sqlmapproject/sqlmap
1
1
Fork 0
mirror of https://github.com/sqlmapproject/sqlmap.git synced 2024-11-22 09:36:35 +03:00
Code Issues Packages Projects Releases Wiki Activity

Minor just in case commit (plural/singular unArrayize())

Browse Source
This commit is contained in:
Miroslav Stampar 2012-12-21 10:15:42 +01:00
parent b94a5d42d4
commit 0f62e677b5
3 changed files with 34 additions and 31 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

38
plugins/generic/databases.py
View File

@ -103,10 +103,10 @@ class Databases:
query = rootQuery.inband.query2 query = rootQuery.inband.query2
else: else:
query = rootQuery.inband.query query = rootQuery.inband.query
value = inject.getValue(query, blind=False, time=False) values = inject.getValue(query, blind=False, time=False)
if not isNoneValue(value): if not isNoneValue(values):
kb.data.cachedDbs = arrayizeValue(value) kb.data.cachedDbs = arrayizeValue(values)
if not kb.data.cachedDbs and isInferenceAvailable() and not conf.direct: if not kb.data.cachedDbs and isInferenceAvailable() and not conf.direct:
infoMsg = "fetching number of databases" infoMsg = "fetching number of databases"
@ -132,7 +132,7 @@ class Databases:
query = rootQuery.blind.query2 % index query = rootQuery.blind.query2 % index
else: else:
query = rootQuery.blind.query % index query = rootQuery.blind.query % index
db = inject.getValue(query, union=False, error=False) db = unArrayizeValue(inject.getValue(query, union=False, error=False))
if db: if db:
kb.data.cachedDbs.append(safeSQLIdentificatorNaming(db)) kb.data.cachedDbs.append(safeSQLIdentificatorNaming(db))
@ -269,15 +269,15 @@ class Databases:
if len(dbs) < 2 and ("%s," % condition) in query: if len(dbs) < 2 and ("%s," % condition) in query:
query = query.replace("%s," % condition, "", 1) query = query.replace("%s," % condition, "", 1)
value = inject.getValue(query, blind=False, time=False) values = inject.getValue(query, blind=False, time=False)
if not isNoneValue(value): if not isNoneValue(values):
value = filter(None, arrayizeValue(value)) values = filter(None, arrayizeValue(values))
if len(value) > 0 and not isListLike(value[0]): if len(values) > 0 and not isListLike(values[0]):
value = map(lambda x: (dbs[0], x), value) values = map(lambda x: (dbs[0], x), values)
for db, table in filterPairValues(value): for db, table in filterPairValues(values):
db = safeSQLIdentificatorNaming(db) db = safeSQLIdentificatorNaming(db)
table = safeSQLIdentificatorNaming(table, True) table = safeSQLIdentificatorNaming(table, True)
@ -332,7 +332,7 @@ class Databases:
else: else:
query = rootQuery.blind.query % (unsafeSQLIdentificatorNaming(db), index) query = rootQuery.blind.query % (unsafeSQLIdentificatorNaming(db), index)
table = inject.getValue(query, union=False, error=False) table = unArrayizeValue(inject.getValue(query, union=False, error=False))
if not isNoneValue(table): if not isNoneValue(table):
kb.hintValue = table kb.hintValue = table
table = safeSQLIdentificatorNaming(table, True) table = safeSQLIdentificatorNaming(table, True)
@ -522,15 +522,15 @@ class Databases:
elif Backend.isDbms(DBMS.SQLITE): elif Backend.isDbms(DBMS.SQLITE):
query = rootQuery.inband.query % tbl query = rootQuery.inband.query % tbl
value = inject.getValue(query, blind=False, time=False) values = inject.getValue(query, blind=False, time=False)
if Backend.isDbms(DBMS.SQLITE): if Backend.isDbms(DBMS.SQLITE):
parseSqliteTableSchema(unArrayizeValue(value)) parseSqliteTableSchema(unArrayizeValue(values))
elif not isNoneValue(value): elif not isNoneValue(values):
table = {} table = {}
columns = {} columns = {}
for columnData in value: for columnData in values:
if not isNoneValue(columnData): if not isNoneValue(columnData):
name = safeSQLIdentificatorNaming(columnData[0]) name = safeSQLIdentificatorNaming(columnData[0])
@ -584,6 +584,8 @@ class Databases:
query += condQuery query += condQuery
elif Backend.isDbms(DBMS.MSSQL): elif Backend.isDbms(DBMS.MSSQL):
import pdb
pdb.set_trace()
query = rootQuery.blind.count % (conf.db, conf.db, \ query = rootQuery.blind.count % (conf.db, conf.db, \
unsafeSQLIdentificatorNaming(tbl).split(".")[-1]) unsafeSQLIdentificatorNaming(tbl).split(".")[-1])
query += condQuery.replace("[DB]", conf.db) query += condQuery.replace("[DB]", conf.db)
@ -594,7 +596,7 @@ class Databases:
elif Backend.isDbms(DBMS.SQLITE): elif Backend.isDbms(DBMS.SQLITE):
query = rootQuery.blind.query % tbl query = rootQuery.blind.query % tbl
value = inject.getValue(query, union=False, error=False) value = unArrayizeValue(inject.getValue(query, union=False, error=False))
parseSqliteTableSchema(value) parseSqliteTableSchema(value)
return kb.data.cachedColumns return kb.data.cachedColumns
@ -630,7 +632,7 @@ class Databases:
field = None field = None
query = agent.limitQuery(index, query, field, field) query = agent.limitQuery(index, query, field, field)
column = inject.getValue(query, union=False, error=False) column = unArrayizeValue(inject.getValue(query, union=False, error=False))
if not isNoneValue(column): if not isNoneValue(column):
if not onlyColNames: if not onlyColNames:
@ -644,7 +646,7 @@ class Databases:
elif Backend.isDbms(DBMS.FIREBIRD): elif Backend.isDbms(DBMS.FIREBIRD):
query = rootQuery.blind.query2 % (tbl, column) query = rootQuery.blind.query2 % (tbl, column)
colType = inject.getValue(query, union=False, error=False) colType = unArrayizeValue(inject.getValue(query, union=False, error=False))
if Backend.isDbms(DBMS.FIREBIRD): if Backend.isDbms(DBMS.FIREBIRD):
colType = FIREBIRD_TYPES.get(colType, colType) colType = FIREBIRD_TYPES.get(colType, colType)

