mirror of
				https://github.com/sqlmapproject/sqlmap.git
				synced 2025-10-25 13:11:00 +03:00 
			
		
		
		
	minor bug fix for empty colList; also added "do you want to use LIKE" (LIKE is default) question when -C used
This commit is contained in:
		
							parent
							
								
									9e5856caf8
								
							
						
					
					
						commit
						5a979f7667
					
				|  | @ -1026,8 +1026,19 @@ class Enumeration: | |||
|                 infoMsg = "fetching columns " | ||||
| 
 | ||||
|                 if len(colList) > 0: | ||||
|                     condQuery = " AND (%s)" % " OR ".join("%s LIKE '%%%s%%'" % (condition, unsafeSQLIdentificatorNaming(col)) for col in colList) | ||||
|                     infoMsg += "like '%s' " % ", ".join(unsafeSQLIdentificatorNaming(col) for col in colList) | ||||
|                     message  = "do you want to use LIKE operator to " | ||||
|                     message += "retrieve column names similar to the " | ||||
|                     message += "ones provided with the -C option? [Y/n]" | ||||
| 
 | ||||
|                     test = readInput(message, default="Y") | ||||
| 
 | ||||
|                     if not (isinstance(test, basestring) and test.upper() == "N"): | ||||
|                         condQuery = " AND (%s)" % " OR ".join("%s LIKE '%%%s%%'" % (condition, unsafeSQLIdentificatorNaming(col)) for col in colList) | ||||
|                         infoMsg += "LIKE '%s' " % ", ".join(unsafeSQLIdentificatorNaming(col) for col in colList) | ||||
|                     else: | ||||
|                         condQuery = " AND (%s)" % " OR ".join("%s = '%s'" % (condition, unsafeSQLIdentificatorNaming(col)) for col in colList) | ||||
|                         infoMsg += "'%s' " % ", ".join(unsafeSQLIdentificatorNaming(col) for col in colList) | ||||
|                      | ||||
|                 else: | ||||
|                     condQuery = "" | ||||
| 
 | ||||
|  | @ -1446,7 +1457,8 @@ class Enumeration: | |||
|             try: | ||||
|                 if not unsafeSQLIdentificatorNaming(conf.db) in kb.data.cachedColumns \ | ||||
|                    or unsafeSQLIdentificatorNaming(tbl) not in \ | ||||
|                    kb.data.cachedColumns[unsafeSQLIdentificatorNaming(conf.db)]: | ||||
|                    kb.data.cachedColumns[unsafeSQLIdentificatorNaming(conf.db)] \ | ||||
|                    or not kb.data.cachedColumns[unsafeSQLIdentificatorNaming(conf.db)][unsafeSQLIdentificatorNaming(tbl)]: | ||||
|                     warnMsg = "unable to enumerate the columns for table " | ||||
|                     warnMsg += "'%s' on database" % unsafeSQLIdentificatorNaming(tbl) | ||||
|                     warnMsg += " '%s', skipping" % unsafeSQLIdentificatorNaming(conf.db) | ||||
|  | @ -1460,7 +1472,7 @@ class Enumeration: | |||
| 
 | ||||
|                 infoMsg = "fetching" | ||||
|                 if conf.col: | ||||
|                     infoMsg += " columns '%s'" % colString | ||||
|                     infoMsg += " column(s) '%s'" % colString | ||||
|                 infoMsg += " entries for table '%s'" % unsafeSQLIdentificatorNaming(tbl) | ||||
|                 infoMsg += " on database '%s'" % unsafeSQLIdentificatorNaming(conf.db) | ||||
|                 logger.info(infoMsg) | ||||
|  |  | |||
		Loading…
	
		Reference in New Issue
	
	Block a user