mirror of
https://github.com/sqlmapproject/sqlmap.git
synced 2024-11-25 19:13:48 +03:00
Minor just in case commit (plural/singular unArrayize())
This commit is contained in:
parent
b94a5d42d4
commit
0f62e677b5
|
@ -103,10 +103,10 @@ class Databases:
|
|||
query = rootQuery.inband.query2
|
||||
else:
|
||||
query = rootQuery.inband.query
|
||||
value = inject.getValue(query, blind=False, time=False)
|
||||
values = inject.getValue(query, blind=False, time=False)
|
||||
|
||||
if not isNoneValue(value):
|
||||
kb.data.cachedDbs = arrayizeValue(value)
|
||||
if not isNoneValue(values):
|
||||
kb.data.cachedDbs = arrayizeValue(values)
|
||||
|
||||
if not kb.data.cachedDbs and isInferenceAvailable() and not conf.direct:
|
||||
infoMsg = "fetching number of databases"
|
||||
|
@ -132,7 +132,7 @@ class Databases:
|
|||
query = rootQuery.blind.query2 % index
|
||||
else:
|
||||
query = rootQuery.blind.query % index
|
||||
db = inject.getValue(query, union=False, error=False)
|
||||
db = unArrayizeValue(inject.getValue(query, union=False, error=False))
|
||||
|
||||
if db:
|
||||
kb.data.cachedDbs.append(safeSQLIdentificatorNaming(db))
|
||||
|
@ -269,15 +269,15 @@ class Databases:
|
|||
if len(dbs) < 2 and ("%s," % condition) in query:
|
||||
query = query.replace("%s," % condition, "", 1)
|
||||
|
||||
value = inject.getValue(query, blind=False, time=False)
|
||||
values = inject.getValue(query, blind=False, time=False)
|
||||
|
||||
if not isNoneValue(value):
|
||||
value = filter(None, arrayizeValue(value))
|
||||
if not isNoneValue(values):
|
||||
values = filter(None, arrayizeValue(values))
|
||||
|
||||
if len(value) > 0 and not isListLike(value[0]):
|
||||
value = map(lambda x: (dbs[0], x), value)
|
||||
if len(values) > 0 and not isListLike(values[0]):
|
||||
values = map(lambda x: (dbs[0], x), values)
|
||||
|
||||
for db, table in filterPairValues(value):
|
||||
for db, table in filterPairValues(values):
|
||||
db = safeSQLIdentificatorNaming(db)
|
||||
table = safeSQLIdentificatorNaming(table, True)
|
||||
|
||||
|
@ -332,7 +332,7 @@ class Databases:
|
|||
else:
|
||||
query = rootQuery.blind.query % (unsafeSQLIdentificatorNaming(db), index)
|
||||
|
||||
table = inject.getValue(query, union=False, error=False)
|
||||
table = unArrayizeValue(inject.getValue(query, union=False, error=False))
|
||||
if not isNoneValue(table):
|
||||
kb.hintValue = table
|
||||
table = safeSQLIdentificatorNaming(table, True)
|
||||
|
@ -522,15 +522,15 @@ class Databases:
|
|||
elif Backend.isDbms(DBMS.SQLITE):
|
||||
query = rootQuery.inband.query % tbl
|
||||
|
||||
value = inject.getValue(query, blind=False, time=False)
|
||||
values = inject.getValue(query, blind=False, time=False)
|
||||
|
||||
if Backend.isDbms(DBMS.SQLITE):
|
||||
parseSqliteTableSchema(unArrayizeValue(value))
|
||||
elif not isNoneValue(value):
|
||||
parseSqliteTableSchema(unArrayizeValue(values))
|
||||
elif not isNoneValue(values):
|
||||
table = {}
|
||||
columns = {}
|
||||
|
||||
for columnData in value:
|
||||
for columnData in values:
|
||||
if not isNoneValue(columnData):
|
||||
name = safeSQLIdentificatorNaming(columnData[0])
|
||||
|
||||
|
@ -584,6 +584,8 @@ class Databases:
|
|||
query += condQuery
|
||||
|
||||
elif Backend.isDbms(DBMS.MSSQL):
|
||||
import pdb
|
||||
pdb.set_trace()
|
||||
query = rootQuery.blind.count % (conf.db, conf.db, \
|
||||
unsafeSQLIdentificatorNaming(tbl).split(".")[-1])
|
||||
query += condQuery.replace("[DB]", conf.db)
|
||||
|
@ -594,7 +596,7 @@ class Databases:
|
|||
|
||||
elif Backend.isDbms(DBMS.SQLITE):
|
||||
query = rootQuery.blind.query % tbl
|
||||
value = inject.getValue(query, union=False, error=False)
|
||||
value = unArrayizeValue(inject.getValue(query, union=False, error=False))
|
||||
parseSqliteTableSchema(value)
|
||||
return kb.data.cachedColumns
|
||||
|
||||
|
@ -630,7 +632,7 @@ class Databases:
|
|||
field = None
|
||||
|
||||
query = agent.limitQuery(index, query, field, field)
|
||||
column = inject.getValue(query, union=False, error=False)
|
||||
column = unArrayizeValue(inject.getValue(query, union=False, error=False))
|
||||
|
||||
if not isNoneValue(column):
|
||||
if not onlyColNames:
|
||||
|
@ -644,7 +646,7 @@ class Databases:
|
|||
elif Backend.isDbms(DBMS.FIREBIRD):
|
||||
query = rootQuery.blind.query2 % (tbl, column)
|
||||
|
||||
colType = inject.getValue(query, union=False, error=False)
|
||||
colType = unArrayizeValue(inject.getValue(query, union=False, error=False))
|
||||
|
||||
if Backend.isDbms(DBMS.FIREBIRD):