11
plugins/generic/search.py
View File

@ -15,6 +15,7 @@ from lib.core.common import isNumPosStrValue
from lib.core.common import isTechniqueAvailable from lib.core.common import isTechniqueAvailable
from lib.core.common import readInput from lib.core.common import readInput
from lib.core.common import safeSQLIdentificatorNaming from lib.core.common import safeSQLIdentificatorNaming
from lib.core.common import unArrayizeValue
from lib.core.common import unsafeSQLIdentificatorNaming from lib.core.common import unsafeSQLIdentificatorNaming
from lib.core.data import conf from lib.core.data import conf
from lib.core.data import kb from lib.core.data import kb
@ -127,7 +128,7 @@ class Search:
query += ") AS foobar" query += ") AS foobar"
query = agent.limitQuery(index, query, dbCond) query = agent.limitQuery(index, query, dbCond)
value = inject.getValue(query, union=False, error=False) value = unArrayizeValue(inject.getValue(query, union=False, error=False))
value = safeSQLIdentificatorNaming(value) value = safeSQLIdentificatorNaming(value)
foundDbs.append(value) foundDbs.append(value)
@ -234,7 +235,7 @@ class Search:
query += ") AS foobar" query += ") AS foobar"
query = agent.limitQuery(index, query) query = agent.limitQuery(index, query)
foundDb = inject.getValue(query, union=False, error=False) foundDb = unArrayizeValue(inject.getValue(query, union=False, error=False))
foundDb = safeSQLIdentificatorNaming(foundDb) foundDb = safeSQLIdentificatorNaming(foundDb)
if foundDb not in foundTbls: if foundDb not in foundTbls:
@ -278,7 +279,7 @@ class Search:
query += " AND %s" % tblQuery query += " AND %s" % tblQuery
query = agent.limitQuery(index, query) query = agent.limitQuery(index, query)
foundTbl = inject.getValue(query, union=False, error=False) foundTbl = unArrayizeValue(inject.getValue(query, union=False, error=False))
kb.hintValue = foundTbl kb.hintValue = foundTbl
foundTbl = safeSQLIdentificatorNaming(foundTbl, True) foundTbl = safeSQLIdentificatorNaming(foundTbl, True)
foundTbls[db].append(foundTbl) foundTbls[db].append(foundTbl)
@ -452,7 +453,7 @@ class Search:
if Backend.isDbms(DBMS.DB2): if Backend.isDbms(DBMS.DB2):
query += ") AS foobar" query += ") AS foobar"
query = agent.limitQuery(index, query) query = agent.limitQuery(index, query)
db = inject.getValue(query, union=False, error=False) db = unArrayizeValue(inject.getValue(query, union=False, error=False))
db = safeSQLIdentificatorNaming(db) db = safeSQLIdentificatorNaming(db)
if db not in dbs: if db not in dbs:
@ -507,7 +508,7 @@ class Search:
query += " AND %s" % colQuery query += " AND %s" % colQuery
query += whereTblsQuery query += whereTblsQuery
query = agent.limitQuery(index, query) query = agent.limitQuery(index, query)
tbl = inject.getValue(query, union=False, error=False) tbl = unArrayizeValue(inject.getValue(query, union=False, error=False))
kb.hintValue = tbl kb.hintValue = tbl
tbl = safeSQLIdentificatorNaming(tbl, True) tbl = safeSQLIdentificatorNaming(tbl, True)

