sqlmapproject/sqlmap
1
1
Fork 0
mirror of https://github.com/sqlmapproject/sqlmap.git synced 2024-11-22 17:46:37 +03:00
Code Issues Packages Projects Releases Wiki Activity

Implementation for cases when there are multiple copies/variations of the same result(s) in response for partial UNION SQLi

Browse Source
This commit is contained in:
Miroslav Stampar 2014-08-13 22:50:42 +02:00
parent 0809a61fc3
commit 0fb576724e
1 changed files with 15 additions and 4 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

19
lib/techniques/union/use.py
View File

@ -52,6 +52,7 @@ from lib.core.threads import runThreads
from lib.core.unescaper import unescaper from lib.core.unescaper import unescaper
from lib.request.connect import Connect as Request from lib.request.connect import Connect as Request
from lib.utils.progress import ProgressBar from lib.utils.progress import ProgressBar
from thirdparty.odict.odict import OrderedDict
def _oneShotUnionUse(expression, unpack=True, limited=False): def _oneShotUnionUse(expression, unpack=True, limited=False):
retVal = hashDBRetrieve("%s%s" % (conf.hexConvert, expression), checkConf=True) # as union data is stored raw unconverted retVal = hashDBRetrieve("%s%s" % (conf.hexConvert, expression), checkConf=True) # as union data is stored raw unconverted
@ -276,12 +277,22 @@ def unionUse(expression, unpack=True, dump=False):
with kb.locks.value: with kb.locks.value:
if all(map(lambda _: _ in output, (kb.chars.start, kb.chars.stop))): if all(map(lambda _: _ in output, (kb.chars.start, kb.chars.stop))):
items = parseUnionPage(output) items = parseUnionPage(output)
if threadData.shared.showEta: if threadData.shared.showEta:
threadData.shared.progress.progress(time.time() - valueStart, threadData.shared.counter) threadData.shared.progress.progress(time.time() - valueStart, threadData.shared.counter)
# in case that we requested N columns and we get M!=N then we have to filter a bit if isListLike(items):
if isListLike(items) and len(items) > 1 and len(expressionFieldsList) > 1: # in case that we requested N columns and we get M!=N then we have to filter a bit
items = [item for item in items if isListLike(item) and len(item) == len(expressionFieldsList)] if len(items) > 1 and len(expressionFieldsList) > 1:
items = [item for item in items if isListLike(item) and len(item) == len(expressionFieldsList)]
items = [_ for _ in flattenValue(items)]
if len(items) > len(expressionFieldsList):
filtered = OrderedDict()
for item in items:
key = re.sub(r"[^A-Za-z0-9]", "", item).lower()
if key not in filtered or re.search(r"[^A-Za-z0-9]", item):
filtered[key] = item
items = filtered.values()
items = [items]
index = None index = None
for index in xrange(len(threadData.shared.buffered)): for index in xrange(len(threadData.shared.buffered)):
if threadData.shared.buffered[index][0] >= num: if threadData.shared.buffered[index][0] >= num: