mirror of
				https://github.com/sqlmapproject/sqlmap.git
				synced 2025-10-25 21:21:03 +03:00 
			
		
		
		
	fixing a huge mess going on because of counting on error and union techniques
This commit is contained in:
		
							parent
							
								
									7ea45e9032
								
							
						
					
					
						commit
						0f7bce5c66
					
				|  | @ -194,8 +194,8 @@ def errorUse(expression, expected=None, resumeValue=True, dump=False): | ||||||
|        expression.upper() and ((Backend.getIdentifiedDbms() not in FROM_TABLE) \ |        expression.upper() and ((Backend.getIdentifiedDbms() not in FROM_TABLE) \ | ||||||
|        or (Backend.getIdentifiedDbms() in FROM_TABLE and not \ |        or (Backend.getIdentifiedDbms() in FROM_TABLE and not \ | ||||||
|        expression.upper().endswith(FROM_TABLE[Backend.getIdentifiedDbms()]))) \ |        expression.upper().endswith(FROM_TABLE[Backend.getIdentifiedDbms()]))) \ | ||||||
|        and "EXISTS(" not in expression.upper() and "COUNT(*)" not in expression.upper() \ |        and ("(CASE" not in expression.upper() or ("(CASE" in expression.upper() and "WHEN use" in expression))) \ | ||||||
|        and ("(CASE" not in expression.upper() or ("(CASE" in expression.upper() and "WHEN use" in expression))): |        and not any(map(lambda x: x in expression.upper(), ["COUNT(*)", "EXISTS(", "MAX(", "MIN("])): | ||||||
| 
 | 
 | ||||||
|         limitRegExp = re.search(queries[Backend.getIdentifiedDbms()].limitregexp.query, expression, re.I) |         limitRegExp = re.search(queries[Backend.getIdentifiedDbms()].limitregexp.query, expression, re.I) | ||||||
|         topLimit = re.search("TOP\s+([\d]+)\s+", expression, re.I) |         topLimit = re.search("TOP\s+([\d]+)\s+", expression, re.I) | ||||||
|  |  | ||||||
|  | @ -137,8 +137,7 @@ def unionUse(expression, unpack=True, dump=False): | ||||||
|        " FROM " in expression.upper() and ((Backend.getIdentifiedDbms() \ |        " FROM " in expression.upper() and ((Backend.getIdentifiedDbms() \ | ||||||
|        not in FROM_TABLE) or (Backend.getIdentifiedDbms() in FROM_TABLE \ |        not in FROM_TABLE) or (Backend.getIdentifiedDbms() in FROM_TABLE \ | ||||||
|        and not expression.upper().endswith(FROM_TABLE[Backend.getIdentifiedDbms()]))) \ |        and not expression.upper().endswith(FROM_TABLE[Backend.getIdentifiedDbms()]))) \ | ||||||
|        and "EXISTS(" not in expression.upper() and "COUNT(*)" not in expression.upper() \ |        and not any(map(lambda x: x in expression.upper(), ["(CASE", "COUNT(*)", "EXISTS(", "MAX(", "MIN("])): | ||||||
|        and "(CASE" not in expression.upper(): |  | ||||||
| 
 | 
 | ||||||
|         limitRegExp = re.search(queries[Backend.getIdentifiedDbms()].limitregexp.query, expression, re.I) |         limitRegExp = re.search(queries[Backend.getIdentifiedDbms()].limitregexp.query, expression, re.I) | ||||||
|         topLimit = re.search("TOP\s+([\d]+)\s+", expression, re.I) |         topLimit = re.search("TOP\s+([\d]+)\s+", expression, re.I) | ||||||
|  |  | ||||||
|  | @ -898,7 +898,7 @@ class Enumeration: | ||||||
|         if "." in conf.tbl: |         if "." in conf.tbl: | ||||||
|             if not conf.db: |             if not conf.db: | ||||||
|                 conf.db, conf.tbl = conf.tbl.split(".") |                 conf.db, conf.tbl = conf.tbl.split(".") | ||||||
|         elif Backend.getIdentifiedDbms() in (DBMS.MSSQL, DBMS.SYBASE): |         elif Backend.getIdentifiedDbms() == DBMS.MSSQL: | ||||||
|             conf.tbl = "dbo.%s" % conf.tbl |             conf.tbl = "dbo.%s" % conf.tbl | ||||||
| 
 | 
 | ||||||
|         self.forceDbmsEnum() |         self.forceDbmsEnum() | ||||||
|  | @ -1125,6 +1125,7 @@ class Enumeration: | ||||||
|             logger.info(infoMsg) |             logger.info(infoMsg) | ||||||
| 
 | 
 | ||||||
|             query = dumpNode.count2 % (column, table) |             query = dumpNode.count2 % (column, table) | ||||||
|  | 
 | ||||||
|             if blind: |             if blind: | ||||||
|                 value = inject.getValue(query, inband=False, error=False) |                 value = inject.getValue(query, inband=False, error=False) | ||||||
|             else: |             else: | ||||||
|  | @ -1178,6 +1179,9 @@ class Enumeration: | ||||||
|                 if blind: |                 if blind: | ||||||
|                     value = inject.getValue(query, inband=False, error=False) |                     value = inject.getValue(query, inband=False, error=False) | ||||||
|                 else: |                 else: | ||||||
|  |                     print 1111 | ||||||
|  |                     import pdb | ||||||
|  |                     pdb.set_trace() | ||||||
|                     value = inject.getValue(query, blind=False) |                     value = inject.getValue(query, blind=False) | ||||||
| 
 | 
 | ||||||
|                 if column == colList[0]: |                 if column == colList[0]: | ||||||
|  | @ -1209,7 +1213,7 @@ class Enumeration: | ||||||
|         if "." in conf.tbl: |         if "." in conf.tbl: | ||||||
|             if not conf.db: |             if not conf.db: | ||||||
|                 conf.db, conf.tbl = conf.tbl.split(".") |                 conf.db, conf.tbl = conf.tbl.split(".") | ||||||
|         elif Backend.getIdentifiedDbms() in (DBMS.MSSQL, DBMS.SYBASE): |         elif Backend.getIdentifiedDbms() == DBMS.MSSQL: | ||||||
|             conf.tbl = "dbo.%s" % conf.tbl |             conf.tbl = "dbo.%s" % conf.tbl | ||||||
| 
 | 
 | ||||||
|         self.forceDbmsEnum() |         self.forceDbmsEnum() | ||||||
|  |  | ||||||
		Loading…
	
		Reference in New Issue
	
	Block a user