mirror of
				https://github.com/sqlmapproject/sqlmap.git
				synced 2025-10-25 21:21:03 +03:00 
			
		
		
		
	Minor patches
This commit is contained in:
		
							parent
							
								
									72f7caa23b
								
							
						
					
					
						commit
						33d8ce8923
					
				|  | @ -3565,14 +3565,16 @@ def safeSQLIdentificatorNaming(name, isTable=False): | |||
|             retVal = re.sub(r"(?i)\A%s\." % DEFAULT_MSSQL_SCHEMA, "", retVal) | ||||
| 
 | ||||
|         if retVal.upper() in kb.keywords or (retVal or " ")[0].isdigit() or not re.match(r"\A[A-Za-z0-9_@%s\$]+\Z" % ("." if _ else ""), retVal):  # MsSQL is the only DBMS where we automatically prepend schema to table name (dot is normal) | ||||
|             retVal = unsafeSQLIdentificatorNaming(retVal) | ||||
| 
 | ||||
|             if Backend.getIdentifiedDbms() in (DBMS.MYSQL, DBMS.ACCESS): | ||||
|                 retVal = "`%s`" % retVal.strip("`") | ||||
|                 retVal = "`%s`" % retVal | ||||
|             elif Backend.getIdentifiedDbms() in (DBMS.PGSQL, DBMS.DB2, DBMS.SQLITE, DBMS.INFORMIX, DBMS.HSQLDB): | ||||
|                 retVal = "\"%s\"" % retVal.strip("\"") | ||||
|                 retVal = "\"%s\"" % retVal | ||||
|             elif Backend.getIdentifiedDbms() in (DBMS.ORACLE,): | ||||
|                 retVal = "\"%s\"" % retVal.strip("\"").upper() | ||||
|                 retVal = "\"%s\"" % retVal.upper() | ||||
|             elif Backend.getIdentifiedDbms() in (DBMS.MSSQL, DBMS.SYBASE) and ((retVal or " ")[0].isdigit() or not re.match(r"\A\w+\Z", retVal, re.U)): | ||||
|                 retVal = "[%s]" % retVal.strip("[]") | ||||
|                 retVal = "[%s]" % retVal | ||||
| 
 | ||||
|         if _ and DEFAULT_MSSQL_SCHEMA not in retVal and '.' not in re.sub(r"\[[^]]+\]", "", retVal): | ||||
|             retVal = "%s.%s" % (DEFAULT_MSSQL_SCHEMA, retVal) | ||||
|  |  | |||
|  | @ -19,7 +19,7 @@ from lib.core.enums import DBMS_DIRECTORY_NAME | |||
| from lib.core.enums import OS | ||||
| 
 | ||||
| # sqlmap version (<major>.<minor>.<month>.<monthly commit>) | ||||
| VERSION = "1.1.11.31" | ||||
| VERSION = "1.1.11.32" | ||||
| TYPE = "dev" if VERSION.count('.') > 2 and VERSION.split('.')[-1] != '0' else "stable" | ||||
| TYPE_COLORS = {"dev": 33, "stable": 90, "pip": 34} | ||||
| VERSION_STRING = "sqlmap/%s#%s" % ('.'.join(VERSION.split('.')[:-1]) if VERSION.count('.') > 2 and VERSION.split('.')[-1] == '0' else VERSION, TYPE) | ||||
|  | @ -479,7 +479,7 @@ PICKLE_REDUCE_WHITELIST = (types.BooleanType, types.DictType, types.FloatType, t | |||
| DUMMY_SQL_INJECTION_CHARS = ";()'" | ||||
| 
 | ||||
| # Simple check against dummy users | ||||
| DUMMY_USER_INJECTION = r"(?i)[^\w](AND|OR)\s+[^\s]+[=><]|\bUNION\b.+\bSELECT\b|\bSELECT\b.+\bFROM\b|\b(CONCAT|information_schema|SLEEP|DELAY)\b" | ||||
