sqlmapproject/sqlmap
1
1
Fork 0
mirror of https://github.com/sqlmapproject/sqlmap.git synced 2025-08-02 03:10:12 +03:00
Code Issues Packages Projects Releases Wiki Activity

Merge 90b9c4d0d5 into ffbbb10abb

Browse Source
This commit is contained in:
GitHub Merge Button 2012-07-16 14:15:17 -07:00
commit 50cb1c41c8
2 changed files with 16 additions and 7 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

17
plugins/generic/enumeration.py
View File

@ -1353,6 +1353,8 @@ class Enumeration:
def __tableGetCount(self, db, table): def __tableGetCount(self, db, table):
if Backend.isDbms(DBMS.DB2): if Backend.isDbms(DBMS.DB2):
query = "SELECT %s FROM %s.%s--" % (queries[Backend.getIdentifiedDbms()].count.query % '*', safeSQLIdentificatorNaming(db.upper()), safeSQLIdentificatorNaming(table.upper(), True)) query = "SELECT %s FROM %s.%s--" % (queries[Backend.getIdentifiedDbms()].count.query % '*', safeSQLIdentificatorNaming(db.upper()), safeSQLIdentificatorNaming(table.upper(), True))
elif Backend.isDbms(DBMS.MYSQL):
query = "SELECT %s FROM `%s`.`%s`" % (queries[Backend.getIdentifiedDbms()].count.query % '*', safeSQLIdentificatorNaming(db), safeSQLIdentificatorNaming(table, True))
else: else:
query = "SELECT %s FROM %s.%s" % (queries[Backend.getIdentifiedDbms()].count.query % '*', safeSQLIdentificatorNaming(db), safeSQLIdentificatorNaming(table, True)) query = "SELECT %s FROM %s.%s" % (queries[Backend.getIdentifiedDbms()].count.query % '*', safeSQLIdentificatorNaming(db), safeSQLIdentificatorNaming(table, True))
@ -1578,7 +1580,7 @@ class Enumeration:
kb.data.cachedColumns = foundData kb.data.cachedColumns = foundData
try: try:
kb.dumpTable = "%s.%s" % (conf.db, tbl) kb.dumpTable = "`%s`.`%s`" % (conf.db, tbl)
if not safeSQLIdentificatorNaming(conf.db) in kb.data.cachedColumns \ if not safeSQLIdentificatorNaming(conf.db) in kb.data.cachedColumns \
or safeSQLIdentificatorNaming(tbl, True) not in \ or safeSQLIdentificatorNaming(tbl, True) not in \
@ -1617,7 +1619,7 @@ class Enumeration:
# Partial inband and error # Partial inband and error
if not (isTechniqueAvailable(PAYLOAD.TECHNIQUE.UNION) and kb.injection.data[PAYLOAD.TECHNIQUE.UNION].where == PAYLOAD.WHERE.ORIGINAL): if not (isTechniqueAvailable(PAYLOAD.TECHNIQUE.UNION) and kb.injection.data[PAYLOAD.TECHNIQUE.UNION].where == PAYLOAD.WHERE.ORIGINAL):
table = "%s.%s" % (conf.db, tbl) table = "%s.%s" % (conf.db, tbl)
retVal = self.__pivotDumpTable(table, colList, blind=False) retVal = self.__pivotDumpTable(table, colList, blind=False)
if retVal: if retVal:
@ -1625,8 +1627,15 @@ class Enumeration:
entries = zip(*[entries[colName] for colName in colList]) entries = zip(*[entries[colName] for colName in colList])
else: else:
query = rootQuery.inband.query % (colString, conf.db, tbl) query = rootQuery.inband.query % (colString, conf.db, tbl)
elif Backend.getIdentifiedDbms() in (DBMS.MYSQL, DBMS.PGSQL): elif Backend.getIdentifiedDbms() in (DBMS.PGSQL):
query = rootQuery.inband.query % (colString, conf.db, tbl, prioritySortColumns(colList)[0]) query = rootQuery.inband.query % (colString, conf.db, tbl, prioritySortColumns(colList)[0])
elif Backend.getIdentifiedDbms() in (DBMS.MYSQL):
newColString = ""
for (index, column) in enumerate(colString.split(',')):
newColString = "`%s`, %s" % (column.replace(" ", ""), newColString)
newColString = newColString[:-2]
query = rootQuery.inband.query % (newColString, conf.db, tbl, prioritySortColumns(colList)[0])
else: else:
query = rootQuery.inband.query % (colString, conf.db, tbl) query = rootQuery.inband.query % (colString, conf.db, tbl)
@ -1684,7 +1693,7 @@ class Enumeration:
else: else:
query = rootQuery.blind.count % (conf.db, tbl) query = rootQuery.blind.count % (conf.db, tbl)
count = inject.getValue(query, inband=False, error=False, expected=EXPECTED.INT, charsetType=CHARSET_TYPE.DIGITS) count = inject.getValue(query, inband=False, error=False, expected=EXPECTED.INT, charsetType=CHARSET_TYPE.DIGITS)
lengths = {} lengths = {}
entries = {} entries = {}

