From 32728d14b77c7c46f556c17cd747ef1253ae4cc2 Mon Sep 17 00:00:00 2001 From: Miroslav Stampar Date: Mon, 25 Oct 2010 12:25:29 +0000 Subject: [PATCH] fix for --union-use with --error-test --- lib/request/inject.py | 4 ++-- plugins/dbms/mssqlserver/enumeration.py | 6 +++--- plugins/dbms/mssqlserver/filesystem.py | 2 +- plugins/dbms/oracle/enumeration.py | 4 ++-- plugins/generic/enumeration.py | 20 ++++++++++---------- plugins/generic/filesystem.py | 2 +- 6 files changed, 19 insertions(+), 19 deletions(-) diff --git a/lib/request/inject.py b/lib/request/inject.py index 400384864..f8faf0dac 100644 --- a/lib/request/inject.py +++ b/lib/request/inject.py @@ -355,7 +355,7 @@ def getValue(expression, blind=True, inband=True, error=True, fromUser=False, ex value = errorUse(expression) if not value: - warnMsg = "for some reasons it was not possible to retrieve " + warnMsg = "for some reason(s) it was not possible to retrieve " warnMsg += "the query output through error SQL injection " warnMsg += "technique, sqlmap is going %s" % ("inband" if inband and kb.unionPosition else "blind") logger.warn(warnMsg) @@ -364,7 +364,7 @@ def getValue(expression, blind=True, inband=True, error=True, fromUser=False, ex value = __goInband(expression, expected, sort, resumeValue, unpack, dump) if not value: - warnMsg = "for some reasons it was not possible to retrieve " + warnMsg = "for some reason(s) it was not possible to retrieve " warnMsg += "the query output through inband SQL injection " warnMsg += "technique, sqlmap is going blind" logger.warn(warnMsg) diff --git a/plugins/dbms/mssqlserver/enumeration.py b/plugins/dbms/mssqlserver/enumeration.py index 1c30663d2..368dd7090 100644 --- a/plugins/dbms/mssqlserver/enumeration.py +++ b/plugins/dbms/mssqlserver/enumeration.py @@ -57,7 +57,7 @@ class Enumeration(GenericEnumeration): continue query = rootQuery.inband.query % db - value = inject.getValue(query, blind=False) + value = inject.getValue(query, blind=False, error=False) if value: kb.data.cachedTables[db] = value @@ -141,7 +141,7 @@ class Enumeration(GenericEnumeration): if kb.unionPosition or conf.direct: query = rootQuery["inband"]["query"] % db query += tblQuery - values = inject.getValue(query, blind=False) + values = inject.getValue(query, blind=False, error=False) if values: if isinstance(values, basestring): @@ -226,7 +226,7 @@ class Enumeration(GenericEnumeration): if kb.unionPosition or conf.direct: query = rootQuery["inband"]["query"] % (db, db, db, db, db) query += " AND %s" % colQuery.replace("[DB]", db) - values = inject.getValue(query, blind=False) + values = inject.getValue(query, blind=False, error=False) if values: if isinstance(values, basestring): diff --git a/plugins/dbms/mssqlserver/filesystem.py b/plugins/dbms/mssqlserver/filesystem.py index 6feeb30c2..272feedb2 100644 --- a/plugins/dbms/mssqlserver/filesystem.py +++ b/plugins/dbms/mssqlserver/filesystem.py @@ -93,7 +93,7 @@ class Filesystem(GenericFilesystem): inject.goStacked(binToHexQuery) if kb.unionPosition: - result = inject.getValue("SELECT %s FROM %s ORDER BY id ASC" % (self.tblField, hexTbl), sort=False, resumeValue=False, blind=False) + result = inject.getValue("SELECT %s FROM %s ORDER BY id ASC" % (self.tblField, hexTbl), sort=False, resumeValue=False, blind=False, error=False) if not result: result = [] diff --git a/plugins/dbms/oracle/enumeration.py b/plugins/dbms/oracle/enumeration.py index 8af5d42e3..ff502b688 100644 --- a/plugins/dbms/oracle/enumeration.py +++ b/plugins/dbms/oracle/enumeration.py @@ -49,7 +49,7 @@ class Enumeration(GenericEnumeration): query += " WHERE " query += " OR ".join("%s = '%s'" % (condition, user) for user in users) - values = inject.getValue(query, blind=False) + values = inject.getValue(query, blind=False, error=False) if