mirror of
https://github.com/sqlmapproject/sqlmap.git
synced 2024-11-25 11:03:47 +03:00
Fixing falling back (aka query2) for --tables
This commit is contained in:
parent
9da558f041
commit
3977be9c9e
|
@ -127,8 +127,8 @@
|
||||||
<blind query="SELECT DISTINCT(schemaname) FROM pg_tables ORDER BY schemaname OFFSET %d LIMIT 1" count="SELECT COUNT(DISTINCT(schemaname)) FROM pg_tables"/>
|
<blind query="SELECT DISTINCT(schemaname) FROM pg_tables ORDER BY schemaname OFFSET %d LIMIT 1" count="SELECT COUNT(DISTINCT(schemaname)) FROM pg_tables"/>
|
||||||
</dbs>
|
</dbs>
|
||||||
<tables>
|
<tables>
|
||||||
<inband query="SELECT schemaname,tablename FROM pg_tables" condition="schemaname"/>
|
<inband query="SELECT schemaname,tablename FROM pg_tables" condition="schemaname" query2="SELECT table_schema,table_name FROM information_schema.tables" condition2="table_schema"/>
|
||||||
<blind query="SELECT tablename FROM pg_tables WHERE schemaname='%s' ORDER BY tablename OFFSET %d LIMIT 1" count="SELECT COUNT(tablename) FROM pg_tables WHERE schemaname='%s'"/>
|
<blind query="SELECT tablename FROM pg_tables WHERE schemaname='%s' ORDER BY tablename OFFSET %d LIMIT 1" count="SELECT COUNT(tablename) FROM pg_tables WHERE schemaname='%s'" query2="SELECT table_name FROM information_schema.tables WHERE table_schema='%s' OFFSET %d LIMIT 1" count2="SELECT COUNT(table_name) FROM information_schema.tables WHERE table_schema='%s'"/>
|
||||||
</tables>
|
</tables>
|
||||||
<columns>
|
<columns>
|
||||||
<inband query="SELECT attname,typname FROM pg_attribute b JOIN pg_class a ON a.oid=b.attrelid JOIN pg_type c ON c.oid=b.atttypid JOIN pg_namespace d ON a.relnamespace=d.oid WHERE b.attnum>0 AND a.relname='%s' AND nspname='%s' ORDER BY attname" condition="attname"/>
|
<inband query="SELECT attname,typname FROM pg_attribute b JOIN pg_class a ON a.oid=b.attrelid JOIN pg_type c ON c.oid=b.atttypid JOIN pg_namespace d ON a.relnamespace=d.oid WHERE b.attnum>0 AND a.relname='%s' AND nspname='%s' ORDER BY attname" condition="attname"/>
|
||||||
|
|
|
@ -20,7 +20,7 @@ from thirdparty import six
|
||||||
from thirdparty.six import unichr as _unichr
|
from thirdparty.six import unichr as _unichr
|
||||||
|
|
||||||
# sqlmap version (<major>.<minor>.<month>.<monthly commit>)
|
# sqlmap version (<major>.<minor>.<month>.<monthly commit>)
|
||||||
VERSION = "1.5.8.2"
|
VERSION = "1.5.8.3"
|
||||||
TYPE = "dev" if VERSION.count('.') > 2 and VERSION.split('.')[-1] != '0' else "stable"
|
TYPE = "dev" if VERSION.count('.') > 2 and VERSION.split('.')[-1] != '0' else "stable"
|
||||||
TYPE_COLORS = {"dev": 33, "stable": 90, "pip": 34}
|
TYPE_COLORS = {"dev": 33, "stable": 90, "pip": 34}
|
||||||
VERSION_STRING = "sqlmap/%s#%s" % ('.'.join(VERSION.split('.')[:-1]) if VERSION.count('.') > 2 and VERSION.split('.')[-1] == '0' else VERSION, TYPE)
|
VERSION_STRING = "sqlmap/%s#%s" % ('.'.join(VERSION.split('.')[:-1]) if VERSION.count('.') > 2 and VERSION.split('.')[-1] == '0' else VERSION, TYPE)
|
||||||
|
|
|
@ -363,78 +363,83 @@ class Databases(object):
|
||||||
singleTimeLogMessage(infoMsg)
|
singleTimeLogMessage(infoMsg)
|
||||||
continue
|
continue
|
||||||
|
|
||||||
infoMsg = "fetching number of tables for "
|
for query, count in ((rootQuery.blind.query, rootQuery.blind.count), (getattr(rootQuery.blind, "query2", None), getattr(rootQuery.blind, "count2", None))):
|
||||||
infoMsg += "database '%s'" % unsafeSQLIdentificatorNaming(db)
