mirror of
https://github.com/sqlmapproject/sqlmap.git
synced 2024-11-26 03:23:48 +03:00
Update for Issue #55 (falling back to SELECT DB_NAME(N))
This commit is contained in:
parent
bbf41f6658
commit
27fdccc858
|
@ -36,9 +36,9 @@ class Enumeration(GenericEnumeration):
|
||||||
query = rootQuery.inband.query
|
query = rootQuery.inband.query
|
||||||
|
|
||||||
if any(isTechniqueAvailable(_) for _ in (PAYLOAD.TECHNIQUE.UNION, PAYLOAD.TECHNIQUE.ERROR)) or conf.direct:
|
if any(isTechniqueAvailable(_) for _ in (PAYLOAD.TECHNIQUE.UNION, PAYLOAD.TECHNIQUE.ERROR)) or conf.direct:
|
||||||
blinds = [False, True]
|
blinds = (False, True)
|
||||||
else:
|
else:
|
||||||
blinds = [True]
|
blinds = (True,)
|
||||||
|
|
||||||
for blind in blinds:
|
for blind in blinds:
|
||||||
retVal = self.__pivotDumpTable("(%s) AS %s" % (query, randStr), ['%s.name' % randStr], blind=blind)
|
retVal = self.__pivotDumpTable("(%s) AS %s" % (query, randStr), ['%s.name' % randStr], blind=blind)
|
||||||
|
|
|
@ -764,6 +764,26 @@ class Enumeration:
|
||||||
if db:
|
if db:
|
||||||
kb.data.cachedDbs.append(safeSQLIdentificatorNaming(db))
|
kb.data.cachedDbs.append(safeSQLIdentificatorNaming(db))
|
||||||
|
|
||||||
|
if not kb.data.cachedDbs and Backend.isDbms(DBMS.MSSQL):
|
||||||
|
if any(isTechniqueAvailable(_) for _ in (PAYLOAD.TECHNIQUE.UNION, PAYLOAD.TECHNIQUE.ERROR)) or conf.direct:
|
||||||
|
blinds = (False, True)
|
||||||
|
else:
|
||||||
|
blinds = (True,)
|
||||||
|
|
||||||
|
for blind in blinds:
|
||||||
|
count = 0
|
||||||
|
kb.data.cachedDbs = []
|
||||||
|
while True:
|
||||||
|
query = rootQuery.inband.query2 % count
|
||||||
|
value = inject.getValue(query, blind=blind)
|
||||||
|
if not value:
|
||||||
|
break
|
||||||
|
else:
|
||||||
|
kb.data.cachedDbs.append(unArrayizeValue(value))
|
||||||
|
count += 1
|
||||||
|
if kb.data.cachedDbs:
|
||||||
|
break
|
||||||
|
|
||||||
if not kb.data.cachedDbs:
|
if not kb.data.cachedDbs:
|
||||||
infoMsg = "falling back to current database"
|
infoMsg = "falling back to current database"
|
||||||
logger.info(infoMsg)
|
logger.info(infoMsg)
|
||||||
|
|
|
@ -183,7 +183,7 @@
|
||||||
<privileges/>
|
<privileges/>
|
||||||
<roles/>
|
<roles/>
|
||||||
<dbs>
|
<dbs>
|
||||||
<inband query="SELECT name FROM master..sysdatabases"/>
|
<inband query="SELECT name FROM master..sysdatabases" query2="SELECT DB_NAME(%d)"/>
|
||||||
<blind query="SELECT TOP 1 name FROM master..sysdatabases WHERE name NOT IN (SELECT TOP %d name FROM master..sysdatabases ORDER BY name) ORDER BY name" count="SELECT LTRIM(STR(COUNT(name))) FROM master..sysdatabases"/>
|
<blind query="SELECT TOP 1 name FROM master..sysdatabases WHERE name NOT IN (SELECT TOP %d name FROM master..sysdatabases ORDER BY name) ORDER BY name" count="SELECT LTRIM(STR(COUNT(name))) FROM master..sysdatabases"/>
|
||||||
</dbs>
|
</dbs>
|
||||||
<tables>
|
<tables>
|
||||||
|
|
Loading…
Reference in New Issue
Block a user