sqlmapproject/sqlmap
1
1
Fork 0
mirror of https://github.com/sqlmapproject/sqlmap.git synced 2024-11-25 11:03:47 +03:00
Code Issues Packages Projects Releases Wiki Activity

Mere cosmetics

Browse Source
This commit is contained in:
Bernardo Damele 2011-01-07 16:36:32 +00:00
parent 1a079c62cb
commit 16a06117f7
2 changed files with 16 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

12
lib/techniques/brute/use.py
View File

@ -33,14 +33,17 @@ from lib.request import inject
def tableExists(tableFile, regex=None): def tableExists(tableFile, regex=None):
tables = getFileItems(tableFile, lowercase=kb.dbms in (DBMS.ACCESS), unique=True) tables = getFileItems(tableFile, lowercase=kb.dbms in (DBMS.ACCESS), unique=True)
retVal = [] retVal = []
infoMsg = "checking table existence using items from '%s'" % tableFile infoMsg = "checking table existence using items from '%s'" % tableFile
logger.info(infoMsg) logger.info(infoMsg)
infoMsg = "adding words used on web page to the check list" infoMsg = "adding words used on web page to the check list"
logger.info(infoMsg) logger.info(infoMsg)
pageWords = getPageTextWordsSet(kb.originalPage) pageWords = getPageTextWordsSet(kb.originalPage)
for word in pageWords: for word in pageWords:
word = word.lower() word = word.lower()
if len(word) > 2 and not word[0].isdigit() and word not in tables: if len(word) > 2 and not word[0].isdigit() and word not in tables:
tables.append(word) tables.append(word)
@ -64,9 +67,11 @@ def tableExists(tableFile, regex=None):
fullTableName = "%s.%s" % (conf.db, table) fullTableName = "%s.%s" % (conf.db, table)
else: else:
fullTableName = table fullTableName = table
result = inject.checkBooleanExpression("%s" % safeStringFormat("EXISTS(SELECT %d FROM %s)", (randomInt(1), fullTableName))) result = inject.checkBooleanExpression("%s" % safeStringFormat("EXISTS(SELECT %d FROM %s)", (randomInt(1), fullTableName)))
iolock.acquire() iolock.acquire()
if result: if result:
retVal.append(table) retVal.append(table)
@ -82,6 +87,7 @@ def tableExists(tableFile, regex=None):
if conf.verbose in (1, 2): if conf.verbose in (1, 2):
status = '%d/%d items (%d%s)' % (count[0], length, round(100.0*count[0]/length), '%') status = '%d/%d items (%d%s)' % (count[0], length, round(100.0*count[0]/length), '%')
dataToStdout("\r[%s] [INFO] tried: %s" % (time.strftime("%X"), status), True) dataToStdout("\r[%s] [INFO] tried: %s" % (time.strftime("%X"), status), True)
iolock.release() iolock.release()
if conf.threads > 1: if conf.threads > 1:
@ -100,8 +106,10 @@ def tableExists(tableFile, regex=None):
# And wait for them to all finish # And wait for them to all finish
try: try:
alive = True alive = True
while alive: while alive:
alive = False alive = False
for thread in threads: for thread in threads:
if thread.isAlive(): if thread.isAlive():
alive = True alive = True
@ -173,6 +181,7 @@ def columnExists(columnFile, regex=None):
result = inject.checkBooleanExpression("%s" % safeStringFormat("EXISTS(SELECT %s FROM %s)", (column, table))) result = inject.checkBooleanExpression("%s" % safeStringFormat("EXISTS(SELECT %s FROM %s)", (column, table)))
iolock.acquire() iolock.acquire()
if result: if result:
retVal.append(column) retVal.append(column)
@ -184,6 +193,7 @@ def columnExists(columnFile, regex=None):
if conf.verbose in (1, 2): if conf.verbose in (1, 2):
status = '%d/%d items (%d%s)' % (count[0], length, round(100.0*count[0]/length), '%') status = '%d/%d items (%d%s)' % (count[0], length, round(100.0*count[0]/length), '%')
dataToStdout("\r[%s] [INFO] tried: %s" % (time.strftime("%X"), status), True) dataToStdout("\r[%s] [INFO] tried: %s" % (time.strftime("%X"), status), True)
iolock.release() iolock.release()
if conf.threads > 1: if conf.threads > 1:
@ -202,8 +212,10 @@ def columnExists(columnFile, regex=None):
# And wait for them to all finish # And wait for them to all finish
try: try:
alive = True alive = True
while alive: while alive:
alive = False alive = False
for thread in threads: for thread in threads:
if thread.isAlive(): if thread.isAlive():
alive = True alive = True

5
plugins/generic/enumeration.py
View File

@ -1288,9 +1288,11 @@ class Enumeration:
pivotValue = " " pivotValue = " "
breakRetrieval = False breakRetrieval = False
for index in indexRange: for index in indexRange:
if breakRetrieval: if breakRetrieval:
break break
for column in colList: for column in colList:
if column not in lengths: if column not in lengths:
lengths[column] = 0 lengths[column] = 0
@ -1308,15 +1310,16 @@ class Enumeration:
query = rootQuery.blind.query2 % (column, conf.tbl, colList[0], pivotValue) query = rootQuery.blind.query2 % (column, conf.tbl, colList[0], pivotValue)
value = inject.getValue(query, inband=False) value = inject.getValue(query, inband=False)
if column == colList[0]: if column == colList[0]:
if not value: if not value:
breakRetrieval = True breakRetrieval = True
break break
else: else:
pivotValue = value pivotValue = value
lengths[column] = max(lengths[column], len(value) if value else 0) lengths[column] = max(lengths[column], len(value) if value else 0)
entries[column].append(value) entries[column].append(value)
else: else:
for index in indexRange: for index in indexRange:
for column in colList: for column in colList: