sqlmapproject/sqlmap
1
1
Fork 0
mirror of https://github.com/sqlmapproject/sqlmap.git synced 2024-11-25 11:03:47 +03:00
Code Issues Packages Projects Releases Wiki Activity

Minor refactoring

Browse Source
This commit is contained in:
Miroslav Stampar 2012-10-25 09:56:36 +02:00
parent c2058dfc8f
commit 54fbb22ab8
4 changed files with 13 additions and 10 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

9
lib/takeover/udf.py
View File

@ -21,6 +21,7 @@ from lib.core.enums import CHARSET_TYPE
from lib.core.enums import EXPECTED from lib.core.enums import EXPECTED
from lib.core.enums import OS from lib.core.enums import OS
from lib.core.enums import PAYLOAD from lib.core.enums import PAYLOAD
from lib.core.common import unArrayizeValue
from lib.core.exception import sqlmapFilePathException from lib.core.exception import sqlmapFilePathException
from lib.core.exception import sqlmapMissingMandatoryOptionException from lib.core.exception import sqlmapMissingMandatoryOptionException
from lib.core.exception import sqlmapUnsupportedFeatureException from lib.core.exception import sqlmapUnsupportedFeatureException
@ -106,15 +107,9 @@ class UDF:
cmd = unescaper.unescape(self.udfForgeCmd(cmd)) cmd = unescaper.unescape(self.udfForgeCmd(cmd))
inject.goStacked("INSERT INTO %s(%s) VALUES (%s(%s))" % (self.cmdTblName, self.tblField, udfName, cmd)) inject.goStacked("INSERT INTO %s(%s) VALUES (%s(%s))" % (self.cmdTblName, self.tblField, udfName, cmd))
output = inject.getValue("SELECT %s FROM %s" % (self.tblField, self.cmdTblName), resumeValue=False, firstChar=first, lastChar=last, safeCharEncode=False) output = unArrayizeValue(inject.getValue("SELECT %s FROM %s" % (self.tblField, self.cmdTblName), resumeValue=False, firstChar=first, lastChar=last, safeCharEncode=False))
inject.goStacked("DELETE FROM %s" % self.cmdTblName) inject.goStacked("DELETE FROM %s" % self.cmdTblName)
if output and isinstance(output, (list, tuple)):
output = output[0]
if output and isinstance(output, (list, tuple)):
output = output[0]
return output return output
def udfCheckNeeded(self): def udfCheckNeeded(self):

1
plugins/generic/entries.py
View File

@ -210,6 +210,7 @@ class Entries:
query = rootQuery.blind.count % tbl query = rootQuery.blind.count % tbl
else: else:
query = rootQuery.blind.count % (conf.db, tbl) query = rootQuery.blind.count % (conf.db, tbl)
count = inject.getValue(query, inband=False, error=False, expected=EXPECTED.INT, charsetType=CHARSET_TYPE.DIGITS) count = inject.getValue(query, inband=False, error=False, expected=EXPECTED.INT, charsetType=CHARSET_TYPE.DIGITS)
lengths = {} lengths = {}

