sqlmapproject/sqlmap
1
1
Fork 0
mirror of https://github.com/sqlmapproject/sqlmap.git synced 2024-11-25 19:13:48 +03:00
Code Issues Packages Projects Releases Wiki Activity

ported fix for issue #81 also to blind techniques

Browse Source
This commit is contained in:
Bernardo Damele 2012-07-21 00:20:32 +01:00
parent 3e21f3d07a
commit 34e77a8801
1 changed files with 14 additions and 5 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

19
plugins/dbms/mssqlserver/enumeration.py
View File

@ -261,6 +261,7 @@ class Enumeration(GenericEnumeration):
dbs = {} dbs = {}
whereTblsQuery = "" whereTblsQuery = ""
infoMsgTbl = "" infoMsgTbl = ""
infoMsgDb = ""
colList = conf.col.split(",") colList = conf.col.split(",")
origTbl = conf.tbl origTbl = conf.tbl
origDb = conf.db origDb = conf.db
@ -296,7 +297,16 @@ class Enumeration(GenericEnumeration):
whereTblsQuery = " AND (" + " OR ".join("%s = '%s'" % (tblCond, unsafeSQLIdentificatorNaming(tbl)) for tbl in _) + ")" whereTblsQuery = " AND (" + " OR ".join("%s = '%s'" % (tblCond, unsafeSQLIdentificatorNaming(tbl)) for tbl in _) + ")"
infoMsgTbl = " for table%s '%s'" % ("s" if len(_) > 1 else "", ", ".join(tbl for tbl in _)) infoMsgTbl = " for table%s '%s'" % ("s" if len(_) > 1 else "", ", ".join(tbl for tbl in _))
logger.info("%s%s" % (infoMsg, infoMsgTbl)) if conf.db and conf.db != CURRENT_DB:
_ = conf.db.split(",")
infoMsgDb = " in database%s '%s'" % ("s" if len(_) > 1 else "", ", ".join(db for db in _))
elif conf.excludeSysDbs:
infoMsg2 = "skipping system database%s '%s'" % ("s" if len(self.excludeDbsList) > 1 else "", ", ".join(db for db in self.excludeDbsList))
logger.info(infoMsg2)
else:
infoMsgDb = " across all databases"
logger.info("%s%s%s" % (infoMsg, infoMsgTbl, infoMsgDb))
colQuery = "%s%s" % (colCond, colCondParam) colQuery = "%s%s" % (colCond, colCondParam)
colQuery = colQuery % unsafeSQLIdentificatorNaming(column) colQuery = colQuery % unsafeSQLIdentificatorNaming(column)
@ -305,9 +315,6 @@ class Enumeration(GenericEnumeration):
db = safeSQLIdentificatorNaming(db) db = safeSQLIdentificatorNaming(db)
if conf.excludeSysDbs and db in self.excludeDbsList: if conf.excludeSysDbs and db in self.excludeDbsList:
infoMsg = "skipping system database '%s'" % db
logger.info(infoMsg)
continue continue
if any(isTechniqueAvailable(_) for _ in (PAYLOAD.TECHNIQUE.UNION, PAYLOAD.TECHNIQUE.ERROR)) or conf.direct: if any(isTechniqueAvailable(_) for _ in (PAYLOAD.TECHNIQUE.UNION, PAYLOAD.TECHNIQUE.ERROR)) or conf.direct:
@ -354,11 +361,12 @@ class Enumeration(GenericEnumeration):
if colConsider == "1": if colConsider == "1":
infoMsg += "s like" infoMsg += "s like"
infoMsg += " '%s' in database '%s'" % (column, db) infoMsg += " '%s' in database '%s'" % (column, db)
logger.info(infoMsg) logger.info("%s%s" % (infoMsg, infoMsgTbl))
query = rootQuery.blind.count query = rootQuery.blind.count
query = query % (db, db, db, db, db, db) query = query % (db, db, db, db, db, db)
query += " AND %s" % colQuery.replace("[DB]", db) query += " AND %s" % colQuery.replace("[DB]", db)
query += whereTblsQuery.replace("[DB]", db)
count = inject.getValue(query, inband=False, error=False, expected=EXPECTED.INT, charsetType=CHARSET_TYPE.DIGITS) count = inject.getValue(query, inband=False, error=False, expected=EXPECTED.INT, charsetType=CHARSET_TYPE.DIGITS)
if not isNumPosStrValue(count): if not isNumPosStrValue(count):
@ -377,6 +385,7 @@ class Enumeration(GenericEnumeration):
query = rootQuery.blind.query query = rootQuery.blind.query
query = query % (db, db, db, db, db, db) query = query % (db, db, db, db, db, db)
query += " AND %s" % colQuery.replace("[DB]", db) query += " AND %s" % colQuery.replace("[DB]", db)
query += whereTblsQuery.replace("[DB]", db)
query = agent.limitQuery(index, query, colCond.replace("[DB]", db)) query = agent.limitQuery(index, query, colCond.replace("[DB]", db))
tbl = inject.getValue(query, inband=False, error=False) tbl = inject.getValue(query, inband=False, error=False)
kb.hintValue = tbl kb.hintValue = tbl