sqlmapproject/sqlmap
1
1
Fork 0
mirror of https://github.com/sqlmapproject/sqlmap.git synced 2024-11-29 13:03:50 +03:00
Code Issues Packages Projects Releases Wiki Activity

doing proper big table support for partial union too

Browse Source
This commit is contained in:
Miroslav Stampar 2011-07-24 20:36:44 +00:00
parent ec1bc0219c
commit 3a3561fdaa
3 changed files with 54 additions and 51 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

4
lib/core/common.py
View File

@ -1334,6 +1334,10 @@ def parseUnionPage(output, expression, partial=False, condition=None, sort=True)
data = BigArray() data = BigArray()
if isinstance(output, list):
for entry in output:
data.append(entry[0] if len(entry) == 1 else entry)
else:
outCond1 = ( output.startswith(kb.misc.start) and output.endswith(kb.misc.stop) ) outCond1 = ( output.startswith(kb.misc.start) and output.endswith(kb.misc.stop) )
outCond2 = ( output.startswith(DUMP_START_MARKER) and output.endswith(DUMP_STOP_MARKER) ) outCond2 = ( output.startswith(DUMP_START_MARKER) and output.endswith(DUMP_STOP_MARKER) )

1
lib/techniques/union/test.py
View File

@ -19,7 +19,6 @@ from lib.core.common import dataToStdout
from lib.core.common import extractRegexResult from lib.core.common import extractRegexResult
from lib.core.common import getUnicode from lib.core.common import getUnicode
from lib.core.common import listToStrValue from lib.core.common import listToStrValue
from lib.core.common import parseUnionPage
from lib.core.common import popValue from lib.core.common import popValue
from lib.core.common import pushValue from lib.core.common import pushValue
from lib.core.common import randomStr from lib.core.common import randomStr

12
lib/techniques/union/use.py
View File

@ -13,6 +13,7 @@ import time
from lib.core.agent import agent from lib.core.agent import agent
from lib.core.common import Backend from lib.core.common import Backend
from lib.core.common import BigArray
from lib.core.common import calculateDeltaSeconds from lib.core.common import calculateDeltaSeconds
from lib.core.common import clearConsoleLine from lib.core.common import clearConsoleLine
from lib.core.common import dataToStdout from lib.core.common import dataToStdout
@ -262,7 +263,7 @@ def unionUse(expression, unpack=True, dump=False):
threadData = getCurrentThreadData() threadData = getCurrentThreadData()
threadData.shared.limits = range(startLimit, stopLimit) threadData.shared.limits = range(startLimit, stopLimit)
numThreads = min(conf.threads, len(threadData.shared.limits)) numThreads = min(conf.threads, len(threadData.shared.limits))
threadData.shared.value = "" threadData.shared.value = BigArray()
if stopLimit > TURN_OFF_RESUME_INFO_LIMIT: if stopLimit > TURN_OFF_RESUME_INFO_LIMIT:
kb.suppressResumeInfo = True kb.suppressResumeInfo = True
@ -305,16 +306,15 @@ def unionUse(expression, unpack=True, dump=False):
break break
if output: if output:
kb.locks.value.acquire()
threadData.shared.value += output
kb.locks.value.release()
if conf.verbose == 1:
if all(map(lambda x: x in output, [kb.misc.start, kb.misc.stop])): if all(map(lambda x: x in output, [kb.misc.start, kb.misc.stop])):
items = extractRegexResult(r'%s(?P<result>.*?)%s' % (kb.misc.start, kb.misc.stop), output, re.DOTALL | re.IGNORECASE).split(kb.misc.delimiter) items = extractRegexResult(r'%s(?P<result>.*?)%s' % (kb.misc.start, kb.misc.stop), output, re.DOTALL | re.IGNORECASE).split(kb.misc.delimiter)
kb.locks.value.acquire()
threadData.shared.value.append(items)
kb.locks.value.release()
else: else:
items = output.replace(kb.misc.start, "").replace(kb.misc.stop, "").split(kb.misc.delimiter) items = output.replace(kb.misc.start, "").replace(kb.misc.stop, "").split(kb.misc.delimiter)
if conf.verbose == 1:
status = "[%s] [INFO] retrieved: %s\r\n" % (time.strftime("%X"), safecharencode(",".join(map(lambda x: "\"%s\"" % x, items)))) status = "[%s] [INFO] retrieved: %s\r\n" % (time.strftime("%X"), safecharencode(",".join(map(lambda x: "\"%s\"" % x, items))))
if len(status) > width: if len(status) > width: