sqlmapproject/sqlmap
1
1
Fork 0
mirror of https://github.com/sqlmapproject/sqlmap.git synced 2024-11-25 11:03:47 +03:00
Code Issues Packages Projects Releases Wiki Activity

minor update

Browse Source
This commit is contained in:
Miroslav Stampar 2010-11-11 22:26:36 +00:00
parent 8aefd0bbf7
commit 42272ca78c
7 changed files with 17 additions and 7 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

10
lib/techniques/brute/use.py
View File

@ -35,7 +35,9 @@ def tableExists(tableFile):
length = len(tables) length = len(tables)
for table in tables: for table in tables:
query = agent.prefixQuery("%s" % safeStringFormat("AND EXISTS(SELECT %d FROM %s)", (randomInt(1), table if not conf.db else "%s.%s" % (conf.db, table)))) if conf.db and '(*)' not in conf.db:
table = "%s.%s" % (conf.db, table)
query = agent.prefixQuery("%s" % safeStringFormat("AND EXISTS(SELECT %d FROM %s)", (randomInt(1), table)))
query = agent.postfixQuery(query) query = agent.postfixQuery(query)
result = Request.queryPage(agent.payload(newValue=query)) result = Request.queryPage(agent.payload(newValue=query))
@ -71,7 +73,11 @@ def columnExists(columnFile):
raise sqlmapMissingMandatoryOptionException, errMsg raise sqlmapMissingMandatoryOptionException, errMsg
columns = getFileItems(columnFile) columns = getFileItems(columnFile)
table = conf.tbl if not conf.db else ("%s.%s" % (conf.db, conf.tbl)) if conf.db and '(*)' not in conf.db:
table = "%s.%s" % (conf.db, conf.tbl)
else:
table = conf.tbl
retVal = [] retVal = []
infoMsg = "checking column existence using items from '%s'" % columnFile infoMsg = "checking column existence using items from '%s'" % columnFile
logger.info(infoMsg) logger.info(infoMsg)

2
plugins/dbms/access/fingerprint.py
View File

@ -191,4 +191,4 @@ class Fingerprint(GenericFingerprint):
return False return False
def forceDbmsEnum(self): def forceDbmsEnum(self):
conf.db = "Access" conf.db = "Access (*)"

2
plugins/dbms/firebird/fingerprint.py
View File

@ -149,4 +149,4 @@ class Fingerprint(GenericFingerprint):
return False return False
def forceDbmsEnum(self): def forceDbmsEnum(self):
conf.db = "Firebird" conf.db = "Firebird (*)"

2
plugins/dbms/maxdb/fingerprint.py
View File

@ -151,4 +151,4 @@ class Fingerprint(GenericFingerprint):
return False return False
def forceDbmsEnum(self): def forceDbmsEnum(self):
conf.db = "SAP MaxDB" conf.db = "SAP MaxDB (*)"

2
plugins/dbms/sqlite/fingerprint.py
View File

@ -114,4 +114,4 @@ class Fingerprint(GenericFingerprint):
return False return False
def forceDbmsEnum(self): def forceDbmsEnum(self):
conf.db = "SQLite" conf.db = "SQLite (*)"

2
plugins/generic/enumeration.py
View File

@ -1155,7 +1155,7 @@ class Enumeration:
if kb.dbms == DBMS.ORACLE: if kb.dbms == DBMS.ORACLE:
query = rootQuery.blind.count % conf.tbl.upper() query = rootQuery.blind.count % conf.tbl.upper()
elif kb.dbms == DBMS.SQLITE: elif kb.dbms in (DBMS.SQLITE, DBMS.ACCESS):
query = rootQuery.blind.count % conf.tbl query = rootQuery.blind.count % conf.tbl
else: else:
query = rootQuery.blind.count % (conf.db, conf.tbl) query = rootQuery.blind.count % (conf.db, conf.tbl)

4
xml/queries.xml
View File

@ -364,6 +364,10 @@
<inband query="SELECT Name FROM MSysObjects WHERE (Left([Name],1) &lt;&gt; '~') AND (Left([Name],4) &lt;&gt; 'MSys') AND ([Type] In (1, 4, 6))"/> <inband query="SELECT Name FROM MSysObjects WHERE (Left([Name],1) &lt;&gt; '~') AND (Left([Name],4) &lt;&gt; 'MSys') AND ([Type] In (1, 4, 6))"/>
<blind query="SELECT MIN(Name) FROM MSysObjects WHERE Type = 1 AND name > '%s'" count="SELECT COUNT(*) FROM MSysObjects WHERE Type = 1"/> <blind query="SELECT MIN(Name) FROM MSysObjects WHERE Type = 1 AND name > '%s'" count="SELECT COUNT(*) FROM MSysObjects WHERE Type = 1"/>
</tables> </tables>
<dump_table>
<inband query="SELECT %s FROM %s"/>
<blind query="SELECT MIN(%s) FROM %s WHERE %s > '%s'" count="SELECT COUNT(*) FROM %s"/>
</dump_table>
</dbms> </dbms>
<!-- Firebird --> <!-- Firebird -->