mirror of
https://github.com/sqlmapproject/sqlmap.git
synced 2024-11-28 20:43:49 +03:00
Minor refactoring
This commit is contained in:
parent
c2058dfc8f
commit
54fbb22ab8
|
@ -21,6 +21,7 @@ from lib.core.enums import CHARSET_TYPE
|
|||
from lib.core.enums import EXPECTED
|
||||
from lib.core.enums import OS
|
||||
from lib.core.enums import PAYLOAD
|
||||
from lib.core.common import unArrayizeValue
|
||||
from lib.core.exception import sqlmapFilePathException
|
||||
from lib.core.exception import sqlmapMissingMandatoryOptionException
|
||||
from lib.core.exception import sqlmapUnsupportedFeatureException
|
||||
|
@ -106,15 +107,9 @@ class UDF:
|
|||
cmd = unescaper.unescape(self.udfForgeCmd(cmd))
|
||||
|
||||
inject.goStacked("INSERT INTO %s(%s) VALUES (%s(%s))" % (self.cmdTblName, self.tblField, udfName, cmd))
|
||||
output = inject.getValue("SELECT %s FROM %s" % (self.tblField, self.cmdTblName), resumeValue=False, firstChar=first, lastChar=last, safeCharEncode=False)
|
||||
output = unArrayizeValue(inject.getValue("SELECT %s FROM %s" % (self.tblField, self.cmdTblName), resumeValue=False, firstChar=first, lastChar=last, safeCharEncode=False))
|
||||
inject.goStacked("DELETE FROM %s" % self.cmdTblName)
|
||||
|
||||
if output and isinstance(output, (list, tuple)):
|
||||
output = output[0]
|
||||
|
||||
if output and isinstance(output, (list, tuple)):
|
||||
output = output[0]
|
||||
|
||||
return output
|
||||
|
||||
def udfCheckNeeded(self):
|
||||
|
|
|
@ -210,6 +210,7 @@ class Entries:
|
|||
query = rootQuery.blind.count % tbl
|
||||
else:
|
||||
query = rootQuery.blind.count % (conf.db, tbl)
|
||||
|
||||
count = inject.getValue(query, inband=False, error=False, expected=EXPECTED.INT, charsetType=CHARSET_TYPE.DIGITS)
|
||||
|
||||
lengths = {}
|
||||
|
|
|
@ -6,6 +6,7 @@ See the file 'doc/COPYING' for copying permission
|
|||
"""
|
||||
|
||||
from lib.core.agent import agent
|
||||
from lib.core.common import arrayizeValue
|
||||
from lib.core.common import Backend
|
||||
from lib.core.common import filterPairValues
|
||||
from lib.core.common import getLimitRange
|
||||
|
@ -83,8 +84,7 @@ class Search:
|
|||
values = inject.getValue(query, blind=False)
|
||||
|
||||
if not isNoneValue(values):
|
||||
if isinstance(values, basestring):
|
||||
values = [values]
|
||||
values = arrayizeValue(values)
|
||||
|
||||
for value in values:
|
||||
value = safeSQLIdentificatorNaming(value)
|
||||
|
@ -100,6 +100,7 @@ class Search:
|
|||
query = rootQuery.blind.count2
|
||||
else:
|
||||
query = rootQuery.blind.count
|
||||
|
||||
query += dbQuery
|
||||
query += exclDbsQuery
|
||||
count = inject.getValue(query, inband=False, error=False, expected=EXPECTED.INT, charsetType=CHARSET_TYPE.DIGITS)
|
||||
|
@ -232,6 +233,7 @@ class Search:
|
|||
if Backend.isDbms(DBMS.DB2):
|
||||
query += ") AS foobar"
|
||||
query = agent.limitQuery(index, query)
|
||||
|
||||
foundDb = inject.getValue(query, inband=False, error=False)
|
||||
foundDb = safeSQLIdentificatorNaming(foundDb)
|
||||
|
||||
|
@ -275,6 +277,7 @@ class Search:
|
|||
query = query % unsafeSQLIdentificatorNaming(db)
|
||||
query += " AND %s" % tblQuery
|
||||
query = agent.limitQuery(index, query)
|
||||
|
||||
foundTbl = inject.getValue(query, inband=False, error=False)
|
||||
kb.hintValue = foundTbl
|
||||
foundTbl = safeSQLIdentificatorNaming(foundTbl, True)
|
||||
|
|
|
@ -97,7 +97,7 @@ class Users:
|
|||
query = rootQuery.inband.query2
|
||||
else:
|
||||
query = rootQuery.inband.query
|
||||
value = inject.getValue(query, blind=False)
|
||||
value = unArrayizeValue(inject.getValue(query, blind=False))
|
||||
|
||||
if not isNoneValue(value):
|
||||
kb.data.cachedUsers = arrayizeValue(value)
|
||||
|
@ -110,6 +110,7 @@ class Users:
|
|||
query = rootQuery.blind.count2
|
||||
else:
|
||||
query = rootQuery.blind.count
|
||||
|
||||
count = inject.getValue(query, inband=False, error=False, expected=EXPECTED.INT, charsetType=CHARSET_TYPE.DIGITS)
|
||||
|
||||
if not isNumPosStrValue(count):
|
||||
|
@ -250,6 +251,7 @@ class Users:
|
|||
query = rootQuery.blind.count2 % user
|
||||
else:
|
||||
query = rootQuery.blind.count % user
|
||||
|
||||
count = inject.getValue(query, inband=False, error=False, expected=EXPECTED.INT, charsetType=CHARSET_TYPE.DIGITS)
|
||||
|
||||
if not isNumPosStrValue(count):
|
||||
|
@ -274,6 +276,7 @@ class Users:
|
|||
query = rootQuery.blind.query % (user, index, user)
|
||||
else:
|
||||
query = rootQuery.blind.query % (user, index)
|
||||
|
||||
password = inject.getValue(query, inband=False, error=False)
|
||||
password = parsePasswordHash(password)
|
||||
passwords.append(password)
|
||||
|
@ -463,6 +466,7 @@ class Users:
|
|||
query = rootQuery.blind.count2 % user
|
||||
else:
|
||||
query = rootQuery.blind.count % user
|
||||
|
||||
count = inject.getValue(query, inband=False, error=False, expected=EXPECTED.INT, charsetType=CHARSET_TYPE.DIGITS)
|
||||
|
||||
if not isNumPosStrValue(count):
|
||||
|
|
Loading…
Reference in New Issue
Block a user