mirror of
				https://github.com/sqlmapproject/sqlmap.git
				synced 2025-10-26 05:31:04 +03:00 
			
		
		
		
	minor bug fix for empty colList; also added "do you want to use LIKE" (LIKE is default) question when -C used
This commit is contained in:
		
							parent
							
								
									9e5856caf8
								
							
						
					
					
						commit
						5a979f7667
					
				|  | @ -1026,8 +1026,19 @@ class Enumeration: | ||||||
|                 infoMsg = "fetching columns " |                 infoMsg = "fetching columns " | ||||||
| 
 | 
 | ||||||
|                 if len(colList) > 0: |                 if len(colList) > 0: | ||||||
|                     condQuery = " AND (%s)" % " OR ".join("%s LIKE '%%%s%%'" % (condition, unsafeSQLIdentificatorNaming(col)) for col in colList) |                     message  = "do you want to use LIKE operator to " | ||||||
|                     infoMsg += "like '%s' " % ", ".join(unsafeSQLIdentificatorNaming(col) for col in colList) |                     message += "retrieve column names similar to the " | ||||||
|  |                     message += "ones provided with the -C option? [Y/n]" | ||||||
|  | 
 | ||||||
|  |                     test = readInput(message, default="Y") | ||||||
|  | 
 | ||||||
|  |                     if not (isinstance(test, basestring) and test.upper() == "N"): | ||||||
|  |                         condQuery = " AND (%s)" % " OR ".join("%s LIKE '%%%s%%'" % (condition, unsafeSQLIdentificatorNaming(col)) for col in colList) | ||||||
|  |                         infoMsg += "LIKE '%s' " % ", ".join(unsafeSQLIdentificatorNaming(col) for col in colList) | ||||||
|  |                     else: | ||||||
|  |                         condQuery = " AND (%s)" % " OR ".join("%s = '%s'" % (condition, unsafeSQLIdentificatorNaming(col)) for col in colList) | ||||||
|  |                         infoMsg += "'%s' " % ", ".join(unsafeSQLIdentificatorNaming(col) for col in colList) | ||||||
|  |                      | ||||||
|                 else: |                 else: | ||||||
|                     condQuery = "" |                     condQuery = "" | ||||||
| 
 | 
 | ||||||
|  | @ -1446,7 +1457,8 @@ class Enumeration: | ||||||
|             try: |             try: | ||||||
|                 if not unsafeSQLIdentificatorNaming(conf.db) in kb.data.cachedColumns \ |                 if not unsafeSQLIdentificatorNaming(conf.db) in kb.data.cachedColumns \ | ||||||
|                    or unsafeSQLIdentificatorNaming(tbl) not in \ |                    or unsafeSQLIdentificatorNaming(tbl) not in \ | ||||||
|                    kb.data.cachedColumns[unsafeSQLIdentificatorNaming(conf.db)]: |                    kb.data.cachedColumns[unsafeSQLIdentificatorNaming(conf.db)] \ | ||||||
|  |                    or not kb.data.cachedColumns[unsafeSQLIdentificatorNaming(conf.db)][unsafeSQLIdentificatorNaming(tbl)]: | ||||||
|                     warnMsg = "unable to enumerate the columns for table " |                     warnMsg = "unable to enumerate the columns for table " | ||||||
|                     warnMsg += "'%s' on database" % unsafeSQLIdentificatorNaming(tbl) |                     warnMsg += "'%s' on database" % unsafeSQLIdentificatorNaming(tbl) | ||||||
|                     warnMsg += " '%s', skipping" % unsafeSQLIdentificatorNaming(conf.db) |                     warnMsg += " '%s', skipping" % unsafeSQLIdentificatorNaming(conf.db) | ||||||
|  | @ -1460,7 +1472,7 @@ class Enumeration: | ||||||
| 
 | 
 | ||||||
|                 infoMsg = "fetching" |                 infoMsg = "fetching" | ||||||
|                 if conf.col: |                 if conf.col: | ||||||
|                     infoMsg += " columns '%s'" % colString |                     infoMsg += " column(s) '%s'" % colString | ||||||
|                 infoMsg += " entries for table '%s'" % unsafeSQLIdentificatorNaming(tbl) |                 infoMsg += " entries for table '%s'" % unsafeSQLIdentificatorNaming(tbl) | ||||||
|                 infoMsg += " on database '%s'" % unsafeSQLIdentificatorNaming(conf.db) |                 infoMsg += " on database '%s'" % unsafeSQLIdentificatorNaming(conf.db) | ||||||
|                 logger.info(infoMsg) |                 logger.info(infoMsg) | ||||||
|  |  | ||||||
		Loading…
	
		Reference in New Issue
	
	Block a user