sqlmapproject/sqlmap
1
1
Fork 0
mirror of https://github.com/sqlmapproject/sqlmap.git synced 2024-11-25 19:13:48 +03:00
Code Issues Packages Projects Releases Wiki Activity

fix for --union-use with --error-test

Browse Source
This commit is contained in:
Miroslav Stampar 2010-10-25 12:25:29 +00:00
parent 71543092b7
commit 32728d14b7
6 changed files with 19 additions and 19 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

4
lib/request/inject.py
View File

@ -355,7 +355,7 @@ def getValue(expression, blind=True, inband=True, error=True, fromUser=False, ex
value = errorUse(expression) value = errorUse(expression)
if not value: if not value:
warnMsg = "for some reasons it was not possible to retrieve " warnMsg = "for some reason(s) it was not possible to retrieve "
warnMsg += "the query output through error SQL injection " warnMsg += "the query output through error SQL injection "
warnMsg += "technique, sqlmap is going %s" % ("inband" if inband and kb.unionPosition else "blind") warnMsg += "technique, sqlmap is going %s" % ("inband" if inband and kb.unionPosition else "blind")
logger.warn(warnMsg) logger.warn(warnMsg)
@ -364,7 +364,7 @@ def getValue(expression, blind=True, inband=True, error=True, fromUser=False, ex
value = __goInband(expression, expected, sort, resumeValue, unpack, dump) value = __goInband(expression, expected, sort, resumeValue, unpack, dump)
if not value: if not value:
warnMsg = "for some reasons it was not possible to retrieve " warnMsg = "for some reason(s) it was not possible to retrieve "
warnMsg += "the query output through inband SQL injection " warnMsg += "the query output through inband SQL injection "
warnMsg += "technique, sqlmap is going blind" warnMsg += "technique, sqlmap is going blind"
logger.warn(warnMsg) logger.warn(warnMsg)

6
plugins/dbms/mssqlserver/enumeration.py
View File

@ -57,7 +57,7 @@ class Enumeration(GenericEnumeration):
continue continue
query = rootQuery.inband.query % db query = rootQuery.inband.query % db
value = inject.getValue(query, blind=False) value = inject.getValue(query, blind=False, error=False)
if value: if value:
kb.data.cachedTables[db] = value kb.data.cachedTables[db] = value
@ -141,7 +141,7 @@ class Enumeration(GenericEnumeration):
if kb.unionPosition or conf.direct: if kb.unionPosition or conf.direct:
query = rootQuery["inband"]["query"] % db query = rootQuery["inband"]["query"] % db
query += tblQuery query += tblQuery
values = inject.getValue(query, blind=False) values = inject.getValue(query, blind=False, error=False)
if values: if values:
if isinstance(values, basestring): if isinstance(values, basestring):
@ -226,7 +226,7 @@ class Enumeration(GenericEnumeration):
if kb.unionPosition or conf.direct: if kb.unionPosition or conf.direct:
query = rootQuery["inband"]["query"] % (db, db, db, db, db) query = rootQuery["inband"]["query"] % (db, db, db, db, db)
query += " AND %s" % colQuery.replace("[DB]", db) query += " AND %s" % colQuery.replace("[DB]", db)
values = inject.getValue(query, blind=False) values = inject.getValue(query, blind=False, error=False)
if values: if values:
if isinstance(values, basestring): if isinstance(values, basestring):

2
plugins/dbms/mssqlserver/filesystem.py
View File

@ -93,7 +93,7 @@ class Filesystem(GenericFilesystem):
inject.goStacked(binToHexQuery) inject.goStacked(binToHexQuery)
if kb.unionPosition: if kb.unionPosition:
result = inject.getValue("SELECT %s FROM %s ORDER BY id ASC" % (self.tblField, hexTbl), sort=False, resumeValue=False, blind=False) result = inject.getValue("SELECT %s FROM %s ORDER BY id ASC" % (self.tblField, hexTbl), sort=False, resumeValue=False, blind=False, error=False)
if not result: if not result:
result = [] result = []

4
plugins/dbms/oracle/enumeration.py
View File

@ -49,7 +49,7 @@ class Enumeration(GenericEnumeration):
query += " WHERE " query += " WHERE "
query += " OR ".join("%s = '%s'" % (condition, user) for user in users) query += " OR ".join("%s = '%s'" % (condition, user) for user in users)
values = inject.getValue(query, blind=False) values = inject.getValue(query, blind=False, error=False)
if not values and not query2: if not values and not query2:
infoMsg = "trying with table USER_ROLE_PRIVS" infoMsg = "trying with table USER_ROLE_PRIVS"
@ -199,7 +199,7 @@ class Enumeration(GenericEnumeration):
if kb.unionPosition or conf.direct: if kb.unionPosition or conf.direct:
query = rootQuery.inband.query query = rootQuery.inband.query
query += colQuery query += colQuery
values = inject.getValue(query, blind=False) values = inject.getValue(query, blind=False, error=False)
if values: if values:
if isinstance(values, basestring): if isinstance(values, basestring):

