sqlmapproject/sqlmap
1
1
Fork 0
mirror of https://github.com/sqlmapproject/sqlmap.git synced 2024-11-22 09:36:35 +03:00
Code Issues Packages Projects Releases Wiki Activity

fixed --search -C too on MSSQL - issue #81

Browse Source
This commit is contained in:
Bernardo Damele 2012-07-21 00:08:40 +01:00
parent 60242f92c5
commit 3e21f3d07a
1 changed files with 17 additions and 3 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

20
plugins/dbms/mssqlserver/enumeration.py
View File

@ -162,7 +162,6 @@ class Enumeration(GenericEnumeration):
tblList = conf.tbl.split(",") tblList = conf.tbl.split(",")
rootQuery = queries[Backend.getIdentifiedDbms()].search_table rootQuery = queries[Backend.getIdentifiedDbms()].search_table
tblCond = rootQuery.inband.condition tblCond = rootQuery.inband.condition
#dbCond = rootQuery.inband.condition2
tblConsider, tblCondParam = self.likeOrExact("table") tblConsider, tblCondParam = self.likeOrExact("table")
if conf.db and conf.db != CURRENT_DB: if conf.db and conf.db != CURRENT_DB:
@ -260,11 +259,16 @@ class Enumeration(GenericEnumeration):
rootQuery = queries[Backend.getIdentifiedDbms()].search_column rootQuery = queries[Backend.getIdentifiedDbms()].search_column
foundCols = {} foundCols = {}
dbs = {} dbs = {}
whereTblsQuery = ""
infoMsgTbl = ""
colList = conf.col.split(",") colList = conf.col.split(",")
origTbl = conf.tbl
origDb = conf.db
colCond = rootQuery.inband.condition colCond = rootQuery.inband.condition
tblCond = rootQuery.inband.condition2
colConsider, colCondParam = self.likeOrExact("column") colConsider, colCondParam = self.likeOrExact("column")
if conf.db is not None: if conf.db and conf.db != CURRENT_DB:
enumDbs = conf.db.split(",") enumDbs = conf.db.split(",")
elif not len(kb.data.cachedDbs): elif not len(kb.data.cachedDbs):
enumDbs = self.getDbs() enumDbs = self.getDbs()
@ -277,15 +281,23 @@ class Enumeration(GenericEnumeration):
for column in colList: for column in colList:
column = safeSQLIdentificatorNaming(column) column = safeSQLIdentificatorNaming(column)
conf.db = origDb
conf.tbl = origTbl
infoMsg = "searching column" infoMsg = "searching column"
if colConsider == "1": if colConsider == "1":
infoMsg += "s like" infoMsg += "s like"
infoMsg += " '%s'" % unsafeSQLIdentificatorNaming(column) infoMsg += " '%s'" % unsafeSQLIdentificatorNaming(column)
logger.info(infoMsg)
foundCols[column] = {} foundCols[column] = {}
if conf.tbl:
_ = conf.tbl.split(",")
whereTblsQuery = " AND (" + " OR ".join("%s = '%s'" % (tblCond, unsafeSQLIdentificatorNaming(tbl)) for tbl in _) + ")"
infoMsgTbl = " for table%s '%s'" % ("s" if len(_) > 1 else "", ", ".join(tbl for tbl in _))
logger.info("%s%s" % (infoMsg, infoMsgTbl))
colQuery = "%s%s" % (colCond, colCondParam) colQuery = "%s%s" % (colCond, colCondParam)
colQuery = colQuery % unsafeSQLIdentificatorNaming(column) colQuery = colQuery % unsafeSQLIdentificatorNaming(column)
@ -301,6 +313,7 @@ class Enumeration(GenericEnumeration):
if any(isTechniqueAvailable(_) for _ in (PAYLOAD.TECHNIQUE.UNION, PAYLOAD.TECHNIQUE.ERROR)) or conf.direct: if any(isTechniqueAvailable(_) for _ in (PAYLOAD.TECHNIQUE.UNION, PAYLOAD.TECHNIQUE.ERROR)) or conf.direct:
query = rootQuery.inband.query % (db, db, db, db, db, db) query = rootQuery.inband.query % (db, db, db, db, db, db)
query += " AND %s" % colQuery.replace("[DB]", db) query += " AND %s" % colQuery.replace("[DB]", db)
query += whereTblsQuery.replace("[DB]", db)
values = inject.getValue(query, blind=False) values = inject.getValue(query, blind=False)
if not isNoneValue(values): if not isNoneValue(values):
@ -388,4 +401,5 @@ class Enumeration(GenericEnumeration):
foundCols[column][db].append(tbl) foundCols[column][db].append(tbl)
conf.dumper.dbColumns(foundCols, colConsider, dbs)
self.dumpFoundColumn(dbs, foundCols, colConsider) self.dumpFoundColumn(dbs, foundCols, colConsider)