|
if query is None:
|
||||||
logger.info(infoMsg)
|
break
|
||||||
|
|
||||||
if Backend.getIdentifiedDbms() in (DBMS.SQLITE, DBMS.FIREBIRD, DBMS.MAXDB, DBMS.ACCESS, DBMS.MCKOI, DBMS.EXTREMEDB):
|
infoMsg = "fetching number of tables for "
|
||||||
query = rootQuery.blind.count
|
infoMsg += "database '%s'" % unsafeSQLIdentificatorNaming(db)
|
||||||
else:
|
logger.info(infoMsg)
|
||||||
query = rootQuery.blind.count % unsafeSQLIdentificatorNaming(db)
|
|
||||||
|
|
||||||
count = inject.getValue(query, union=False, error=False, expected=EXPECTED.INT, charsetType=CHARSET_TYPE.DIGITS)
|
if Backend.getIdentifiedDbms() not in (DBMS.SQLITE, DBMS.FIREBIRD, DBMS.MAXDB, DBMS.ACCESS, DBMS.MCKOI, DBMS.EXTREMEDB):
|
||||||
|
count = count % unsafeSQLIdentificatorNaming(db)
|
||||||
|
|
||||||
if count == 0:
|
count = inject.getValue(count, union=False, error=False, expected=EXPECTED.INT, charsetType=CHARSET_TYPE.DIGITS)
|
||||||
warnMsg = "database '%s' " % unsafeSQLIdentificatorNaming(db)
|
|
||||||
warnMsg += "appears to be empty"
|
|
||||||
logger.warn(warnMsg)
|
|
||||||
continue
|
|
||||||
|
|
||||||
elif not isNumPosStrValue(count):
|
if count == 0:
|
||||||
warnMsg = "unable to retrieve the number of "
|
warnMsg = "database '%s' " % unsafeSQLIdentificatorNaming(db)
|
||||||
warnMsg += "tables for database '%s'" % unsafeSQLIdentificatorNaming(db)
|
warnMsg += "appears to be empty"
|
||||||
logger.warn(warnMsg)
|
logger.warn(warnMsg)
|
||||||
continue
|
break
|
||||||
|
|
||||||
tables = []
|
elif not isNumPosStrValue(count):
|
||||||
|
warnMsg = "unable to retrieve the number of "
|
||||||
|
warnMsg += "tables for database '%s'" % unsafeSQLIdentificatorNaming(db)
|
||||||
|
singleTimeWarnMessage(warnMsg)
|
||||||
|
continue
|
||||||
|
|
||||||
plusOne = Backend.getIdentifiedDbms() in PLUS_ONE_DBMSES
|
tables = []
|
||||||
indexRange = getLimitRange(count, plusOne=plusOne)
|
|
||||||
|
|
||||||
for index in indexRange:
|
plusOne = Backend.getIdentifiedDbms() in PLUS_ONE_DBMSES
|
||||||
if Backend.isDbms(DBMS.SYBASE):
|
indexRange = getLimitRange(count, plusOne=plusOne)
|
||||||
query = rootQuery.blind.query % (db, (kb.data.cachedTables[-1] if kb.data.cachedTables else " "))
|
|
||||||
elif Backend.getIdentifiedDbms() in (DBMS.MAXDB, DBMS.ACCESS, DBMS.MCKOI, DBMS.EXTREMEDB):
|
|
||||||
query = rootQuery.blind.query % (kb.data.cachedTables[-1] if kb.data.cachedTables else " ")
|
|
||||||
elif Backend.getIdentifiedDbms() in (DBMS.SQLITE, DBMS.FIREBIRD):
|
|
||||||
query = rootQuery.blind.query % index
|
|
||||||
elif Backend.getIdentifiedDbms() in (DBMS.HSQLDB, DBMS.INFORMIX, DBMS.FRONTBASE, DBMS.VIRTUOSO):
|
|
||||||
query = rootQuery.blind.query % (index, unsafeSQLIdentificatorNaming(db))
|
|
||||||
else:
|
|
||||||
query = rootQuery.blind.query % (unsafeSQLIdentificatorNaming(db), index)
|
|
||||||
|
|
||||||
table = unArrayizeValue(inject.getValue(query, union=False, error=False))
|
for index in indexRange:
|
||||||
|
if Backend.isDbms(DBMS.SYBASE):
|
||||||
|
query = query % (db, (kb.data.cachedTables[-1] if kb.data.cachedTables else " "))
|
||||||
|
elif Backend.getIdentifiedDbms() in (DBMS.MAXDB, DBMS.ACCESS, DBMS.MCKOI, DBMS.EXTREMEDB):
|
||||||
|
query = query % (kb.data.cachedTables[-1] if kb.data.cachedTables else " ")
|
||||||
|
elif Backend.getIdentifiedDbms() in (DBMS.SQLITE, DBMS.FIREBIRD):
|
||||||
|
query = query % index
