mirror of
https://github.com/sqlmapproject/sqlmap.git
synced 2024-11-25 11:03:47 +03:00
fix for --union-use with --error-test
This commit is contained in:
Miroslav Stampar
parent
71543092b7
commit
32728d14b7
|
|
@ -355,7 +355,7 @@ def getValue(expression, blind=True, inband=True, error=True, fromUser=False, ex
|
|||
value = errorUse(expression)
|
||||
|
||||
if not value:
|
||||
warnMsg = "for some reasons it was not possible to retrieve "
|
||||
warnMsg = "for some reason(s) it was not possible to retrieve "
|
||||
warnMsg += "the query output through error SQL injection "
|
||||
warnMsg += "technique, sqlmap is going %s" % ("inband" if inband and kb.unionPosition else "blind")
|
||||
logger.warn(warnMsg)
|
||||
|
|
@ -364,7 +364,7 @@ def getValue(expression, blind=True, inband=True, error=True, fromUser=False, ex
|
|||
value = __goInband(expression, expected, sort, resumeValue, unpack, dump)
|
||||
|
||||
if not value:
|
||||
warnMsg = "for some reasons it was not possible to retrieve "
|
||||
warnMsg = "for some reason(s) it was not possible to retrieve "
|
||||
warnMsg += "the query output through inband SQL injection "
|
||||
warnMsg += "technique, sqlmap is going blind"
|
||||
logger.warn(warnMsg)
|
||||
|
|
|
|||
|
|
@ -57,7 +57,7 @@ class Enumeration(GenericEnumeration):
|
|||
continue
|
||||
|
||||
query = rootQuery.inband.query % db
|
||||
value = inject.getValue(query, blind=False)
|
||||
value = inject.getValue(query, blind=False, error=False)
|
||||
|
||||
if value:
|
||||
kb.data.cachedTables[db] = value
|
||||
|
|
@ -141,7 +141,7 @@ class Enumeration(GenericEnumeration):
|
|||
if kb.unionPosition or conf.direct:
|
||||
query = rootQuery["inband"]["query"] % db
|
||||
query += tblQuery
|
||||
values = inject.getValue(query, blind=False)
|
||||
values = inject.getValue(query, blind=False, error=False)
|
||||
|
||||
if values:
|
||||
if isinstance(values, basestring):
|
||||
|
|
@ -226,7 +226,7 @@ class Enumeration(GenericEnumeration):
|
|||
if kb.unionPosition or conf.direct:
|
||||
query = rootQuery["inband"]["query"] % (db, db, db, db, db)
|
||||
query += " AND %s" % colQuery.replace("[DB]", db)
|
||||
values = inject.getValue(query, blind=False)
|
||||
values = inject.getValue(query, blind=False, error=False)
|
||||
|
||||
if values:
|
||||
if isinstance(values, basestring):
|
||||
|
|
|
|||
|
|
@ -93,7 +93,7 @@ class Filesystem(GenericFilesystem):
|
|||
inject.goStacked(binToHexQuery)
|
||||
|
||||
if kb.unionPosition:
|
||||
result = inject.getValue("SELECT %s FROM %s ORDER BY id ASC" % (self.tblField, hexTbl), sort=False, resumeValue=False, blind=False)
|
||||
result = inject.getValue("SELECT %s FROM %s ORDER BY id ASC" % (self.tblField, hexTbl), sort=False, resumeValue=False, blind=False, error=False)
|
||||
|
||||
if not result:
|
||||
result = []
|
||||
|
|
|
|||
|
|
@ -49,7 +49,7 @@ class Enumeration(GenericEnumeration):
|
|||
query += " WHERE "
|
||||
query += " OR ".join("%s = '%s'" % (condition, user) for user in users)
|
||||
|
||||
values = inject.getValue(query, blind=False)
|
||||
values = inject.getValue(query, blind=False, error=False)
|
||||
|
||||
if not values and not query2:
|
||||
infoMsg = "trying with table USER_ROLE_PRIVS"
|
||||
|
|
@ -199,7 +199,7 @@ class Enumeration(GenericEnumeration):
|
|||
if kb.unionPosition or conf.direct:
|
||||
query = rootQuery.inband.query
|
||||
query += colQuery
|
||||
values = inject.getValue(query, blind=False)
|
||||
values = inject.getValue(query, blind=False, error=False)
|
||||
|
||||
if values:
|
||||
if isinstance(values, basestring):
|
||||
|
|
|
|||
|
|
@ -139,7 +139,7 @@ class Enumeration:
|
|||
query = rootQuery.inband.query2
|
||||
else:
|
