mirror of
				https://github.com/sqlmapproject/sqlmap.git
				synced 2025-10-25 13:11:00 +03:00 
			
		
		
		
	bug fixed (there was a huge problem with space containing identifiers - fixed and tested for MySQL)
This commit is contained in:
		
							parent
							
								
									6c6133e8aa
								
							
						
					
					
						commit
						48c4460e2c
					
				|  | @ -930,6 +930,10 @@ class Enumeration: | |||
|             logger.error(errMsg) | ||||
|             bruteForce = True | ||||
| 
 | ||||
|         if Backend.getIdentifiedDbms() == DBMS.MYSQL: | ||||
|             conf.tbl = self.__safeMySQLIdentificatorNaming(conf.tbl) | ||||
|             conf.db = self.__safeMySQLIdentificatorNaming(conf.db) | ||||
| 
 | ||||
|         if bruteForce: | ||||
|             resumeAvailable = False | ||||
| 
 | ||||
|  | @ -1002,7 +1006,8 @@ class Enumeration: | |||
| 
 | ||||
|                 for columnData in value: | ||||
|                     name = columnData[0] | ||||
| 
 | ||||
|                     if Backend.getIdentifiedDbms() == DBMS.MYSQL: | ||||
|                         name = self.__safeMySQLIdentificatorNaming(name) | ||||
|                     if len(columnData) == 1: | ||||
|                         columns[name] = "" | ||||
|                     else: | ||||
|  | @ -1077,6 +1082,9 @@ class Enumeration: | |||
|                 query = agent.limitQuery(index, query, field) | ||||
|                 column = inject.getValue(query, inband=False, error=False) | ||||
| 
 | ||||
|                 if Backend.getIdentifiedDbms() == DBMS.MYSQL: | ||||
|                     column = self.__safeMySQLIdentificatorNaming(column) | ||||
| 
 | ||||
|                 if not onlyColNames: | ||||
|                     if Backend.getIdentifiedDbms() in ( DBMS.MYSQL, DBMS.PGSQL ): | ||||
|                         query = rootQuery.blind.query2 % (conf.tbl, column, conf.db) | ||||
|  | @ -1200,6 +1208,15 @@ class Enumeration: | |||
| 
 | ||||
|         return entries, lengths | ||||
| 
 | ||||
|     def __safeMySQLIdentificatorNaming(self, value): | ||||
|         """ | ||||
|         Returns an safe representation of identificator name for MySQL | ||||
|         """ | ||||
|         retVal = value | ||||
|         if isinstance(value, basestring) and any(filter(lambda x: x in value, ['-', ' '])) and '`' not in value: | ||||
|             retVal = "`%s`" % value | ||||
|         return retVal | ||||
| 
 | ||||
|     def dumpTable(self): | ||||
|         if not conf.tbl and not conf.col: | ||||
|             errMsg = "missing table parameter" | ||||
|  | @ -1233,10 +1250,8 @@ class Enumeration: | |||
|         rootQuery = queries[Backend.getIdentifiedDbms()].dump_table | ||||
| 
 | ||||
|         if Backend.getIdentifiedDbms() == DBMS.MYSQL: | ||||
|             if '-' in conf.tbl: | ||||
|                 conf.tbl = "`%s`" % conf.tbl | ||||
|             if '-' in conf.db: | ||||
|                 conf.db = "`%s`" % conf.db | ||||
|             conf.tbl = self.__safeMySQLIdentificatorNaming(conf.tbl) | ||||
|             conf.db = self.__safeMySQLIdentificatorNaming(conf.db) | ||||
| 
 | ||||
|         if conf.col: | ||||
|             colList = conf.col.split(",") | ||||
|  |  | |||
		Loading…
	
		Reference in New Issue
	
	Block a user