Implementation for an Issue #596

2024-11-22 01:26:42 +03:00 · 2014-01-13 10:05:49 +01:00 · 2014-01-13 10:05:49 +01:00 · 6863436d4e
commit 6863436d4e
parent b4139f5b82
8 changed files with 44 additions and 7 deletions
--- a/lib/core/optiondict.py
+++ b/lib/core/optiondict.py
@ -127,6 +127,7 @@ optDict = {
                               "db":                "string",
                               "tbl":               "string",
                               "col":               "string",
+                               "excludeCol":        "string",
                               "user":              "string",
                               "excludeSysDbs":     "boolean",
                               "limitStart":        "integer",
--- a/lib/parse/cmdline.py
+++ b/lib/parse/cmdline.py
@ -404,10 +404,13 @@ def cmdLineParser():
                               help="DBMS database to enumerate")

        enumeration.add_option("-T", dest="tbl",
-                               help="DBMS database table to enumerate")
+                               help="DBMS database table(s) to enumerate")

        enumeration.add_option("-C", dest="col",
-                               help="DBMS database table column to enumerate")
+                               help="DBMS database table column(s) to enumerate")
+
+        enumeration.add_option("-X", dest="excludeCol",
+                               help="DBMS database table column(s) to not enumerate")

        enumeration.add_option("-U", dest="user",
                               help="DBMS user to enumerate")
--- a/plugins/dbms/mssqlserver/enumeration.py
+++ b/plugins/dbms/mssqlserver/enumeration.py
@ -263,6 +263,10 @@ class Enumeration(GenericEnumeration):
        infoMsgTbl = ""
        infoMsgDb = ""
        colList = conf.col.split(",")
+
+        if conf.excludeCol:
+            colList = [_ for _ in colList if _ not in conf.excludeCol.split(',')]
+
        origTbl = conf.tbl
        origDb = conf.db
        colCond = rootQuery.inband.condition
--- a/plugins/dbms/sybase/enumeration.py
+++ b/plugins/dbms/sybase/enumeration.py
@ -181,6 +181,9 @@ class Enumeration(GenericEnumeration):
        else:
            colList = []

+        if conf.excludeCol:
+            colList = [_ for _ in colList if _ not in conf.excludeCol.split(',')]
+
        for col in colList:
            colList[colList.index(col)] = safeSQLIdentificatorNaming(col)

--- a/plugins/generic/databases.py
+++ b/plugins/generic/databases.py
@ -399,10 +399,13 @@ class Databases:
            if Backend.getIdentifiedDbms() in (DBMS.ORACLE, DBMS.DB2):
                conf.col = conf.col.upper()

-            colList = conf.col.split(",")
+            colList = conf.col.split(',')
        else:
            colList = []

+        if conf.excludeCol:
+            colList = [_ for _ in colList if _ not in conf.excludeCol.split(',')]
+
        for col in colList:
            colList[colList.index(col)] = safeSQLIdentificatorNaming(col)

--- a/plugins/generic/entries.py
+++ b/plugins/generic/entries.py
@ -122,6 +122,17 @@ class Entries:

                columns = kb.data.cachedColumns[safeSQLIdentificatorNaming(conf.db)][safeSQLIdentificatorNaming(tbl, True)]
                colList = sorted(filter(None, columns.keys()))
+
+                if conf.excludeCol:
+                    colList = [_ for _ in colList if _ not in conf.excludeCol.split(',')]
+
+                if not colList:
+                    warnMsg = "skipping table '%s'" % unsafeSQLIdentificatorNaming(tbl)
+                    warnMsg += " in database '%s'" % unsafeSQLIdentificatorNaming(conf.db)
+                    warnMsg += " (no usable column names)"
+                    logger.warn(warnMsg)
+                    continue
+
                colNames = colString = ", ".join(column for column in colList)
                rootQuery = queries[Backend.getIdentifiedDbms()].dump_table

@ -420,7 +431,12 @@ class Entries:
                    continue

                conf.tbl = table
-                conf.col = ",".join(column for column in filter(None, sorted(columns)))
+                colList = filter(None, sorted(columns))
+
+                if conf.excludeCol:
+                    colList = [_ for _ in colList if _ not in conf.excludeCol.split(',')]
+
+                conf.col = ",".join(colList)
                kb.data.cachedColumns = {}
                kb.data.dumpedTable = {}

--- a/plugins/generic/search.py
+++ b/plugins/generic/search.py
@ -349,7 +349,7 @@ class Search:
            elif test[0] in ("q", "Q"):
                raise SqlmapUserQuitException
            else:
-                regex = "|".join(conf.col.split(","))
+                regex = '|'.join(conf.col.split(','))
                conf.dumper.dbTableColumns(columnExists(paths.COMMON_COLUMNS, regex))

                message = "do you want to dump entries? [Y/n] "
@ -368,6 +368,10 @@ class Search:
        infoMsgTbl = ""
        infoMsgDb = ""
        colList = conf.col.split(",")
+
+        if conf.excludeCol:
+            colList = [_ for _ in colList if _ not in conf.excludeCol.split(',')]
+
        origTbl = conf.tbl
        origDb = conf.db
        colCond = rootQuery.inband.condition
--- a/sqlmap.conf
+++ b/sqlmap.conf
@ -445,12 +445,15 @@ getComments = False
 # Back-end database management system database to enumerate.
 db = 

-# Back-end database management system database table to enumerate.
+# Back-end database management system database table(s) to enumerate.
 tbl = 

-# Back-end database management system database table column to enumerate.
+# Back-end database management system database table column(s) to enumerate.
 col = 

+# Back-end database management system database table column(s) to not enumerate.
+excludeCol = 
+
 # Back-end database management system database user to enumerate.
 user =