16
plugins/generic/users.py
View File

@ -98,10 +98,10 @@ class Users:
query = rootQuery.inband.query2 query = rootQuery.inband.query2
else: else:
query = rootQuery.inband.query query = rootQuery.inband.query
value = inject.getValue(query, blind=False, time=False) values = inject.getValue(query, blind=False, time=False)
if not isNoneValue(value): if not isNoneValue(values):
kb.data.cachedUsers = arrayizeValue(value) kb.data.cachedUsers = arrayizeValue(values)
if not kb.data.cachedUsers and isInferenceAvailable() and not conf.direct: if not kb.data.cachedUsers and isInferenceAvailable() and not conf.direct:
infoMsg = "fetching number of database users" infoMsg = "fetching number of database users"
@ -128,7 +128,7 @@ class Users:
query = rootQuery.blind.query2 % index query = rootQuery.blind.query2 % index
else: else:
query = rootQuery.blind.query % index query = rootQuery.blind.query % index
user = inject.getValue(query, union=False, error=False) user = unArrayizeValue(inject.getValue(query, union=False, error=False))
if user: if user:
kb.data.cachedUsers.append(user) kb.data.cachedUsers.append(user)
@ -195,9 +195,9 @@ class Users:
getCurrentThreadData().disableStdOut = False getCurrentThreadData().disableStdOut = False
else: else:
value = inject.getValue(query, blind=False, time=False) values = inject.getValue(query, blind=False, time=False)
for user, password in filterPairValues(value): for user, password in filterPairValues(values):
if not user or user == " ": if not user or user == " ":
continue continue
@ -278,7 +278,7 @@ class Users:
else: else:
query = rootQuery.blind.query % (user, index) query = rootQuery.blind.query % (user, index)
password = inject.getValue(query, union=False, error=False) password = unArrayizeValue(inject.getValue(query, union=False, error=False))
password = parsePasswordHash(password) password = parsePasswordHash(password)
passwords.append(password) passwords.append(password)
@ -504,7 +504,7 @@ class Users:
query = rootQuery.blind.query % (index, user) query = rootQuery.blind.query % (index, user)
else: else:
query = rootQuery.blind.query % (user, index) query = rootQuery.blind.query % (user, index)
privilege = inject.getValue(query, union=False, error=False) privilege = unArrayizeValue(inject.getValue(query, union=False, error=False))
# In PostgreSQL we get 1 if the privilege is True, # In PostgreSQL we get 1 if the privilege is True,
# 0 otherwise # 0 otherwise