20
plugins/generic/enumeration.py
View File

@ -139,7 +139,7 @@ class Enumeration:
query = rootQuery.inband.query2 query = rootQuery.inband.query2
else: else:
query = rootQuery.inband.query query = rootQuery.inband.query
value = inject.getValue(query, blind=False) value = inject.getValue(query, blind=False, error=False)
if value: if value:
kb.data.cachedUsers = value kb.data.cachedUsers = value
@ -213,7 +213,7 @@ class Enumeration:
query += " WHERE %s = '%s'" % (condition, conf.user) query += " WHERE %s = '%s'" % (condition, conf.user)
value = inject.getValue(query, blind=False) value = inject.getValue(query, blind=False, error=False)
if value: if value:
for user, password in value: for user, password in value:
@ -410,7 +410,7 @@ class Enumeration:
else: else:
query += " OR ".join("%s = '%s'" % (condition, user) for user in users) query += " OR ".join("%s = '%s'" % (condition, user) for user in users)
values = inject.getValue(query, blind=False) values = inject.getValue(query, blind=False, error=False)
if not values and kb.dbms == "Oracle" and not query2: if not values and kb.dbms == "Oracle" and not query2:
infoMsg = "trying with table USER_SYS_PRIVS" infoMsg = "trying with table USER_SYS_PRIVS"
@ -639,7 +639,7 @@ class Enumeration:
query = rootQuery.inband.query2 query = rootQuery.inband.query2
else: else:
query = rootQuery.inband.query query = rootQuery.inband.query
value = inject.getValue(query, blind=False) value = inject.getValue(query, blind=False, error=False)
if value: if value:
kb.data.cachedDbs = value kb.data.cachedDbs = value
@ -718,7 +718,7 @@ class Enumeration:
infoMsg = "skipping system databases '%s'" % ", ".join(db for db in self.excludeDbsList) infoMsg = "skipping system databases '%s'" % ", ".join(db for db in self.excludeDbsList)
logger.info(infoMsg) logger.info(infoMsg)
value = inject.getValue(query, blind=False) value = inject.getValue(query, blind=False, error=False)
if value: if value:
if kb.dbms == "SQLite": if kb.dbms == "SQLite":
@ -913,7 +913,7 @@ class Enumeration:
elif kb.dbms == "SQLite": elif kb.dbms == "SQLite":
query = rootQuery.inband.query % conf.tbl query = rootQuery.inband.query % conf.tbl
value = inject.getValue(query, blind=False) value = inject.getValue(query, blind=False, error=False)
if value: if value:
table = {} table = {}
@ -1083,7 +1083,7 @@ class Enumeration:
query = rootQuery.inband.query % (colString, conf.tbl) query = rootQuery.inband.query % (colString, conf.tbl)
else: else:
query = rootQuery.inband.query % (colString, conf.db, conf.tbl) query = rootQuery.inband.query % (colString, conf.db, conf.tbl)
entries = inject.getValue(query, blind=False, dump=True) entries = inject.getValue(query, blind=False, error=False, dump=True)
if entries: if entries:
if isinstance(entries, basestring): if isinstance(entries, basestring):
@ -1341,7 +1341,7 @@ class Enumeration:
query = rootQuery.inband.query query = rootQuery.inband.query
query += dbQuery query += dbQuery
query += exclDbsQuery query += exclDbsQuery
values = inject.getValue(query, blind=False) values = inject.getValue(query, blind=False, error=False)
if values: if values:
if isinstance(values, basestring): if isinstance(values, basestring):
@ -1426,7 +1426,7 @@ class Enumeration:
query = rootQuery.inband.query query = rootQuery.inband.query
query += tblQuery query += tblQuery
query += exclDbsQuery query += exclDbsQuery
values = inject.getValue(query, blind=False) values = inject.getValue(query, blind=False, error=False)
if values: if values:
if isinstance(values, basestring): if isinstance(values, basestring):
@ -1547,7 +1547,7 @@ class Enumeration:
query = rootQuery.inband.query query = rootQuery.inband.query
query += colQuery query += colQuery
query += exclDbsQuery query += exclDbsQuery
values = inject.getValue(query, blind=False) values = inject.getValue(query, blind=False, error=False)
if values: if values:
if isinstance(values, basestring): if isinstance(values, basestring):

2
plugins/generic/filesystem.py
View File

@ -38,7 +38,7 @@ class Filesystem:
def __unhexString(self, hexStr): def __unhexString(self, hexStr):
if len(hexStr) % 2 != 0: if len(hexStr) % 2 != 0:
errMsg = "for some reasons sqlmap retrieved an odd-length " errMsg = "for some reason(s) sqlmap retrieved an odd-length "
errMsg += "hexadecimal string which it is not able to convert " errMsg += "hexadecimal string which it is not able to convert "
errMsg += "to raw string" errMsg += "to raw string"
logger.error(errMsg) logger.error(errMsg)