sqlmapproject/sqlmap
1
1
Fork 0
mirror of https://github.com/sqlmapproject/sqlmap.git synced 2025-02-09 08:00:36 +03:00
Code Issues Packages Projects Releases Wiki Activity

minor bug fix for empty colList; also added "do you want to use LIKE" (LIKE is default) question when -C used

Browse Source
This commit is contained in:
Miroslav Stampar 2011-05-19 17:35:33 +00:00
parent 9e5856caf8
commit 5a979f7667
1 changed files with 16 additions and 4 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

20
plugins/generic/enumeration.py
View File

@ -1026,8 +1026,19 @@ class Enumeration:
infoMsg = "fetching columns " infoMsg = "fetching columns "
if len(colList) > 0: if len(colList) > 0:
condQuery = " AND (%s)" % " OR ".join("%s LIKE '%%%s%%'" % (condition, unsafeSQLIdentificatorNaming(col)) for col in colList) message = "do you want to use LIKE operator to "
infoMsg += "like '%s' " % ", ".join(unsafeSQLIdentificatorNaming(col) for col in colList) message += "retrieve column names similar to the "
message += "ones provided with the -C option? [Y/n]"
test = readInput(message, default="Y")
if not (isinstance(test, basestring) and test.upper() == "N"):
condQuery = " AND (%s)" % " OR ".join("%s LIKE '%%%s%%'" % (condition, unsafeSQLIdentificatorNaming(col)) for col in colList)
infoMsg += "LIKE '%s' " % ", ".join(unsafeSQLIdentificatorNaming(col) for col in colList)
else:
condQuery = " AND (%s)" % " OR ".join("%s = '%s'" % (condition, unsafeSQLIdentificatorNaming(col)) for col in colList)
infoMsg += "'%s' " % ", ".join(unsafeSQLIdentificatorNaming(col) for col in colList)
else: else:
condQuery = "" condQuery = ""
@ -1446,7 +1457,8 @@ class Enumeration:
try: try:
if not unsafeSQLIdentificatorNaming(conf.db) in kb.data.cachedColumns \ if not unsafeSQLIdentificatorNaming(conf.db) in kb.data.cachedColumns \
or unsafeSQLIdentificatorNaming(tbl) not in \ or unsafeSQLIdentificatorNaming(tbl) not in \
kb.data.cachedColumns[unsafeSQLIdentificatorNaming(conf.db)]: kb.data.cachedColumns[unsafeSQLIdentificatorNaming(conf.db)] \
or not kb.data.cachedColumns[unsafeSQLIdentificatorNaming(conf.db)][unsafeSQLIdentificatorNaming(tbl)]:
warnMsg = "unable to enumerate the columns for table " warnMsg = "unable to enumerate the columns for table "
warnMsg += "'%s' on database" % unsafeSQLIdentificatorNaming(tbl) warnMsg += "'%s' on database" % unsafeSQLIdentificatorNaming(tbl)
warnMsg += " '%s', skipping" % unsafeSQLIdentificatorNaming(conf.db) warnMsg += " '%s', skipping" % unsafeSQLIdentificatorNaming(conf.db)
@ -1460,7 +1472,7 @@ class Enumeration:
infoMsg = "fetching" infoMsg = "fetching"
if conf.col: if conf.col:
infoMsg += " columns '%s'" % colString infoMsg += " column(s) '%s'" % colString
infoMsg += " entries for table '%s'" % unsafeSQLIdentificatorNaming(tbl) infoMsg += " entries for table '%s'" % unsafeSQLIdentificatorNaming(tbl)
infoMsg += " on database '%s'" % unsafeSQLIdentificatorNaming(conf.db) infoMsg += " on database '%s'" % unsafeSQLIdentificatorNaming(conf.db)
logger.info(infoMsg) logger.info(infoMsg)