|
||||||
|
elif Backend.getIdentifiedDbms() in (DBMS.HSQLDB, DBMS.INFORMIX, DBMS.FRONTBASE, DBMS.VIRTUOSO):
|
||||||
|
query = query % (index, unsafeSQLIdentificatorNaming(db))
|
||||||
|
else:
|
||||||
|
query = query % (unsafeSQLIdentificatorNaming(db), index)
|
||||||
|
|
||||||
if not isNoneValue(table):
|
table = unArrayizeValue(inject.getValue(query, union=False, error=False))
|
||||||
kb.hintValue = table
|
|
||||||
table = safeSQLIdentificatorNaming(table, True)
|
if not isNoneValue(table):
|
||||||
tables.append(table)
|
kb.hintValue = table
|
||||||
|
table = safeSQLIdentificatorNaming(table, True)
|
||||||
|
tables.append(table)
|
||||||
|
|
||||||
|
if tables:
|
||||||
|
kb.data.cachedTables[db] = tables
|
||||||
|
|
||||||
if conf.getComments:
|
if conf.getComments:
|
||||||
_ = queries[Backend.getIdentifiedDbms()].table_comment
|
for table in tables:
|
||||||
if hasattr(_, "query"):
|
_ = queries[Backend.getIdentifiedDbms()].table_comment
|
||||||
if Backend.getIdentifiedDbms() in (DBMS.ORACLE, DBMS.DB2, DBMS.DERBY, DBMS.ALTIBASE):
|
if hasattr(_, "query"):
|
||||||
query = _.query % (unsafeSQLIdentificatorNaming(db.upper()), unsafeSQLIdentificatorNaming(table.upper()))
|
if Backend.getIdentifiedDbms() in (DBMS.ORACLE, DBMS.DB2, DBMS.DERBY, DBMS.ALTIBASE):
|
||||||
|
query = _.query % (unsafeSQLIdentificatorNaming(db.upper()), unsafeSQLIdentificatorNaming(table.upper()))
|
||||||
|
else:
|
||||||
|
query = _.query % (unsafeSQLIdentificatorNaming(db), unsafeSQLIdentificatorNaming(table))
|
||||||
|
|
||||||
|
comment = unArrayizeValue(inject.getValue(query, union=False, error=False))
|
||||||
|
if not isNoneValue(comment):
|
||||||
|
infoMsg = "retrieved comment '%s' for table '%s'" % (comment, unsafeSQLIdentificatorNaming(table))
|
||||||
|
if METADB_SUFFIX not in db:
|
||||||
|
infoMsg += " in database '%s'" % unsafeSQLIdentificatorNaming(db)
|
||||||
|
logger.info(infoMsg)
|
||||||
else:
|
else:
|
||||||
query = _.query % (unsafeSQLIdentificatorNaming(db), unsafeSQLIdentificatorNaming(table))
|
warnMsg = "on %s it is not " % Backend.getIdentifiedDbms()
|
||||||
|
warnMsg += "possible to get table comments"
|
||||||
|
singleTimeWarnMessage(warnMsg)
|
||||||
|
|
||||||
comment = unArrayizeValue(inject.getValue(query, union=False, error=False))
|
break
|
||||||
if not isNoneValue(comment):
|
else:
|
||||||
infoMsg = "retrieved comment '%s' for table '%s'" % (comment, unsafeSQLIdentificatorNaming(table))
|
warnMsg = "unable to retrieve the table names "
|
||||||
if METADB_SUFFIX not in db:
|
warnMsg += "for database '%s'" % unsafeSQLIdentificatorNaming(db)
|
||||||
infoMsg += " in database '%s'" % unsafeSQLIdentificatorNaming(db)
|
logger.warn(warnMsg)
|
||||||
logger.info(infoMsg)
|
|
||||||
else:
|
|
||||||
warnMsg = "on %s it is not " % Backend.getIdentifiedDbms()
|
|
||||||
warnMsg += "possible to get table comments"
|
|
||||||
singleTimeWarnMessage(warnMsg)
|
|
||||||
|
|
||||||
if tables:
|
|
||||||
kb.data.cachedTables[db] = tables
|
|
||||||
else:
|
|
||||||
warnMsg = "unable to retrieve the table names "
|
|
||||||
warnMsg += "for database '%s'" % unsafeSQLIdentificatorNaming(db)
|
|
||||||
logger.warn(warnMsg)
|
|
||||||
|
|
||||||
if isNoneValue(kb.data.cachedTables):
|
if isNoneValue(kb.data.cachedTables):
|
||||||
kb.data.cachedTables.clear()
|
kb.data.cachedTables.clear()
|
||||||
|
|
Loading…
Reference in New Issue
Block a user