mirror of
https://github.com/sqlmapproject/sqlmap.git
synced 2024-11-25 02:53:46 +03:00
Minor refactoring
This commit is contained in:
parent
c2058dfc8f
commit
54fbb22ab8
|
@ -21,6 +21,7 @@ from lib.core.enums import CHARSET_TYPE
|
||||||
from lib.core.enums import EXPECTED
|
from lib.core.enums import EXPECTED
|
||||||
from lib.core.enums import OS
|
from lib.core.enums import OS
|
||||||
from lib.core.enums import PAYLOAD
|
from lib.core.enums import PAYLOAD
|
||||||
|
from lib.core.common import unArrayizeValue
|
||||||
from lib.core.exception import sqlmapFilePathException
|
from lib.core.exception import sqlmapFilePathException
|
||||||
from lib.core.exception import sqlmapMissingMandatoryOptionException
|
from lib.core.exception import sqlmapMissingMandatoryOptionException
|
||||||
from lib.core.exception import sqlmapUnsupportedFeatureException
|
from lib.core.exception import sqlmapUnsupportedFeatureException
|
||||||
|
@ -106,15 +107,9 @@ class UDF:
|
||||||
cmd = unescaper.unescape(self.udfForgeCmd(cmd))
|
cmd = unescaper.unescape(self.udfForgeCmd(cmd))
|
||||||
|
|
||||||
inject.goStacked("INSERT INTO %s(%s) VALUES (%s(%s))" % (self.cmdTblName, self.tblField, udfName, cmd))
|
inject.goStacked("INSERT INTO %s(%s) VALUES (%s(%s))" % (self.cmdTblName, self.tblField, udfName, cmd))
|
||||||
output = inject.getValue("SELECT %s FROM %s" % (self.tblField, self.cmdTblName), resumeValue=False, firstChar=first, lastChar=last, safeCharEncode=False)
|
output = unArrayizeValue(inject.getValue("SELECT %s FROM %s" % (self.tblField, self.cmdTblName), resumeValue=False, firstChar=first, lastChar=last, safeCharEncode=False))
|
||||||
inject.goStacked("DELETE FROM %s" % self.cmdTblName)
|
inject.goStacked("DELETE FROM %s" % self.cmdTblName)
|
||||||
|
|
||||||
if output and isinstance(output, (list, tuple)):
|
|
||||||
output = output[0]
|
|
||||||
|
|
||||||
if output and isinstance(output, (list, tuple)):
|
|
||||||
output = output[0]
|
|
||||||
|
|
||||||
return output
|
return output
|
||||||
|
|
||||||
def udfCheckNeeded(self):
|
def udfCheckNeeded(self):
|
||||||
|
|
|
@ -210,6 +210,7 @@ class Entries:
|
||||||
query = rootQuery.blind.count % tbl
|
query = rootQuery.blind.count % tbl
|
||||||
else:
|
else:
|
||||||
query = rootQuery.blind.count % (conf.db, tbl)
|
query = rootQuery.blind.count % (conf.db, tbl)
|
||||||
|
|
||||||
count = inject.getValue(query, inband=False, error=False, expected=EXPECTED.INT, charsetType=CHARSET_TYPE.DIGITS)
|
count = inject.getValue(query, inband=False, error=False, expected=EXPECTED.INT, charsetType=CHARSET_TYPE.DIGITS)
|
||||||
|
|
||||||
lengths = {}
|
lengths = {}
|
||||||
|
|
|
@ -6,6 +6,7 @@ See the file 'doc/COPYING' for copying permission
|
||||||
"""
|
"""
|
||||||
|
|
||||||
from lib.core.agent import agent
|
from lib.core.agent import agent
|
||||||
|
from lib.core.common import arrayizeValue
|
||||||
from lib.core.common import Backend
|
from lib.core.common import Backend
|
||||||
from lib.core.common import filterPairValues
|
from lib.core.common import filterPairValues
|
||||||
from lib.core.common import getLimitRange
|
from lib.core.common import getLimitRange
|
||||||
|
@ -83,8 +84,7 @@ class Search:
|
||||||
values = inject.getValue(query, blind=False)
|
values = inject.getValue(query, blind=False)
|
||||||
|
|
||||||
if not isNoneValue(values):
|
if not isNoneValue(values):
|
||||||
if isinstance(values, basestring):
|
values = arrayizeValue(values)
|
||||||
values = [values]
|
|
||||||
|
|
||||||
for value in values:
|
for value in values:
|
||||||
value = safeSQLIdentificatorNaming(value)
|
value = safeSQLIdentificatorNaming(value)
|
||||||
|
@ -100,6 +100,7 @@ class Search:
|
||||||
query = rootQuery.blind.count2
|
query = rootQuery.blind.count2
|
||||||
else:
|
else:
|
||||||
query = rootQuery.blind.count
|
query = rootQuery.blind.count
|
||||||
|
|
||||||
query += dbQuery
|
query += dbQuery
|
||||||
query += exclDbsQuery
|
query += exclDbsQuery
|
||||||
count = inject.getValue(query, inband=False, error=False, expected=EXPECTED.INT, charsetType=CHARSET_TYPE.DIGITS)
|