6
xml/queries.xml
View File

@ -12,7 +12,7 @@
<limitgroupstart query="1"/> <limitgroupstart query="1"/>
<limitgroupstop query="2"/> <limitgroupstop query="2"/>
<limitstring query=" LIMIT "/> <limitstring query=" LIMIT "/>
<order query="ORDER BY %s ASC"/> <order query="ORDER BY `%s` ASC"/>
<count query="COUNT(%s)"/> <count query="COUNT(%s)"/>
<comment query="-- " query2="/*" query3="#"/> <comment query="-- " query2="/*" query3="#"/>
<!-- <!--
@ -58,8 +58,8 @@
<blind query="SELECT column_name FROM INFORMATION_SCHEMA.COLUMNS WHERE table_name='%s' AND table_schema='%s'" query2="SELECT column_type FROM INFORMATION_SCHEMA.COLUMNS WHERE table_name='%s' AND column_name='%s' AND table_schema='%s'" count="SELECT COUNT(column_name) FROM INFORMATION_SCHEMA.COLUMNS WHERE table_name='%s' AND table_schema='%s'" condition="column_name"/> <blind query="SELECT column_name FROM INFORMATION_SCHEMA.COLUMNS WHERE table_name='%s' AND table_schema='%s'" query2="SELECT column_type FROM INFORMATION_SCHEMA.COLUMNS WHERE table_name='%s' AND column_name='%s' AND table_schema='%s'" count="SELECT COUNT(column_name) FROM INFORMATION_SCHEMA.COLUMNS WHERE table_name='%s' AND table_schema='%s'" condition="column_name"/>
</columns> </columns>
<dump_table> <dump_table>
<inband query="SELECT %s FROM %s.%s ORDER BY %s"/> <inband query="SELECT %s FROM `%s`.`%s` ORDER BY `%s`"/>
<blind query="SELECT %s FROM %s.%s ORDER BY %s LIMIT %d,1" count="SELECT COUNT(*) FROM %s.%s"/> <blind query="SELECT %s FROM `%s`.`%s` ORDER BY `%s` LIMIT %d,1" count="SELECT COUNT(*) FROM `%s`.`%s`"/>
</dump_table> </dump_table>
<search_db> <search_db>
<inband query="SELECT schema_name FROM INFORMATION_SCHEMA.SCHEMATA WHERE " query2="SELECT db FROM mysql.db WHERE " condition="schema_name" condition2="db"/> <inband query="SELECT schema_name FROM INFORMATION_SCHEMA.SCHEMATA WHERE " query2="SELECT db FROM mysql.db WHERE " condition="schema_name" condition2="db"/>