mirror of
https://github.com/sqlmapproject/sqlmap.git
synced 2024-11-29 04:53:48 +03:00
Implementation for an Issue #596
This commit is contained in:
parent
b4139f5b82
commit
6863436d4e
|
@ -127,6 +127,7 @@ optDict = {
|
||||||
"db": "string",
|
"db": "string",
|
||||||
"tbl": "string",
|
"tbl": "string",
|
||||||
"col": "string",
|
"col": "string",
|
||||||
|
"excludeCol": "string",
|
||||||
"user": "string",
|
"user": "string",
|
||||||
"excludeSysDbs": "boolean",
|
"excludeSysDbs": "boolean",
|
||||||
"limitStart": "integer",
|
"limitStart": "integer",
|
||||||
|
|
|
@ -404,10 +404,13 @@ def cmdLineParser():
|
||||||
help="DBMS database to enumerate")
|
help="DBMS database to enumerate")
|
||||||
|
|
||||||
enumeration.add_option("-T", dest="tbl",
|
enumeration.add_option("-T", dest="tbl",
|
||||||
help="DBMS database table to enumerate")
|
help="DBMS database table(s) to enumerate")
|
||||||
|
|
||||||
enumeration.add_option("-C", dest="col",
|
enumeration.add_option("-C", dest="col",
|
||||||
help="DBMS database table column to enumerate")
|
help="DBMS database table column(s) to enumerate")
|
||||||
|
|
||||||
|
enumeration.add_option("-X", dest="excludeCol",
|
||||||
|
help="DBMS database table column(s) to not enumerate")
|
||||||
|
|
||||||
enumeration.add_option("-U", dest="user",
|
enumeration.add_option("-U", dest="user",
|
||||||
help="DBMS user to enumerate")
|
help="DBMS user to enumerate")
|
||||||
|
|
|
@ -263,6 +263,10 @@ class Enumeration(GenericEnumeration):
|
||||||
infoMsgTbl = ""
|
infoMsgTbl = ""
|
||||||
infoMsgDb = ""
|
infoMsgDb = ""
|
||||||
colList = conf.col.split(",")
|
colList = conf.col.split(",")
|
||||||
|
|
||||||
|
if conf.excludeCol:
|
||||||
|
colList = [_ for _ in colList if _ not in conf.excludeCol.split(',')]
|
||||||
|
|
||||||
origTbl = conf.tbl
|
origTbl = conf.tbl
|
||||||
origDb = conf.db
|
origDb = conf.db
|
||||||
colCond = rootQuery.inband.condition
|
colCond = rootQuery.inband.condition
|
||||||
|
|
|
@ -181,6 +181,9 @@ class Enumeration(GenericEnumeration):
|
||||||
else:
|
else:
|
||||||
colList = []
|
colList = []
|
||||||
|
|
||||||
|
if conf.excludeCol:
|
||||||
|
colList = [_ for _ in colList if _ not in conf.excludeCol.split(',')]
|
||||||
|
|
||||||
for col in colList:
|
for col in colList:
|
||||||
colList[colList.index(col)] = safeSQLIdentificatorNaming(col)
|
colList[colList.index(col)] = safeSQLIdentificatorNaming(col)
|
||||||
|
|
||||||
|
|
|
@ -399,10 +399,13 @@ class Databases:
|
||||||
if Backend.getIdentifiedDbms() in (DBMS.ORACLE, DBMS.DB2):
|
if Backend.getIdentifiedDbms() in (DBMS.ORACLE, DBMS.DB2):
|
||||||
conf.col = conf.col.upper()
|
conf.col = conf.col.upper()
|
||||||
|
|
||||||
colList = conf.col.split(",")
|
colList = conf.col.split(',')
|
||||||
else:
|
else:
|
||||||
colList = []
|
colList = []
|
||||||
|
|
||||||
|
if conf.excludeCol:
|
||||||
|
colList = [_ for _ in colList if _ not in conf.excludeCol.split(',')]
|
||||||
|
|
||||||
for col in colList:
|
for col in colList:
|
||||||
colList[colList.index(col)] = safeSQLIdentificatorNaming(col)
|
colList[colList.index(col)] = safeSQLIdentificatorNaming(col)
|
||||||
|
|
||||||
|
|
|
@ -122,6 +122,17 @@ class Entries:
|
||||||
|
|
||||||
columns = kb.data.cachedColumns[safeSQLIdentificatorNaming(conf.db)][safeSQLIdentificatorNaming(tbl, True)]
|
columns = kb.data.cachedColumns[safeSQLIdentificatorNaming(conf.db)][safeSQLIdentificatorNaming(tbl, True)]