count = inject.getValue(query, inband=False, error=False, expected=EXPECTED.INT, charsetType=CHARSET_TYPE.DIGITS)
|
||||||
|
@ -232,6 +233,7 @@ class Search:
|
||||||
if Backend.isDbms(DBMS.DB2):
|
if Backend.isDbms(DBMS.DB2):
|
||||||
query += ") AS foobar"
|
query += ") AS foobar"
|
||||||
query = agent.limitQuery(index, query)
|
query = agent.limitQuery(index, query)
|
||||||
|
|
||||||
foundDb = inject.getValue(query, inband=False, error=False)
|
foundDb = inject.getValue(query, inband=False, error=False)
|
||||||
foundDb = safeSQLIdentificatorNaming(foundDb)
|
foundDb = safeSQLIdentificatorNaming(foundDb)
|
||||||
|
|
||||||
|
@ -275,6 +277,7 @@ class Search:
|
||||||
query = query % unsafeSQLIdentificatorNaming(db)
|
query = query % unsafeSQLIdentificatorNaming(db)
|
||||||
query += " AND %s" % tblQuery
|
query += " AND %s" % tblQuery
|
||||||
query = agent.limitQuery(index, query)
|
query = agent.limitQuery(index, query)
|
||||||
|
|
||||||
foundTbl = inject.getValue(query, inband=False, error=False)
|
foundTbl = inject.getValue(query, inband=False, error=False)
|
||||||
kb.hintValue = foundTbl
|
kb.hintValue = foundTbl
|
||||||
foundTbl = safeSQLIdentificatorNaming(foundTbl, True)
|
foundTbl = safeSQLIdentificatorNaming(foundTbl, True)
|
||||||
|
|
|
@ -97,7 +97,7 @@ class Users:
|
||||||
query = rootQuery.inband.query2
|
query = rootQuery.inband.query2
|
||||||
else:
|
else:
|
||||||
query = rootQuery.inband.query
|
query = rootQuery.inband.query
|
||||||
value = inject.getValue(query, blind=False)
|
value = unArrayizeValue(inject.getValue(query, blind=False))
|
||||||
|
|
||||||
if not isNoneValue(value):
|
if not isNoneValue(value):
|
||||||
kb.data.cachedUsers = arrayizeValue(value)
|
kb.data.cachedUsers = arrayizeValue(value)
|
||||||
|
@ -110,6 +110,7 @@ class Users:
|
||||||
query = rootQuery.blind.count2
|
query = rootQuery.blind.count2
|
||||||
else:
|
else:
|
||||||
query = rootQuery.blind.count
|
query = rootQuery.blind.count
|
||||||
|
|
||||||
count = inject.getValue(query, inband=False, error=False, expected=EXPECTED.INT, charsetType=CHARSET_TYPE.DIGITS)
|
count = inject.getValue(query, inband=False, error=False, expected=EXPECTED.INT, charsetType=CHARSET_TYPE.DIGITS)
|
||||||
|
|
||||||
if not isNumPosStrValue(count):
|
if not isNumPosStrValue(count):
|
||||||
|
@ -250,6 +251,7 @@ class Users:
|
||||||
query = rootQuery.blind.count2 % user
|
query = rootQuery.blind.count2 % user
|
||||||
else:
|
else:
|
||||||
query = rootQuery.blind.count % user
|
query = rootQuery.blind.count % user
|
||||||
|
|
||||||
count = inject.getValue(query, inband=False, error=False, expected=EXPECTED.INT, charsetType=CHARSET_TYPE.DIGITS)
|
count = inject.getValue(query, inband=False, error=False, expected=EXPECTED.INT, charsetType=CHARSET_TYPE.DIGITS)
|
||||||
|
|
||||||
if not isNumPosStrValue(count):
|
if not isNumPosStrValue(count):
|
||||||
|
@ -274,6 +276,7 @@ class Users:
|
||||||
query = rootQuery.blind.query % (user, index, user)
|
query = rootQuery.blind.query % (user, index, user)
|
||||||
else:
|
else:
|
||||||
query = rootQuery.blind.query % (user, index)
|
query = rootQuery.blind.query % (user, index)
|
||||||
|
|
||||||
password = inject.getValue(query, inband=False, error=False)
|
password = inject.getValue(query, inband=False, error=False)
|
||||||
password = parsePasswordHash(password)
|
password = parsePasswordHash(password)
|
||||||
passwords.append(password)
|
passwords.append(password)
|
||||||
|
@ -463,6 +466,7 @@ class Users:
|
||||||
query = rootQuery.blind.count2 % user
|
query = rootQuery.blind.count2 % user
|
||||||
else:
|
else:
|
||||||
query = rootQuery.blind.count % user
|
query = rootQuery.blind.count % user
|
||||||
|
|
||||||
count = inject.getValue(query, inband=False, error=False, expected=EXPECTED.INT, charsetType=CHARSET_TYPE.DIGITS)
|
count = inject.getValue(query, inband=False, error=False, expected=EXPECTED.INT, charsetType=CHARSET_TYPE.DIGITS)
|
||||||
|
|
||||||
if not isNumPosStrValue(count):
|
if not isNumPosStrValue(count):
|
||||||
|
|
Loading…
Reference in New Issue
Block a user