mirror of
				https://github.com/sqlmapproject/sqlmap.git
				synced 2025-10-26 21:51:12 +03:00 
			
		
		
		
	Minor refactoring
This commit is contained in:
		
							parent
							
								
									c2058dfc8f
								
							
						
					
					
						commit
						54fbb22ab8
					
				|  | @ -21,6 +21,7 @@ from lib.core.enums import CHARSET_TYPE | ||||||
| from lib.core.enums import EXPECTED | from lib.core.enums import EXPECTED | ||||||
| from lib.core.enums import OS | from lib.core.enums import OS | ||||||
| from lib.core.enums import PAYLOAD | from lib.core.enums import PAYLOAD | ||||||
|  | from lib.core.common import unArrayizeValue | ||||||
| from lib.core.exception import sqlmapFilePathException | from lib.core.exception import sqlmapFilePathException | ||||||
| from lib.core.exception import sqlmapMissingMandatoryOptionException | from lib.core.exception import sqlmapMissingMandatoryOptionException | ||||||
| from lib.core.exception import sqlmapUnsupportedFeatureException | from lib.core.exception import sqlmapUnsupportedFeatureException | ||||||
|  | @ -106,15 +107,9 @@ class UDF: | ||||||
|             cmd = unescaper.unescape(self.udfForgeCmd(cmd)) |             cmd = unescaper.unescape(self.udfForgeCmd(cmd)) | ||||||
| 
 | 
 | ||||||
|             inject.goStacked("INSERT INTO %s(%s) VALUES (%s(%s))" % (self.cmdTblName, self.tblField, udfName, cmd)) |             inject.goStacked("INSERT INTO %s(%s) VALUES (%s(%s))" % (self.cmdTblName, self.tblField, udfName, cmd)) | ||||||
|             output = inject.getValue("SELECT %s FROM %s" % (self.tblField, self.cmdTblName), resumeValue=False, firstChar=first, lastChar=last, safeCharEncode=False) |             output = unArrayizeValue(inject.getValue("SELECT %s FROM %s" % (self.tblField, self.cmdTblName), resumeValue=False, firstChar=first, lastChar=last, safeCharEncode=False)) | ||||||
|             inject.goStacked("DELETE FROM %s" % self.cmdTblName) |             inject.goStacked("DELETE FROM %s" % self.cmdTblName) | ||||||
| 
 | 
 | ||||||
|             if output and isinstance(output, (list, tuple)): |  | ||||||
|                 output = output[0] |  | ||||||
| 
 |  | ||||||
|                 if output and isinstance(output, (list, tuple)): |  | ||||||
|                     output = output[0] |  | ||||||
| 
 |  | ||||||
|         return output |         return output | ||||||
| 
 | 
 | ||||||
|     def udfCheckNeeded(self): |     def udfCheckNeeded(self): | ||||||
|  |  | ||||||
|  | @ -210,6 +210,7 @@ class Entries: | ||||||
|                         query = rootQuery.blind.count % tbl |                         query = rootQuery.blind.count % tbl | ||||||
|                     else: |                     else: | ||||||
|                         query = rootQuery.blind.count % (conf.db, tbl) |                         query = rootQuery.blind.count % (conf.db, tbl) | ||||||
|  | 
 | ||||||
|                     count = inject.getValue(query, inband=False, error=False, expected=EXPECTED.INT, charsetType=CHARSET_TYPE.DIGITS) |                     count = inject.getValue(query, inband=False, error=False, expected=EXPECTED.INT, charsetType=CHARSET_TYPE.DIGITS) | ||||||
| 
 | 
 | ||||||
|                     lengths = {} |                     lengths = {} | ||||||
|  |  | ||||||
|  | @ -6,6 +6,7 @@ See the file 'doc/COPYING' for copying permission | ||||||
| """ | """ | ||||||
| 
 | 
 | ||||||
| from lib.core.agent import agent | from lib.core.agent import agent | ||||||
|  | from lib.core.common import arrayizeValue | ||||||
| from lib.core.common import Backend | from lib.core.common import Backend | ||||||
| from lib.core.common import filterPairValues | from lib.core.common import filterPairValues | ||||||
| from lib.core.common import getLimitRange | from lib.core.common import getLimitRange | ||||||
|  | @ -83,8 +84,7 @@ class Search: | ||||||
|                 values = inject.getValue(query, blind=False) |                 values = inject.getValue(query, blind=False) | ||||||
| 
 | 
 | ||||||
|                 if not isNoneValue(values): |                 if not isNoneValue(values): | ||||||
|                     if isinstance(values, basestring): |                     values = arrayizeValue(values) | ||||||
|                         values = [values] |  | ||||||
| 
 | 
 | ||||||
|                     for value in values: |                     for value in values: | ||||||
|                         value = safeSQLIdentificatorNaming(value) |                         value = safeSQLIdentificatorNaming(value) | ||||||
|  | @ -100,6 +100,7 @@ class Search: | ||||||
|                     query = rootQuery.blind.count2 |                     query = rootQuery.blind.count2 | ||||||
|                 else: |                 else: | ||||||
|                     query = rootQuery.blind.count |                     query = rootQuery.blind.count | ||||||
|  | 
 | ||||||
|                 query += dbQuery |                 query += dbQuery | ||||||
|                 query += exclDbsQuery |                 query += exclDbsQuery | ||||||
|                 count = inject.getValue(query, inband=False, error=False, expected=EXPECTED.INT, charsetType=CHARSET_TYPE.DIGITS) |                 count = inject.getValue(query, inband=False, error=False, expected=EXPECTED.INT, charsetType=CHARSET_TYPE.DIGITS) | ||||||
|  | @ -232,6 +233,7 @@ class Search: | ||||||
|                     if Backend.isDbms(DBMS.DB2): |                     if Backend.isDbms(DBMS.DB2): | ||||||
