject.getValue(query, union=False, error=False))
if db:
kb.data.cachedDbs.append(safeSQLIdentificatorNaming(db))
@ -269,15 +269,15 @@ class Databases:
if len(dbs) < 2 and ("%s," % condition) in query:
query = query.replace("%s," % condition, "", 1)
value = inject.getValue(query, blind=False, time=False)
values = inject.getValue(query, blind=False, time=False)
if not isNoneValue(value):
value = filter(None, arrayizeValue(value))
if not isNoneValue(values):
values = filter(None, arrayizeValue(values))
if len(value) > 0 and not isListLike(value[0]):
value = map(lambda x: (dbs[0], x), value)
if len(values) > 0 and not isListLike(values[0]):
values = map(lambda x: (dbs[0], x), values)
for db, table in filterPairValues(value):
for db, table in filterPairValues(values):
db = safeSQLIdentificatorNaming(db)
table = safeSQLIdentificatorNaming(table, True)
@ -332,7 +332,7 @@ class Databases:
else:
query = rootQuery.blind.query % (unsafeSQLIdentificatorNaming(db), index)
table = inject.getValue(query, union=False, error=False)
table = unArrayizeValue(inject.getValue(query, union=False, error=False))
if not isNoneValue(table):
kb.hintValue = table
table = safeSQLIdentificatorNaming(table, True)
@ -522,15 +522,15 @@ class Databases:
elif Backend.isDbms(DBMS.SQLITE):
query = rootQuery.inband.query % tbl
value = inject.getValue(query, blind=False, time=False)
values = inject.getValue(query, blind=False, time=False)
if Backend.isDbms(DBMS.SQLITE):
parseSqliteTableSchema(unArrayizeValue(value))
elif not isNoneValue(value):
parseSqliteTableSchema(unArrayizeValue(values))
elif not isNoneValue(values):
table = {}
columns = {}
for columnData in value:
for columnData in values:
if not isNoneValue(columnData):
name = safeSQLIdentificatorNaming(columnData[0])
@ -584,6 +584,8 @@ class Databases:
query += condQuery
elif Backend.isDbms(DBMS.MSSQL):
import pdb
pdb.set_trace()
query = rootQuery.blind.count % (conf.db, conf.db, \
unsafeSQLIdentificatorNaming(tbl).split(".")[-1])
query += condQuery.replace("[DB]", conf.db)
@ -594,7 +596,7 @@ class Databases:
elif Backend.isDbms(DBMS.SQLITE):
query = rootQuery.blind.query % tbl
value = inject.getValue(query, union=False, error=False)
value = unArrayizeValue(inject.getValue(query, union=False, error=False))
parseSqliteTableSchema(value)
return kb.data.cachedColumns
@ -630,7 +632,7 @@ class Databases:
field = None
query = agent.limitQuery(index, query, field, field)
column = inject.getValue(query, union=False, error=False)
column = unArrayizeValue(inject.getValue(query, union=False, error=False))
if not isNoneValue(column):
if not onlyColNames:
@ -644,7 +646,7 @@ class Databases:
elif Backend.isDbms(DBMS.FIREBIRD):
query = rootQuery.blind.query2 % (tbl, column)
colType = inject.getValue(query, union=False, error=False)
colType = unArrayizeValue(inject.getValue(query, union=False, error=False))
if Backend.isDbms(DBMS.FIREBIRD):
colType = FIREBIRD_TYPES.get(colType, colType)

11
plugins/generic/search.py
View File

@ -15,6 +15,7 @@ from lib.core.common import isNumPosStrValue
from lib.core.common import isTechniqueAvailable
from lib.core.common import readInput
from lib.core.common import safeSQLIdentificatorNaming
from lib.core.common import unArrayizeValue
from lib.core.common import unsafeSQLIdentificatorNaming
from lib.core.data import conf
from lib.core.data import kb
@ -127,7 +128,7 @@ class Search:
query += ") AS foobar"
query = agent.limitQuery(index, query, dbCond)
value = inject.getValue(query, union=False, error=False)
value = unArrayizeValue(inject.getValue(query, union=False, error=False))
value = safeSQLIdentificatorNaming(value)
foundDbs.append(value)
@ -234,7 +235,7 @@ class Search:
query += ") AS foobar"
query = agent.limitQuery(index, query)
foundDb = inject.getValue(query, union=False, error=False)
foundDb = unArrayizeValue(inject.getValue(query, union=False, error=False))
foundDb = safeSQLIdentificatorNaming(foundDb)
if foundDb not in foundTbls:
@ -278,7 +279,7 @@ class Search:
query += " AND %s" % tblQuery
query = agent.limitQuery(index, query)
foundTbl = inject.getValue(query, union=False, error=False)
foundTbl = unArrayizeValue(inject.getValue(query, union=False, error=False))
kb.hintValue = foundTbl
foundTbl = safeSQLIdentificatorNaming(foundTbl, True)
foundTbls[db].append(foundTbl)
@ -452,7 +453,7 @@ class Search:
if Backend.isDbms(DBMS.DB2):
query += ") AS foobar"
query = agent.limitQuery(index, query)
db = inject.getValue(query, union=False, error=False)
db = unArrayizeValue(inject.getValue(query, union=False, error=False))
db = safeSQLIdentificatorNaming(db)
if db not in dbs:
@ -507,7 +508,7 @@ class Search:
query += " AND %s" % colQuery
query += whereTblsQuery
query = agent.limitQuery(index, query)
tbl = inject.getValue(query, union=False, error=False)
tbl = unArrayizeValue(inject.getValue(query, union=False, error=False))
kb.hintValue = tbl
tbl = safeSQLIdentificatorNaming(tbl, True)

16
plugins/generic/users.py
View File

@ -98,10 +98,10 @@ class Users:
query = rootQuery.inband.query2
else:
query = rootQuery.inband.query
value = inject.getValue(query, blind=False, time=False)
values = inject.getValue(query, blind=False, time=False)
if not isNoneValue(value):
kb.data.cachedUsers = arrayizeValue(value)
if not isNoneValue(values):
kb.data.cachedUsers = arrayizeValue(values)
if not kb.data.cachedUsers and isInferenceAvailable() and not conf.direct:
infoMsg = "fetching number of database users"
@ -128,7 +128,7 @@ class Users:
query = rootQuery.blind.query2 % index
else:
query = rootQuery.blind.query % index
user = inject.getValue(query, union=False, error=False)
user = unArrayizeValue(inject.getValue(query, union=False, error=False))
if user:
kb.data.cachedUsers.append(user)
@ -195,9 +195,9 @@ class Users:
getCurrentThreadData().disableStdOut = False
else:
value = inject.getValue(query, blind=False, time=False)
values = inject.getValue(query, blind=False, time=False)
for user, password in filterPairValues(value):
for user, password in filterPairValues(values):
if not user or user == " ":
continue
@ -278,7 +278,7 @@ class Users:
else:
query = rootQuery.blind.query % (user, index)
password = inject.getValue(query, union=False, error=False)
password = unArrayizeValue(inject.getValue(query, union=False, error=False))
password = parsePasswordHash(password)
passwords.append(password)
@ -504,7 +504,7 @@ class Users:
query = rootQuery.blind.query % (index, user)
else:
query = rootQuery.blind.query % (user, index)
privilege = inject.getValue(query, union=False, error=False)
privilege = unArrayizeValue(inject.getValue(query, union=False, error=False))
# In PostgreSQL we get 1 if the privilege is True,
# 0 otherwise