|
||||
colType = FIREBIRD_TYPES.get(colType, colType)
|
||||
|
|
|
@ -15,6 +15,7 @@ from lib.core.common import isNumPosStrValue
|
|||
from lib.core.common import isTechniqueAvailable
|
||||
from lib.core.common import readInput
|
||||
from lib.core.common import safeSQLIdentificatorNaming
|
||||
from lib.core.common import unArrayizeValue
|
||||
from lib.core.common import unsafeSQLIdentificatorNaming
|
||||
from lib.core.data import conf
|
||||
from lib.core.data import kb
|
||||
|
@ -127,7 +128,7 @@ class Search:
|
|||
query += ") AS foobar"
|
||||
query = agent.limitQuery(index, query, dbCond)
|
||||
|
||||
value = inject.getValue(query, union=False, error=False)
|
||||
value = unArrayizeValue(inject.getValue(query, union=False, error=False))
|
||||
value = safeSQLIdentificatorNaming(value)
|
||||
foundDbs.append(value)
|
||||
|
||||
|
@ -234,7 +235,7 @@ class Search:
|
|||
query += ") AS foobar"
|
||||
query = agent.limitQuery(index, query)
|
||||
|
||||
foundDb = inject.getValue(query, union=False, error=False)
|
||||
foundDb = unArrayizeValue(inject.getValue(query, union=False, error=False))
|
||||
foundDb = safeSQLIdentificatorNaming(foundDb)
|
||||
|
||||
if foundDb not in foundTbls:
|
||||
|
@ -278,7 +279,7 @@ class Search:
|
|||
query += " AND %s" % tblQuery
|
||||
query = agent.limitQuery(index, query)
|
||||
|
||||
foundTbl = inject.getValue(query, union=False, error=False)
|
||||
foundTbl = unArrayizeValue(inject.getValue(query, union=False, error=False))
|
||||
kb.hintValue = foundTbl
|
||||
foundTbl = safeSQLIdentificatorNaming(foundTbl, True)
|
||||
foundTbls[db].append(foundTbl)
|
||||
|
@ -452,7 +453,7 @@ class Search:
|
|||
if Backend.isDbms(DBMS.DB2):
|
||||
query += ") AS foobar"
|
||||
query = agent.limitQuery(index, query)
|
||||
db = inject.getValue(query, union=False, error=False)
|
||||
db = unArrayizeValue(inject.getValue(query, union=False, error=False))
|
||||
db = safeSQLIdentificatorNaming(db)
|
||||
|
||||
if db not in dbs:
|
||||
|
@ -507,7 +508,7 @@ class Search:
|
|||
query += " AND %s" % colQuery
|
||||
query += whereTblsQuery
|
||||
query = agent.limitQuery(index, query)
|
||||
tbl = inject.getValue(query, union=False, error=False)
|
||||
tbl = unArrayizeValue(inject.getValue(query, union=False, error=False))
|
||||
kb.hintValue = tbl
|
||||
|
||||
tbl = safeSQLIdentificatorNaming(tbl, True)
|
||||
|
|
|
@ -98,10 +98,10 @@ class Users:
|
|||
query = rootQuery.inband.query2
|
||||
else:
|
||||
query = rootQuery.inband.query
|
||||
value = inject.getValue(query, blind=False, time=False)
|
||||
values = inject.getValue(query, blind=False, time=False)
|
||||
|
||||
if not isNoneValue(value):
|
||||
kb.data.cachedUsers = arrayizeValue(value)
|
||||
if not isNoneValue(values):
|
||||
kb.data.cachedUsers = arrayizeValue(values)
|
||||
|
||||
if not kb.data.cachedUsers and isInferenceAvailable() and not conf.direct:
|
||||
infoMsg = "fetching number of database users"
|
||||
|
@ -128,7 +128,7 @@ class Users:
|
|||
query = rootQuery.blind.query2 % index
|
||||
else:
|
||||
query = rootQuery.blind.query % index
|
||||
user = inject.getValue(query, union=False, error=False)
|
||||
user = unArrayizeValue(inject.getValue(query, union=False, error=False))
|
||||
|
||||
if user:
|
||||
kb.data.cachedUsers.append(user)
|
||||
|
@ -195,9 +195,9 @@ class Users:
|
|||
|
||||
getCurrentThreadData().disableStdOut = False
|
||||
else:
|
||||
value = inject.getValue(query, blind=False, time=False)
|
||||
values = inject.getValue(query, blind=False, time=False)
|
||||
|
||||
for user, password in filterPairValues(value):
|
||||
for user, password in filterPairValues(values):
|
||||
if not user or user == " ":
|
||||
continue
|
||||
|
||||
|
@ -278,7 +278,7 @@ class Users:
|
|||
else:
|
||||
query = rootQuery.blind.query % (user, index)
|
||||
|
||||
password = inject.getValue(query, union=False, error=False)
|
||||
password = unArrayizeValue(inject.getValue(query, union=False, error=False))
|
||||
password = parsePasswordHash(password)
|
||||
passwords.append(password)
|
||||
|
||||
|
@ -504,7 +504,7 @@ class Users:
|
|||
query = rootQuery.blind.query % (index, user)
|
||||
else:
|
||||
query = rootQuery.blind.query % (user, index)
|
||||
privilege = inject.getValue(query, union=False, error=False)
|
||||
privilege = unArrayizeValue(inject.getValue(query, union=False, error=False))
|
||||
|
||||
# In PostgreSQL we get 1 if the privilege is True,
|
||||
# 0 otherwise
|
||||
|
|
Loading…
Reference in New Issue
Block a user