Patch for an Issue #688

2024-11-22 09:36:35 +03:00 · 2014-05-13 00:50:36 +02:00 · 2014-05-13 00:50:36 +02:00 · 4e8b41b869
commit 4e8b41b869
parent 3a2916724c
2 changed files with 28 additions and 0 deletions
--- a/lib/core/option.py
+++ b/lib/core/option.py
@ -1606,6 +1606,7 @@ def _setKnowledgeBaseAttributes(flushAll=True):
    kb.chars.stop = "%s%s%s" % (KB_CHARS_BOUNDARY_CHAR, randomStr(length=3, lowercase=True), KB_CHARS_BOUNDARY_CHAR)
    kb.chars.at, kb.chars.space, kb.chars.dollar, kb.chars.hash_ = ("%s%s%s" % (KB_CHARS_BOUNDARY_CHAR, _, KB_CHARS_BOUNDARY_CHAR) for _ in randomStr(length=4, lowercase=True))

+    kb.columnExistsChoice = None
    kb.commonOutputs = None
    kb.counters = {}
    kb.data = AttribDict()
@ -1704,6 +1705,7 @@ def _setKnowledgeBaseAttributes(flushAll=True):
    kb.testQueryCount = 0
    kb.threadContinue = True
    kb.threadException = False
+    kb.tableExistsChoice = None
    kb.timeValidCharsRun = 0
    kb.uChar = NULL
    kb.unionDuplicates = False
--- a/lib/techniques/brute/use.py
+++ b/lib/techniques/brute/use.py
@ -16,6 +16,7 @@ from lib.core.common import getPageWordSet
 from lib.core.common import hashDBWrite
 from lib.core.common import randomInt
 from lib.core.common import randomStr
+from lib.core.common import readInput
 from lib.core.common import safeStringFormat
 from lib.core.common import safeSQLIdentificatorNaming
 from lib.core.common import unsafeSQLIdentificatorNaming
@ -24,6 +25,7 @@ from lib.core.data import kb
 from lib.core.data import logger
 from lib.core.enums import DBMS
 from lib.core.enums import HASHDB_KEYS
+from lib.core.enums import PAYLOAD
 from lib.core.exception import SqlmapDataException
 from lib.core.exception import SqlmapMissingMandatoryOptionException
 from lib.core.settings import METADB_SUFFIX
@ -49,6 +51,18 @@ def _addPageTextWords():
    return wordsList

 def tableExists(tableFile, regex=None):
+    if kb.tableExistsChoice is None and any(_ not in kb.injection.data for _ in (PAYLOAD.TECHNIQUE.TIME, PAYLOAD.TECHNIQUE.STACKED)):
+        warnMsg = "it's not recommended to use '%s' and/or '%s' " % (PAYLOAD.SQLINJECTION[PAYLOAD.TECHNIQUE.TIME], PAYLOAD.SQLINJECTION[PAYLOAD.TECHNIQUE.STACKED])
+        warnMsg += "for common table existence check"
+        logger.warn(warnMsg)
+
+        message = "are you sure you want to continue? [y/N] "
+        test = readInput(message, default="N")
+        kb.tableExistsChoice = test[0] in ("y", "Y")
+
+        if not kb.tableExistsChoice:
+            return None
+
    result = inject.checkBooleanExpression("%s" % safeStringFormat(BRUTE_TABLE_EXISTS_TEMPLATE, (randomInt(1), randomStr())))

    if conf.db and Backend.getIdentifiedDbms() in (DBMS.ORACLE, DBMS.DB2):
@ -141,6 +155,18 @@ def tableExists(tableFile, regex=None):
    return kb.data.cachedTables

 def columnExists(columnFile, regex=None):
+    if kb.columnExistsChoice is None and any(_ not in kb.injection.data for _ in (PAYLOAD.TECHNIQUE.TIME, PAYLOAD.TECHNIQUE.STACKED)):
+        warnMsg = "it's not recommended to use '%s' and/or '%s' " % (PAYLOAD.SQLINJECTION[PAYLOAD.TECHNIQUE.TIME], PAYLOAD.SQLINJECTION[PAYLOAD.TECHNIQUE.STACKED])
+        warnMsg += "for common column existence check"
+        logger.warn(warnMsg)
+
+        message = "are you sure you want to continue? [y/N] "
+        test = readInput(message, default="N")
+        kb.columnExistsChoice = test[0] in ("y", "Y")
+
+        if not kb.columnExistsChoice:
+            return None
+
    if not conf.tbl:
        errMsg = "missing table parameter"
        raise SqlmapMissingMandatoryOptionException(errMsg)