7
plugins/generic/search.py
View File

@ -6,6 +6,7 @@ See the file 'doc/COPYING' for copying permission
""" """
from lib.core.agent import agent from lib.core.agent import agent
from lib.core.common import arrayizeValue
from lib.core.common import Backend from lib.core.common import Backend
from lib.core.common import filterPairValues from lib.core.common import filterPairValues
from lib.core.common import getLimitRange from lib.core.common import getLimitRange
@ -83,8 +84,7 @@ class Search:
values = inject.getValue(query, blind=False) values = inject.getValue(query, blind=False)
if not isNoneValue(values): if not isNoneValue(values):
if isinstance(values, basestring): values = arrayizeValue(values)
values = [values]
for value in values: for value in values:
value = safeSQLIdentificatorNaming(value) value = safeSQLIdentificatorNaming(value)
@ -100,6 +100,7 @@ class Search:
query = rootQuery.blind.count2 query = rootQuery.blind.count2
else: else:
query = rootQuery.blind.count query = rootQuery.blind.count
query += dbQuery query += dbQuery
query += exclDbsQuery query += exclDbsQuery
count = inject.getValue(query, inband=False, error=False, expected=EXPECTED.INT, charsetType=CHARSET_TYPE.DIGITS) count = inject.getValue(query, inband=False, error=False, expected=EXPECTED.INT, charsetType=CHARSET_TYPE.DIGITS)
@ -232,6 +233,7 @@ class Search:
if Backend.isDbms(DBMS.DB2): if Backend.isDbms(DBMS.DB2):
query += ") AS foobar" query += ") AS foobar"
query = agent.limitQuery(index, query) query = agent.limitQuery(index, query)
foundDb = inject.getValue(query, inband=False, error=False) foundDb = inject.getValue(query, inband=False, error=False)
foundDb = safeSQLIdentificatorNaming(foundDb) foundDb = safeSQLIdentificatorNaming(foundDb)
@ -275,6 +277,7 @@ class Search:
query = query % unsafeSQLIdentificatorNaming(db) query = query % unsafeSQLIdentificatorNaming(db)
query += " AND %s" % tblQuery query += " AND %s" % tblQuery
query = agent.limitQuery(index, query) query = agent.limitQuery(index, query)
foundTbl = inject.getValue(query, inband=False, error=False) foundTbl = inject.getValue(query, inband=False, error=False)
kb.hintValue = foundTbl kb.hintValue = foundTbl
foundTbl = safeSQLIdentificatorNaming(foundTbl, True) foundTbl = safeSQLIdentificatorNaming(foundTbl, True)

6
plugins/generic/users.py
View File

@ -97,7 +97,7 @@ class Users:
query = rootQuery.inband.query2 query = rootQuery.inband.query2
else: else:
query = rootQuery.inband.query query = rootQuery.inband.query
value = inject.getValue(query, blind=False) value = unArrayizeValue(inject.getValue(query, blind=False))
if not isNoneValue(value): if not isNoneValue(value):
kb.data.cachedUsers = arrayizeValue(value) kb.data.cachedUsers = arrayizeValue(value)
@ -110,6 +110,7 @@ class Users:
query = rootQuery.blind.count2 query = rootQuery.blind.count2
else: else:
query = rootQuery.blind.count query = rootQuery.blind.count
count = inject.getValue(query, inband=False, error=False, expected=EXPECTED.INT, charsetType=CHARSET_TYPE.DIGITS) count = inject.getValue(query, inband=False, error=False, expected=EXPECTED.INT, charsetType=CHARSET_TYPE.DIGITS)
if not isNumPosStrValue(count): if not isNumPosStrValue(count):
@ -250,6 +251,7 @@ class Users:
query = rootQuery.blind.count2 % user query = rootQuery.blind.count2 % user
else: else:
query = rootQuery.blind.count % user query = rootQuery.blind.count % user
count = inject.getValue(query, inband=False, error=False, expected=EXPECTED.INT, charsetType=CHARSET_TYPE.DIGITS) count = inject.getValue(query, inband=False, error=False, expected=EXPECTED.INT, charsetType=CHARSET_TYPE.DIGITS)
if not isNumPosStrValue(count): if not isNumPosStrValue(count):
@ -274,6 +276,7 @@ class Users:
query = rootQuery.blind.query % (user, index, user) query = rootQuery.blind.query % (user, index, user)
else: else:
query = rootQuery.blind.query % (user, index) query = rootQuery.blind.query % (user, index)
password = inject.getValue(query, inband=False, error=False) password = inject.getValue(query, inband=False, error=False)
password = parsePasswordHash(password) password = parsePasswordHash(password)
passwords.append(password) passwords.append(password)
@ -463,6 +466,7 @@ class Users:
query = rootQuery.blind.count2 % user query = rootQuery.blind.count2 % user
else: else:
query = rootQuery.blind.count % user query = rootQuery.blind.count % user
count = inject.getValue(query, inband=False, error=False, expected=EXPECTED.INT, charsetType=CHARSET_TYPE.DIGITS) count = inject.getValue(query, inband=False, error=False, expected=EXPECTED.INT, charsetType=CHARSET_TYPE.DIGITS)
if not isNumPosStrValue(count): if not isNumPosStrValue(count):