not values and not query2: infoMsg = "trying with table USER_ROLE_PRIVS" @@ -199,7 +199,7 @@ class Enumeration(GenericEnumeration): if kb.unionPosition or conf.direct: query = rootQuery.inband.query query += colQuery - values = inject.getValue(query, blind=False) + values = inject.getValue(query, blind=False, error=False) if values: if isinstance(values, basestring): diff --git a/plugins/generic/enumeration.py b/plugins/generic/enumeration.py index ad740acd6..5e644bd80 100644 --- a/plugins/generic/enumeration.py +++ b/plugins/generic/enumeration.py @@ -139,7 +139,7 @@ class Enumeration: query = rootQuery.inband.query2 else: query = rootQuery.inband.query - value = inject.getValue(query, blind=False) + value = inject.getValue(query, blind=False, error=False) if value: kb.data.cachedUsers = value @@ -213,7 +213,7 @@ class Enumeration: query += " WHERE %s = '%s'" % (condition, conf.user) - value = inject.getValue(query, blind=False) + value = inject.getValue(query, blind=False, error=False) if value: for user, password in value: @@ -410,7 +410,7 @@ class Enumeration: else: query += " OR ".join("%s = '%s'" % (condition, user) for user in users) - values = inject.getValue(query, blind=False) + values = inject.getValue(query, blind=False, error=False) if not values and kb.dbms == "Oracle" and not query2: infoMsg = "trying with table USER_SYS_PRIVS" @@ -639,7 +639,7 @@ class Enumeration: query = rootQuery.inband.query2 else: query = rootQuery.inband.query - value = inject.getValue(query, blind=False) + value = inject.getValue(query, blind=False, error=False) if value: kb.data.cachedDbs = value @@ -718,7 +718,7 @@ class Enumeration: infoMsg = "skipping system databases '%s'" % ", ".join(db for db in self.excludeDbsList) logger.info(infoMsg) - value = inject.getValue(query, blind=False) + value = inject.getValue(query, blind=False, error=False) if value: if kb.dbms == "SQLite": @@ -913,7 +913,7 @@ class Enumeration: elif kb.dbms == "SQLite": query = rootQuery.inband.query % conf.tbl - value = inject.getValue(query, blind=False) + value = inject.getValue(query, blind=False, error=False) if value: table = {} @@ -1083,7 +1083,7 @@ class Enumeration: query = rootQuery.inband.query % (colString, conf.tbl) else: query = rootQuery.inband.query % (colString, conf.db, conf.tbl) - entries = inject.getValue(query, blind=False, dump=True) + entries = inject.getValue(query, blind=False, error=False, dump=True) if entries: if isinstance(entries, basestring): @@ -1341,7 +1341,7 @@ class Enumeration: query = rootQuery.inband.query query += dbQuery query += exclDbsQuery - values = inject.getValue(query, blind=False) + values = inject.getValue(query, blind=False, error=False) if values: if isinstance(values, basestring): @@ -1426,7 +1426,7 @@ class Enumeration: query = rootQuery.inband.query query += tblQuery query += exclDbsQuery - values = inject.getValue(query, blind=False) + values = inject.getValue(query, blind=False, error=False) if values: if isinstance(values, basestring): @@ -1547,7 +1547,7 @@ class Enumeration: query = rootQuery.inband.query query += colQuery query += exclDbsQuery - values = inject.getValue(query, blind=False) + values = inject.getValue(query, blind=False, error=False) if values: if isinstance(values, basestring): diff --git a/plugins/generic/filesystem.py b/plugins/generic/filesystem.py index b43f9dcb9..ca0067b38 100644 --- a/plugins/generic/filesystem.py +++ b/plugins/generic/filesystem.py @@ -38,7 +38,7 @@ class Filesystem: def __unhexString(self, hexStr): if len(hexStr) % 2 != 0: - errMsg = "for some reasons sqlmap retrieved an odd-length " + errMsg = "for some reason(s) sqlmap retrieved an odd-length " errMsg += "hexadecimal string which it is not able to convert " errMsg += "to raw string" logger.error(errMsg)