| DUMMY_USER_INJECTION = r"(?i)[^\w](AND|OR)\s+[^\s]+[=><]|\bUNION\b.+\bSELECT\b|\bSELECT\b.+\bFROM\b|\b(CONCAT|information_schema|SLEEP|DELAY|FLOOR\(RAND)\b" | ||||
| 
 | ||||
| # Extensions skipped by crawler | ||||
| CRAWL_EXCLUDE_EXTENSIONS = ("3ds", "3g2", "3gp", "7z", "DS_Store", "a", "aac", "adp", "ai", "aif", "aiff", "apk", "ar", "asf", "au", "avi", "bak", "bin", "bk", "bmp", "btif", "bz2", "cab", "caf", "cgm", "cmx", "cpio", "cr2", "dat", "deb", "djvu", "dll", "dmg", "dmp", "dng", "doc", "docx", "dot", "dotx", "dra", "dsk", "dts", "dtshd", "dvb", "dwg", "dxf", "ear", "ecelp4800", "ecelp7470", "ecelp9600", "egg", "eol", "eot", "epub", "exe", "f4v", "fbs", "fh", "fla", "flac", "fli", "flv", "fpx", "fst", "fvt", "g3", "gif", "gz", "h261", "h263", "h264", "ico", "ief", "image", "img", "ipa", "iso", "jar", "jpeg", "jpg", "jpgv", "jpm", "jxr", "ktx", "lvp", "lz", "lzma", "lzo", "m3u", "m4a", "m4v", "mar", "mdi", "mid", "mj2", "mka", "mkv", "mmr", "mng", "mov", "movie", "mp3", "mp4", "mp4a", "mpeg", "mpg", "mpga", "mxu", "nef", "npx", "o", "oga", "ogg", "ogv", "otf", "pbm", "pcx", "pdf", "pea", "pgm", "pic", "png", "pnm", "ppm", "pps", "ppt", "pptx", "ps", "psd", "pya", "pyc", "pyo", "pyv", "qt", "rar", "ras", "raw", "rgb", "rip", "rlc", "rz", "s3m", "s7z", "scm", "scpt", "sgi", "shar", "sil", "smv", "so", "sub", "swf", "tar", "tbz2", "tga", "tgz", "tif", "tiff", "tlz", "ts", "ttf", "uvh", "uvi", "uvm", "uvp", "uvs", "uvu", "viv", "vob", "war", "wav", "wax", "wbmp", "wdp", "weba", "webm", "webp", "whl", "wm", "wma", "wmv", "wmx", "woff", "woff2", "wvx", "xbm", "xif", "xls", "xlsx", "xlt", "xm", "xpi", "xpm", "xwd", "xz", "z", "zip", "zipx") | ||||
|  |  | |||
|  | @ -27,7 +27,7 @@ d2cdb9e832e18a81e936ca3348144b16  lib/controller/handler.py | |||
| 5fb9aaf874daa47ea2b672a22740e56b  lib/controller/__init__.py | ||||
| fd69e56ce20a5a49ce10a7a745022378  lib/core/agent.py | ||||
| 8d9d771f7e67582c56a96a8d0ccbe4fc  lib/core/bigarray.py | ||||
| cafe808491a543b7838a3d33dbd7c2a1  lib/core/common.py | ||||
| 10bba585fc5fb525ffe3f7a2f67ab128  lib/core/common.py | ||||
| 54326d3a690f8b26fe5a5da1a589b369  lib/core/convert.py | ||||
| 90b1b08368ac8a859300e6fa6a8c796e  lib/core/data.py | ||||
| 1c14bdbf47b8dba31f73da9ad731a54a  lib/core/datatype.py | ||||
|  | @ -46,7 +46,7 @@ e1c000db9be27f973569b1a430629037  lib/core/option.py | |||
| 760d9df2a27ded29109b390ab202e72d  lib/core/replication.py | ||||
| a2466b62e67f8b31736bac4dac590e51  lib/core/revision.py | ||||
| 02d4762140a72fd44668d3dab5eabda9  lib/core/session.py | ||||
| 74e9355e0e0d3672b20cf87b7f94f8ce  lib/core/settings.py | ||||
| edbaf54b6459e379919d29c875fdece1  lib/core/settings.py | ||||
| 35bffbad762eb9e03db9e93b1c991103  lib/core/shell.py | ||||
| a59ec28371ae067a6fdd8f810edbee3d  lib/core/subprocessng.py | ||||
| d5a04d672a18f78deb2839c3745ff83c  lib/core/target.py | ||||
|  |  | |||
		Loading…
	
		Reference in New Issue
	
	Block a user