||||
query = rootQuery.inband.query
|
||||
value = inject.getValue(query, blind=False)
|
||||
value = inject.getValue(query, blind=False, error=False)
|
||||
|
||||
if value:
|
||||
kb.data.cachedUsers = value
|
||||
|
|
@ -213,7 +213,7 @@ class Enumeration:
|
|||
|
||||
query += " WHERE %s = '%s'" % (condition, conf.user)
|
||||
|
||||
value = inject.getValue(query, blind=False)
|
||||
value = inject.getValue(query, blind=False, error=False)
|
||||
|
||||
if value:
|
||||
for user, password in value:
|
||||
|
|
@ -410,7 +410,7 @@ class Enumeration:
|
|||
else:
|
||||
query += " OR ".join("%s = '%s'" % (condition, user) for user in users)
|
||||
|
||||
values = inject.getValue(query, blind=False)
|
||||
values = inject.getValue(query, blind=False, error=False)
|
||||
|
||||
if not values and kb.dbms == "Oracle" and not query2:
|
||||
infoMsg = "trying with table USER_SYS_PRIVS"
|
||||
|
|
@ -639,7 +639,7 @@ class Enumeration:
|
|||
query = rootQuery.inband.query2
|
||||
else:
|
||||
query = rootQuery.inband.query
|
||||
value = inject.getValue(query, blind=False)
|
||||
value = inject.getValue(query, blind=False, error=False)
|
||||
|
||||
if value:
|
||||
kb.data.cachedDbs = value
|
||||
|
|
@ -718,7 +718,7 @@ class Enumeration:
|
|||
infoMsg = "skipping system databases '%s'" % ", ".join(db for db in self.excludeDbsList)
|
||||
logger.info(infoMsg)
|
||||
|
||||
value = inject.getValue(query, blind=False)
|
||||
value = inject.getValue(query, blind=False, error=False)
|
||||
|
||||
if value:
|
||||
if kb.dbms == "SQLite":
|
||||
|
|
@ -913,7 +913,7 @@ class Enumeration:
|
|||
elif kb.dbms == "SQLite":
|
||||
query = rootQuery.inband.query % conf.tbl
|
||||
|
||||
value = inject.getValue(query, blind=False)
|
||||
value = inject.getValue(query, blind=False, error=False)
|
||||
|
||||
if value:
|
||||
table = {}
|
||||
|
|
@ -1083,7 +1083,7 @@ class Enumeration:
|
|||
query = rootQuery.inband.query % (colString, conf.tbl)
|
||||
else:
|
||||
query = rootQuery.inband.query % (colString, conf.db, conf.tbl)
|
||||
entries = inject.getValue(query, blind=False, dump=True)
|
||||
entries = inject.getValue(query, blind=False, error=False, dump=True)
|
||||
|
||||
if entries:
|
||||
if isinstance(entries, basestring):
|
||||
|
|
@ -1341,7 +1341,7 @@ class Enumeration:
|
|||
query = rootQuery.inband.query
|
||||
query += dbQuery
|
||||
query += exclDbsQuery
|
||||
values = inject.getValue(query, blind=False)
|
||||
values = inject.getValue(query, blind=False, error=False)
|
||||
|
||||
if values:
|
||||
if isinstance(values, basestring):
|
||||
|
|
@ -1426,7 +1426,7 @@ class Enumeration:
|
|||
query = rootQuery.inband.query
|
||||
query += tblQuery
|
||||
query += exclDbsQuery
|
||||
values = inject.getValue(query, blind=False)
|
||||
values = inject.getValue(query, blind=False, error=False)
|
||||
|
||||
if values:
|
||||
if isinstance(values, basestring):
|
||||
|
|
@ -1547,7 +1547,7 @@ class Enumeration:
|
|||
query = rootQuery.inband.query
|
||||
query += colQuery
|
||||
query += exclDbsQuery
|
||||
values = inject.getValue(query, blind=False)
|
||||
values = inject.getValue(query, blind=False, error=False)
|
||||
|
||||
if values:
|
||||
if isinstance(values, basestring):
|
||||
|
|
|
|||
|
|
@ -38,7 +38,7 @@ class Filesystem:
|
|||
|
||||
def __unhexString(self, hexStr):
|
||||
if len(hexStr) % 2 != 0:
|
||||
errMsg = "for some reasons sqlmap retrieved an odd-length "
|
||||
errMsg = "for some reason(s) sqlmap retrieved an odd-length "
|
||||
errMsg += "hexadecimal string which it is not able to convert "
|
||||
errMsg += "to raw string"
|
||||
logger.error(errMsg)
|
||||
|
|
|
|||
Loading…
Reference in New Issue
Block a user