mirror of
https://github.com/sqlmapproject/sqlmap.git
synced 2024-11-25 11:03:47 +03:00
few fixes related to bug report by Shadow Folder (AttributeError: 'list' object has no attribute 'isdigit')
This commit is contained in:
parent
d5b4b7996a
commit
5e358b51f9
|
@ -18,8 +18,9 @@ from lib.core.data import conf
|
|||
from lib.core.data import kb
|
||||
from lib.core.data import logger
|
||||
from lib.core.data import queries
|
||||
from lib.core.enums import CHARSET_TYPE
|
||||
from lib.core.enums import DBMS
|
||||
from lib.core.enums import CHARSET_TYPE
|
||||
from lib.core.enums import EXPECTED
|
||||
from lib.core.enums import OS
|
||||
from lib.core.enums import PAYLOAD
|
||||
from lib.core.exception import sqlmapFilePathException
|
||||
|
@ -54,7 +55,7 @@ class UDF:
|
|||
logger.info("checking if UDF '%s' already exist" % udf)
|
||||
|
||||
query = agent.forgeCaseStatement(queries[Backend.getIdentifiedDbms()].check_udf.query % (udf, udf))
|
||||
exists = inject.getValue(query, resumeValue=False, charsetType=CHARSET_TYPE.DIGITS)
|
||||
exists = inject.getValue(query, resumeValue=False, expected=EXPECTED.INT, charsetType=CHARSET_TYPE.DIGITS)
|
||||
|
||||
if exists == "1":
|
||||
return True
|
||||
|
|
|
@ -22,8 +22,9 @@ from lib.core.data import conf
|
|||
from lib.core.data import kb
|
||||
from lib.core.data import logger
|
||||
from lib.core.data import queries
|
||||
from lib.core.enums import CHARSET_TYPE
|
||||
from lib.core.enums import DBMS
|
||||
from lib.core.enums import CHARSET_TYPE
|
||||
from lib.core.enums import EXPECTED
|
||||
from lib.core.unescaper import unescaper
|
||||
from lib.techniques.blind.inference import bisection
|
||||
|
||||
|
@ -70,7 +71,7 @@ def queryOutputLength(expression, payload):
|
|||
|
||||
start = time.time()
|
||||
lengthExprUnescaped = unescaper.unescape(lengthExpr)
|
||||
count, length = bisection(payload, lengthExprUnescaped, charsetType=CHARSET_TYPE.DIGITS)
|
||||
count, length = bisection(payload, lengthExprUnescaped, expected=EXPECTED.INT, charsetType=CHARSET_TYPE.DIGITS)
|
||||
|
||||
debugMsg = "performed %d queries in %d seconds" % (count, calculateDeltaSeconds(start))
|
||||
logger.debug(debugMsg)
|
||||
|
|
|
@ -19,6 +19,7 @@ from lib.core.common import randomStr
|
|||
from lib.core.data import conf
|
||||
from lib.core.data import logger
|
||||
from lib.core.enums import CHARSET_TYPE
|
||||
from lib.core.enums import EXPECTED
|
||||
from lib.core.enums import PAYLOAD
|
||||
from lib.core.exception import sqlmapNoneDataException
|
||||
from lib.core.exception import sqlmapUnsupportedFeatureException
|
||||
|
@ -97,7 +98,7 @@ class Filesystem(GenericFilesystem):
|
|||
|
||||
if not result:
|
||||
result = []
|
||||
count = inject.getValue("SELECT COUNT(*) FROM %s" % (hexTbl), resumeValue=False, charsetType=CHARSET_TYPE.DIGITS)
|
||||
count = inject.getValue("SELECT COUNT(*) FROM %s" % (hexTbl), resumeValue=False, expected=EXPECTED.INT, charsetType=CHARSET_TYPE.DIGITS)
|
||||
|
||||
if not isNumPosStrValue(count):
|
||||
errMsg = "unable to retrieve the content of the "
|
||||
|
|
|
@ -10,11 +10,11 @@ See the file 'doc/COPYING' for copying permission