|                         query += ") AS foobar" |                         query += ") AS foobar" | ||||||
|                     query = agent.limitQuery(index, query) |                     query = agent.limitQuery(index, query) | ||||||
|  | 
 | ||||||
|                     foundDb = inject.getValue(query, inband=False, error=False) |                     foundDb = inject.getValue(query, inband=False, error=False) | ||||||
|                     foundDb = safeSQLIdentificatorNaming(foundDb) |                     foundDb = safeSQLIdentificatorNaming(foundDb) | ||||||
| 
 | 
 | ||||||
|  | @ -275,6 +277,7 @@ class Search: | ||||||
|                         query = query % unsafeSQLIdentificatorNaming(db) |                         query = query % unsafeSQLIdentificatorNaming(db) | ||||||
|                         query += " AND %s" % tblQuery |                         query += " AND %s" % tblQuery | ||||||
|                         query = agent.limitQuery(index, query) |                         query = agent.limitQuery(index, query) | ||||||
|  | 
 | ||||||
|                         foundTbl = inject.getValue(query, inband=False, error=False) |                         foundTbl = inject.getValue(query, inband=False, error=False) | ||||||
|                         kb.hintValue = foundTbl |                         kb.hintValue = foundTbl | ||||||
|                         foundTbl = safeSQLIdentificatorNaming(foundTbl, True) |                         foundTbl = safeSQLIdentificatorNaming(foundTbl, True) | ||||||
|  |  | ||||||
|  | @ -97,7 +97,7 @@ class Users: | ||||||
|                 query = rootQuery.inband.query2 |                 query = rootQuery.inband.query2 | ||||||
|             else: |             else: | ||||||
|                 query = rootQuery.inband.query |                 query = rootQuery.inband.query | ||||||
|             value = inject.getValue(query, blind=False) |             value = unArrayizeValue(inject.getValue(query, blind=False)) | ||||||
| 
 | 
 | ||||||
|             if not isNoneValue(value): |             if not isNoneValue(value): | ||||||
|                 kb.data.cachedUsers = arrayizeValue(value) |                 kb.data.cachedUsers = arrayizeValue(value) | ||||||
|  | @ -110,6 +110,7 @@ class Users: | ||||||
|                 query = rootQuery.blind.count2 |                 query = rootQuery.blind.count2 | ||||||
|             else: |             else: | ||||||
|                 query = rootQuery.blind.count |                 query = rootQuery.blind.count | ||||||
|  | 
 | ||||||
|             count = inject.getValue(query, inband=False, error=False, expected=EXPECTED.INT, charsetType=CHARSET_TYPE.DIGITS) |             count = inject.getValue(query, inband=False, error=False, expected=EXPECTED.INT, charsetType=CHARSET_TYPE.DIGITS) | ||||||
| 
 | 
 | ||||||
|             if not isNumPosStrValue(count): |             if not isNumPosStrValue(count): | ||||||
|  | @ -250,6 +251,7 @@ class Users: | ||||||
|                         query = rootQuery.blind.count2 % user |                         query = rootQuery.blind.count2 % user | ||||||
|                     else: |                     else: | ||||||
|                         query = rootQuery.blind.count % user |                         query = rootQuery.blind.count % user | ||||||
|  | 
 | ||||||
|                     count = inject.getValue(query, inband=False, error=False, expected=EXPECTED.INT, charsetType=CHARSET_TYPE.DIGITS) |                     count = inject.getValue(query, inband=False, error=False, expected=EXPECTED.INT, charsetType=CHARSET_TYPE.DIGITS) | ||||||
| 
 | 
 | ||||||
|                     if not isNumPosStrValue(count): |                     if not isNumPosStrValue(count): | ||||||
|  | @ -274,6 +276,7 @@ class Users: | ||||||
|                                 query = rootQuery.blind.query % (user, index, user) |                                 query = rootQuery.blind.query % (user, index, user) | ||||||
|                         else: |                         else: | ||||||
|                             query = rootQuery.blind.query % (user, index) |                             query = rootQuery.blind.query % (user, index) | ||||||
|  | 
 | ||||||
|                         password = inject.getValue(query, inband=False, error=False) |                         password = inject.getValue(query, inband=False, error=False) | ||||||
|                         password = parsePasswordHash(password) |                         password = parsePasswordHash(password) | ||||||
|                         passwords.append(password) |                         passwords.append(password) | ||||||
|  | @ -463,6 +466,7 @@ class Users: | ||||||
|                     query = rootQuery.blind.count2 % user |                     query = rootQuery.blind.count2 % user | ||||||
|                 else: |                 else: | ||||||
|                     query = rootQuery.blind.count % user |                     query = rootQuery.blind.count % user | ||||||
|  | 
 | ||||||
|                 count = inject.getValue(query, inband=False, error=False, expected=EXPECTED.INT, charsetType=CHARSET_TYPE.DIGITS) |                 count = inject.getValue(query, inband=False, error=False, expected=EXPECTED.INT, charsetType=CHARSET_TYPE.DIGITS) | ||||||
| 
 | 
 | ||||||
|                 if not isNumPosStrValue(count): |                 if not isNumPosStrValue(count): | ||||||
|  |  | ||||||
		Loading…
	
		Reference in New Issue
	
	Block a user