|
||||||
colList = sorted(filter(None, columns.keys()))
|
colList = sorted(filter(None, columns.keys()))
|
||||||
|
|
||||||
|
if conf.excludeCol:
|
||||||
|
colList = [_ for _ in colList if _ not in conf.excludeCol.split(',')]
|
||||||
|
|
||||||
|
if not colList:
|
||||||
|
warnMsg = "skipping table '%s'" % unsafeSQLIdentificatorNaming(tbl)
|
||||||
|
warnMsg += " in database '%s'" % unsafeSQLIdentificatorNaming(conf.db)
|
||||||
|
warnMsg += " (no usable column names)"
|
||||||
|
logger.warn(warnMsg)
|
||||||
|
continue
|
||||||
|
|
||||||
colNames = colString = ", ".join(column for column in colList)
|
colNames = colString = ", ".join(column for column in colList)
|
||||||
rootQuery = queries[Backend.getIdentifiedDbms()].dump_table
|
rootQuery = queries[Backend.getIdentifiedDbms()].dump_table
|
||||||
|
|
||||||
|
@ -420,7 +431,12 @@ class Entries:
|
||||||
continue
|
continue
|
||||||
|
|
||||||
conf.tbl = table
|
conf.tbl = table
|
||||||
conf.col = ",".join(column for column in filter(None, sorted(columns)))
|
colList = filter(None, sorted(columns))
|
||||||
|
|
||||||
|
if conf.excludeCol:
|
||||||
|
colList = [_ for _ in colList if _ not in conf.excludeCol.split(',')]
|
||||||
|
|
||||||
|
conf.col = ",".join(colList)
|
||||||
kb.data.cachedColumns = {}
|
kb.data.cachedColumns = {}
|
||||||
kb.data.dumpedTable = {}
|
kb.data.dumpedTable = {}
|
||||||
|
|
||||||
|
|
|
@ -349,7 +349,7 @@ class Search:
|
||||||
elif test[0] in ("q", "Q"):
|
elif test[0] in ("q", "Q"):
|
||||||
raise SqlmapUserQuitException
|
raise SqlmapUserQuitException
|
||||||
else:
|
else:
|
||||||
regex = "|".join(conf.col.split(","))
|
regex = '|'.join(conf.col.split(','))
|
||||||
conf.dumper.dbTableColumns(columnExists(paths.COMMON_COLUMNS, regex))
|
conf.dumper.dbTableColumns(columnExists(paths.COMMON_COLUMNS, regex))
|
||||||
|
|
||||||
message = "do you want to dump entries? [Y/n] "
|
message = "do you want to dump entries? [Y/n] "
|
||||||
|
@ -368,6 +368,10 @@ class Search:
|
||||||
infoMsgTbl = ""
|
infoMsgTbl = ""
|
||||||
infoMsgDb = ""
|
infoMsgDb = ""
|
||||||
colList = conf.col.split(",")
|
colList = conf.col.split(",")
|
||||||
|
|
||||||
|
if conf.excludeCol:
|
||||||
|
colList = [_ for _ in colList if _ not in conf.excludeCol.split(',')]
|
||||||
|
|
||||||
origTbl = conf.tbl
|
origTbl = conf.tbl
|
||||||
origDb = conf.db
|
origDb = conf.db
|
||||||
colCond = rootQuery.inband.condition
|
colCond = rootQuery.inband.condition
|
||||||
|
|
|
@ -445,12 +445,15 @@ getComments = False
|
||||||
# Back-end database management system database to enumerate.
|
# Back-end database management system database to enumerate.
|
||||||
db =
|
db =
|
||||||
|
|
||||||
# Back-end database management system database table to enumerate.
|
# Back-end database management system database table(s) to enumerate.
|
||||||
tbl =
|
tbl =
|
||||||
|
|
||||||
# Back-end database management system database table column to enumerate.
|
# Back-end database management system database table column(s) to enumerate.
|
||||||
col =
|
col =
|
||||||
|
|
||||||
|
# Back-end database management system database table column(s) to not enumerate.
|
||||||
|
excludeCol =
|
||||||
|
|
||||||
# Back-end database management system database user to enumerate.
|
# Back-end database management system database user to enumerate.
|
||||||
user =
|
user =
|
||||||
|
|
||||||
|
|
Loading…
Reference in New Issue
Block a user