sqlmapproject/sqlmap
1
1
Fork 0
mirror of https://github.com/sqlmapproject/sqlmap.git synced 2025-10-26 05:31:04 +03:00
Code Issues Packages Projects Releases Wiki Activity

more work on #33

Browse Source
This commit is contained in:
Bernardo Damele 2012-07-10 00:53:07 +01:00
parent c4af7b9aa0
commit 2527554f8e
3 changed files with 15 additions and 6 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

11
lib/core/common.py
View File

@ -1548,8 +1548,11 @@ def getSQLSnippet(dbms, sfile, **variables):
Returns content of SQL snippet located inside 'procs/' directory Returns content of SQL snippet located inside 'procs/' directory
""" """
filename = os.path.join(paths.SQLMAP_PROCS_PATH, DBMS_DIRECTORY_DICT[dbms], sfile if sfile.endswith('.sql') else "%s.sql" % sfile) if os.path.exists(sfile):
checkFile(filename) filename = sfile
else:
filename = os.path.join(paths.SQLMAP_PROCS_PATH, DBMS_DIRECTORY_DICT[dbms], sfile if sfile.endswith('.sql') else "%s.sql" % sfile)
checkFile(filename)
retVal = readCachedFileContent(filename) retVal = readCachedFileContent(filename)
retVal = re.sub(r"#.+", "", retVal) retVal = re.sub(r"#.+", "", retVal)
@ -1564,10 +1567,10 @@ def getSQLSnippet(dbms, sfile, **variables):
for _ in re.findall(r"%RANDINT\d+%", retVal, re.I): for _ in re.findall(r"%RANDINT\d+%", retVal, re.I):
retVal = retVal.replace(_, randomInt()) retVal = retVal.replace(_, randomInt())
_ = re.search(r"%(\w+)%", retVal, re.I) _ = re.findall(r"%(\w+)%", retVal, re.I)
if _: if _:
errMsg = "unresolved variable '%s' in SQL file '%s'" % (_.group(1), sfile) errMsg = "unresolved variable%s '%s' in SQL file '%s'" % ("s" if len(_) > 1 else "", ", ".join(_), sfile)
raise sqlmapGenericException, errMsg raise sqlmapGenericException, errMsg
return retVal return retVal

2
lib/core/option.py
View File

@ -799,7 +799,7 @@ def __setTamperingFunctions():
try: try:
module = __import__(filename[:-3]) module = __import__(filename[:-3])
except ImportError, msg: except ImportError, msg:
raise sqlmapSyntaxException, "can not import tamper script '%s' (%s)" % (filename[:-3], msg) raise sqlmapSyntaxException, "cannot import tamper script '%s' (%s)" % (filename[:-3], msg)
priority = PRIORITY.NORMAL if not hasattr(module, '__priority__') else module.__priority__ priority = PRIORITY.NORMAL if not hasattr(module, '__priority__') else module.__priority__

8
plugins/generic/enumeration.py
View File

@ -62,6 +62,7 @@ from lib.core.settings import CONCAT_VALUE_DELIMITER
from lib.core.settings import CURRENT_DB from lib.core.settings import CURRENT_DB
from lib.core.settings import MAX_INT from lib.core.settings import MAX_INT
from lib.core.settings import NULL from lib.core.settings import NULL
from lib.core.settings import PARAMETER_SPLITTING_REGEX
from lib.core.settings import SQL_STATEMENTS from lib.core.settings import SQL_STATEMENTS
from lib.core.shell import autoCompletion from lib.core.shell import autoCompletion
from lib.core.threads import getCurrentThreadData from lib.core.threads import getCurrentThreadData
@ -2476,4 +2477,9 @@ class Enumeration:
if not sfile: if not sfile:
continue continue
self.sqlQuery(getSQLSnippet(Backend.getDbms(), sfile)) queries = getSQLSnippet(Backend.getDbms(), sfile)
infoMsg = "executing SQL statements from file '%s'" % sfile
logger.info(infoMsg)
self.sqlQuery(queries)