sqlmapproject/sqlmap
1
1
Fork 0
mirror of https://github.com/sqlmapproject/sqlmap.git synced 2024-11-22 09:36:35 +03:00
Code Issues Packages Projects Releases Wiki Activity

Use getPageTextWordsSet() also in --common-columns

Browse Source
This commit is contained in:
Bernardo Damele 2011-06-18 12:30:26 +00:00
parent 6b2f44de14
commit 28ef61b997
1 changed files with 17 additions and 11 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

28
lib/techniques/brute/use.py
View File

@ -36,11 +36,8 @@ from lib.core.threads import getCurrentThreadData
from lib.core.threads import runThreads
from lib.request import inject
def tableExists(tableFile, regex=None):
tables = getFileItems(tableFile, lowercase=Backend.getIdentifiedDbms() in (DBMS.ACCESS), unique=True)
infoMsg = "checking table existence using items from '%s'" % tableFile
logger.info(infoMsg)
def __addPageTextWords():
wordsList = []
infoMsg = "adding words used on web page to the check list"
logger.info(infoMsg)
@ -49,9 +46,18 @@ def tableExists(tableFile, regex=None):
for word in pageWords:
word = word.lower()
if len(word) > 2 and not word[0].isdigit() and word not in tables:
tables.append(word)
if len(word) > 2 and not word[0].isdigit() and word not in wordsList:
wordsList.append(word)
return wordsList
def tableExists(tableFile, regex=None):
tables = getFileItems(tableFile, lowercase=Backend.getIdentifiedDbms() in (DBMS.ACCESS), unique=True)
infoMsg = "checking table existence using items from '%s'" % tableFile
logger.info(infoMsg)
tables.extend(__addPageTextWords())
tables = filterListValue(tables, regex)
threadData = getCurrentThreadData()
@ -84,7 +90,6 @@ def tableExists(tableFile, regex=None):
if result and table.lower() not in threadData.shared.unique:
threadData.shared.outputs.append(table)
threadData.shared.unique.add(table.lower())
dataToSessionFile("[%s][%s][%s][TABLE_EXISTS][%s]\n" % (conf.url,\
@ -130,7 +135,11 @@ def columnExists(columnFile, regex=None):
errMsg = "missing table parameter"
raise sqlmapMissingMandatoryOptionException, errMsg
infoMsg = "checking column existence using items from '%s'" % columnFile
logger.info(infoMsg)
columns = getFileItems(columnFile, unique=True)
columns.extend(__addPageTextWords())
columns = filterListValue(columns, regex)
if conf.db and METADB_SUFFIX not in conf.db:
@ -139,9 +148,6 @@ def columnExists(columnFile, regex=None):
table = conf.tbl
table = safeSQLIdentificatorNaming(table, True)
infoMsg = "checking column existence using items from '%s'" % columnFile
logger.info(infoMsg)
kb.threadContinue = True
kb.bruteMode = True