mirror of
				https://github.com/sqlmapproject/sqlmap.git
				synced 2025-10-25 13:11:00 +03:00 
			
		
		
		
	getPageTextWordsSet on tableExists is pretty powerful stuff
This commit is contained in:
		
							parent
							
								
									9853c1ec7f
								
							
						
					
					
						commit
						272476773f
					
				|  | @ -13,6 +13,7 @@ import time | |||
| from lib.core.common import clearConsoleLine | ||||
| from lib.core.common import dataToStdout | ||||
| from lib.core.common import getFileItems | ||||
| from lib.core.common import getPageTextWordsSet | ||||
| from lib.core.common import popValue | ||||
| from lib.core.common import pushValue | ||||
| from lib.core.common import randomInt | ||||
|  | @ -21,14 +22,24 @@ from lib.core.data import conf | |||
| from lib.core.data import kb | ||||
| from lib.core.data import logger | ||||
| from lib.core.exception import sqlmapMissingMandatoryOptionException | ||||
| from lib.core.exception import sqlmapThreadException | ||||
| from lib.core.settings import METADB_SUFFIX | ||||
| from lib.request import inject | ||||
| 
 | ||||
| def tableExists(tableFile): | ||||
|     tables = getFileItems(tableFile) | ||||
|     tableSet = set(tables) | ||||
|     retVal = [] | ||||
|     infoMsg = "checking table existence using items from '%s'" % tableFile | ||||
|     logger.info(infoMsg) | ||||
|      | ||||
|     infoMsg = "adding words used on web page to check list" | ||||
|     logger.info(infoMsg) | ||||
|     pageWords = getPageTextWordsSet(kb.originalPage) | ||||
|     for word in pageWords: | ||||
|         word = word.lower() | ||||
|         if len(word) > 1 and not word[0].isdigit() and word not in tableSet: | ||||
|             tables.append(word) | ||||
| 
 | ||||
|     count = [0] | ||||
|     length = len(tables) | ||||
|  |  | |||
|  | @ -359,7 +359,7 @@ | |||
|         <tables/> | ||||
|         <dump_table> | ||||
|             <inband query="SELECT %s FROM %s"/> | ||||
|             <blind query="SELECT MIN(%s) FROM %s WHERE CVAR(%s) > '%s'" query2="SELECT %s FROM %s WHERE %s = '%s'" count="SELECT COUNT(*) FROM %s"/> | ||||
|             <blind query="SELECT MIN(%s) FROM %s WHERE CVAR(%s) > '%s'" query2="SELECT TOP 1 %s FROM %s WHERE %s LIKE '%s'" count="SELECT COUNT(*) FROM %s"/> | ||||
|         </dump_table> | ||||
|    </dbms> | ||||
| 
 | ||||
|  |  | |||
		Loading…
	
		Reference in New Issue
	
	Block a user