|
|||
from lib.core.common import isNumPosStrValue
|
||||
from lib.core.common import randomStr
|
||||
from lib.core.common import singleTimeWarnMessage
|
||||
from lib.core.common import unArrayizeValue
|
||||
from lib.core.data import conf
|
||||
from lib.core.data import kb
|
||||
from lib.core.data import logger
|
||||
from lib.core.enums import CHARSET_TYPE
|
||||
from lib.core.enums import EXPECTED
|
||||
from lib.core.enums import PLACE
|
||||
from lib.core.exception import sqlmapNoneDataException
|
||||
from lib.request import inject
|
||||
|
@ -52,7 +52,7 @@ class Filesystem(GenericFilesystem):
|
|||
logger.debug(debugMsg)
|
||||
inject.goStacked("LOAD DATA INFILE '%s' INTO TABLE %s FIELDS TERMINATED BY '%s' (%s)" % (tmpFile, self.fileTblName, randomStr(10), self.tblField))
|
||||
|
||||
length = unArrayizeValue(inject.getValue("SELECT LENGTH(%s) FROM %s" % (self.tblField, self.fileTblName), unique=False, resumeValue=False, charsetType=CHARSET_TYPE.DIGITS))
|
||||
length = inject.getValue("SELECT LENGTH(%s) FROM %s" % (self.tblField, self.fileTblName), unique=False, resumeValue=False, expected=EXPECTED.INT, charsetType=CHARSET_TYPE.DIGITS)
|
||||
|
||||
if not isNumPosStrValue(length):
|
||||
errMsg = "unable to retrieve the content of the "
|
||||
|
|
|
@ -123,7 +123,7 @@ class Enumeration(GenericEnumeration):
|
|||
count = inject.getValue(query, inband=False, error=False, expected=EXPECTED.INT, charsetType=CHARSET_TYPE.DIGITS)
|
||||
|
||||
if not isNumPosStrValue(count):
|
||||
if not count.isdigit() and not query2:
|
||||
if count != 0 and not query2:
|
||||
infoMsg = "trying with table USER_SYS_PRIVS"
|
||||
logger.info(infoMsg)
|
||||
|
||||
|
|
|
@ -14,13 +14,15 @@ import os
|
|||
from lib.core.agent import agent
|
||||
from lib.core.common import dataToOutFile
|
||||
from lib.core.common import Backend
|
||||
from lib.core.common import isNumPosStrValue
|
||||
from lib.core.common import isTechniqueAvailable
|
||||
from lib.core.common import randomStr
|
||||
from lib.core.common import readInput
|
||||
from lib.core.data import conf
|
||||
from lib.core.data import logger
|
||||
from lib.core.enums import CHARSET_TYPE
|
||||
from lib.core.enums import DBMS
|
||||
from lib.core.enums import CHARSET_TYPE
|
||||
from lib.core.enums import EXPECTED
|
||||
from lib.core.enums import PAYLOAD
|
||||
from lib.core.exception import sqlmapUndefinedMethod
|
||||
from lib.request import inject
|
||||
|
@ -110,9 +112,9 @@ class Filesystem:
|
|||
wFileSize = os.path.getsize(wFile)
|
||||
|
||||
logger.debug("checking if the %s file has been written" % fileType)
|
||||
dFileSize = inject.getValue(lengthQuery, resumeValue=False, charsetType=CHARSET_TYPE.DIGITS)
|
||||
dFileSize = inject.getValue(lengthQuery, resumeValue=False, expected=EXPECTED.INT, charsetType=CHARSET_TYPE.DIGITS)
|
||||
|
||||
if dFileSize and dFileSize.isdigit():
|
||||
if isNumPosStrValue(dFileSize):
|
||||
infoMsg = "the file has been successfully written and "
|
||||
infoMsg += "its size is %s bytes" % dFileSize
|
||||
|
||||
|
|
Loading…
Reference in New Issue
Block a user