sqlmapproject/sqlmap
1
1
Fork 0
mirror of https://github.com/sqlmapproject/sqlmap.git synced 2025-05-06 16:53:44 +03:00
Code Issues Packages Projects Releases Wiki Activity

update regarding Sybase syntax

Browse Source
This commit is contained in:
Miroslav Stampar 2010-12-22 10:39:56 +00:00
parent 5d25da5135
commit 5be9c04e44
3 changed files with 9 additions and 9 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

6
lib/core/agent.py
View File

@ -393,7 +393,7 @@ class Agent:
elif kb.dbms in ( DBMS.PGSQL, DBMS.ORACLE, DBMS.SQLITE ): elif kb.dbms in ( DBMS.PGSQL, DBMS.ORACLE, DBMS.SQLITE ):
concatenatedQuery = "%s||%s" % (query1, query2) concatenatedQuery = "%s||%s" % (query1, query2)
elif kb.dbms == DBMS.MSSQL: elif kb.dbms in (DBMS.MSSQL, DBMS.SYBASE):
concatenatedQuery = "%s+%s" % (query1, query2) concatenatedQuery = "%s+%s" % (query1, query2)
return concatenatedQuery return concatenatedQuery
@ -464,7 +464,7 @@ class Agent:
if kb.dbms == DBMS.ORACLE and " FROM " not in concatenatedQuery and ( fieldsSelect or fieldsNoSelect ): if kb.dbms == DBMS.ORACLE and " FROM " not in concatenatedQuery and ( fieldsSelect or fieldsNoSelect ):
concatenatedQuery += " FROM DUAL" concatenatedQuery += " FROM DUAL"
elif kb.dbms == DBMS.MSSQL: elif kb.dbms in (DBMS.MSSQL, DBMS.SYBASE):
if fieldsSelectTop: if fieldsSelectTop:
topNum = re.search("\ASELECT\s+TOP\s+([\d]+)\s+", concatenatedQuery, re.I).group(1) topNum = re.search("\ASELECT\s+TOP\s+([\d]+)\s+", concatenatedQuery, re.I).group(1)
concatenatedQuery = concatenatedQuery.replace("SELECT TOP %s " % topNum, "TOP %s '%s'+" % (topNum, kb.misc.start), 1) concatenatedQuery = concatenatedQuery.replace("SELECT TOP %s " % topNum, "TOP %s '%s'+" % (topNum, kb.misc.start), 1)
@ -619,7 +619,7 @@ class Agent:
limitedQuery = limitedQuery % fromFrom limitedQuery = limitedQuery % fromFrom
limitedQuery += "=%d" % (num + 1) limitedQuery += "=%d" % (num + 1)
elif kb.dbms == DBMS.MSSQL: elif kb.dbms in (DBMS.MSSQL, DBMS.SYBASE):
forgeNotIn = True forgeNotIn = True
if " ORDER BY " in limitedQuery: if " ORDER BY " in limitedQuery:

6
lib/request/inject.py
View File

@ -178,7 +178,7 @@ def __goInferenceProxy(expression, fromUser=False, expected=None, batch=False, r
limitRegExp = re.search(queries[kb.dbms].limitregexp.query, expression, re.I) limitRegExp = re.search(queries[kb.dbms].limitregexp.query, expression, re.I)
topLimit = re.search("TOP\s+([\d]+)\s+", expression, re.I) topLimit = re.search("TOP\s+([\d]+)\s+", expression, re.I)
if limitRegExp or ( kb.dbms == DBMS.MSSQL and topLimit ): if limitRegExp or ( kb.dbms in (DBMS.MSSQL, DBMS.SYBASE) and topLimit ):
if kb.dbms in ( DBMS.MYSQL, DBMS.PGSQL ): if kb.dbms in ( DBMS.MYSQL, DBMS.PGSQL ):
limitGroupStart = queries[kb.dbms].limitgroupstart.query limitGroupStart = queries[kb.dbms].limitgroupstart.query
limitGroupStop = queries[kb.dbms].limitgroupstop.query limitGroupStop = queries[kb.dbms].limitgroupstop.query
@ -189,7 +189,7 @@ def __goInferenceProxy(expression, fromUser=False, expected=None, batch=False, r
stopLimit = limitRegExp.group(int(limitGroupStop)) stopLimit = limitRegExp.group(int(limitGroupStop))
limitCond = int(stopLimit) > 1 limitCond = int(stopLimit) > 1
elif kb.dbms == DBMS.MSSQL: elif kb.dbms in (DBMS.MSSQL, DBMS.SYBASE):
if limitRegExp: if limitRegExp:
limitGroupStart = queries[kb.dbms].limitgroupstart.query limitGroupStart = queries[kb.dbms].limitgroupstart.query
limitGroupStop = queries[kb.dbms].limitgroupstop.query limitGroupStop = queries[kb.dbms].limitgroupstop.query
@ -223,7 +223,7 @@ def __goInferenceProxy(expression, fromUser=False, expected=None, batch=False, r
untilLimitChar = expression.index(queries[kb.dbms].limitstring.query) untilLimitChar = expression.index(queries[kb.dbms].limitstring.query)
expression = expression[:untilLimitChar] expression = expression[:untilLimitChar]
elif kb.dbms == DBMS.MSSQL: elif kb.dbms in (DBMS.MSSQL, DBMS.SYBASE):
stopLimit += startLimit stopLimit += startLimit
if not stopLimit or stopLimit <= 1: if not stopLimit or stopLimit <= 1:

6
lib/techniques/inband/union/use.py
View File

@ -79,7 +79,7 @@ def unionUse(expression, direct=False, unescape=True, resetCounter=False, nullCh
stopLimit = limitRegExp.group(int(limitGroupStop)) stopLimit = limitRegExp.group(int(limitGroupStop))
limitCond = int(stopLimit) > 1 limitCond = int(stopLimit) > 1
elif kb.dbms == DBMS.MSSQL: elif kb.dbms in (DBMS.MSSQL, DBMS.SYBASE):
limitGroupStart = queries[kb.dbms].limitgroupstart.query limitGroupStart = queries[kb.dbms].limitgroupstart.query
limitGroupStop = queries[kb.dbms].limitgroupstop.query limitGroupStop = queries[kb.dbms].limitgroupstop.query
@ -108,7 +108,7 @@ def unionUse(expression, direct=False, unescape=True, resetCounter=False, nullCh
untilLimitChar = expression.index(queries[kb.dbms].limitstring.query) untilLimitChar = expression.index(queries[kb.dbms].limitstring.query)
expression = expression[:untilLimitChar] expression = expression[:untilLimitChar]
elif kb.dbms == DBMS.MSSQL: elif kb.dbms in (DBMS.MSSQL, DBMS.SYBASE):
stopLimit += startLimit stopLimit += startLimit
elif dump: elif dump:
if conf.limitStart: if conf.limitStart:
@ -171,7 +171,7 @@ def unionUse(expression, direct=False, unescape=True, resetCounter=False, nullCh
return return
for num in xrange(startLimit, stopLimit): for num in xrange(startLimit, stopLimit):
if kb.dbms == DBMS.MSSQL: if kb.dbms in (DBMS.MSSQL, DBMS.SYBASE):
field = expressionFieldsList[0] field = expressionFieldsList[0]
elif kb.dbms == DBMS.ORACLE: elif kb.dbms == DBMS.ORACLE:
field = expressionFieldsList field = expressionFieldsList