mirror of
https://github.com/sqlmapproject/sqlmap.git
synced 2024-11-25 11:03:47 +03:00
Implementation for an Issue #596
This commit is contained in:
parent
b4139f5b82
commit
6863436d4e
|
@ -127,6 +127,7 @@ optDict = {
|
|||
"db": "string",
|
||||
"tbl": "string",
|
||||
"col": "string",
|
||||
"excludeCol": "string",
|
||||
"user": "string",
|
||||
"excludeSysDbs": "boolean",
|
||||
"limitStart": "integer",
|
||||
|
|
|
@ -404,10 +404,13 @@ def cmdLineParser():
|
|||
help="DBMS database to enumerate")
|
||||
|
||||
enumeration.add_option("-T", dest="tbl",
|
||||
help="DBMS database table to enumerate")
|
||||
help="DBMS database table(s) to enumerate")
|
||||
|
||||
enumeration.add_option("-C", dest="col",
|
||||
help="DBMS database table column to enumerate")
|
||||
help="DBMS database table column(s) to enumerate")
|
||||
|
||||
enumeration.add_option("-X", dest="excludeCol",
|
||||
help="DBMS database table column(s) to not enumerate")
|
||||
|
||||
enumeration.add_option("-U", dest="user",
|
||||
help="DBMS user to enumerate")
|
||||
|
|
|
@ -263,6 +263,10 @@ class Enumeration(GenericEnumeration):
|
|||
infoMsgTbl = ""
|
||||
infoMsgDb = ""
|
||||
colList = conf.col.split(",")
|
||||
|
||||
if conf.excludeCol:
|
||||
colList = [_ for _ in colList if _ not in conf.excludeCol.split(',')]
|
||||
|
||||
origTbl = conf.tbl
|
||||
origDb = conf.db
|
||||
colCond = rootQuery.inband.condition
|
||||
|
|
|
@ -181,6 +181,9 @@ class Enumeration(GenericEnumeration):
|
|||
else:
|
||||
colList = []
|
||||
|
||||
if conf.excludeCol:
|
||||
colList = [_ for _ in colList if _ not in conf.excludeCol.split(',')]
|
||||
|
||||
for col in colList:
|
||||
colList[colList.index(col)] = safeSQLIdentificatorNaming(col)
|
||||
|
||||
|
|
|
@ -399,10 +399,13 @@ class Databases:
|
|||
if Backend.getIdentifiedDbms() in (DBMS.ORACLE, DBMS.DB2):
|
||||
conf.col = conf.col.upper()
|
||||
|
||||
colList = conf.col.split(",")
|
||||
colList = conf.col.split(',')
|
||||
else:
|
||||
colList = []
|
||||
|
||||
if conf.excludeCol:
|
||||
colList = [_ for _ in colList if _ not in conf.excludeCol.split(',')]
|
||||
|
||||
for col in colList:
|
||||
colList[colList.index(col)] = safeSQLIdentificatorNaming(col)
|
||||
|
||||
|
|
|
@ -122,6 +122,17 @@ class Entries:
|
|||
|
||||
columns = kb.data.cachedColumns[safeSQLIdentificatorNaming(conf.db)][safeSQLIdentificatorNaming(tbl, True)]
|
||||
colList = sorted(filter(None, columns.keys()))
|
||||
|
||||
if conf.excludeCol:
|
||||
colList = [_ for _ in colList if _ not in conf.excludeCol.split(',')]
|
||||
|
||||
if not colList:
|
||||
warnMsg = "skipping table '%s'" % unsafeSQLIdentificatorNaming(tbl)
|
||||
warnMsg += " in database '%s'" % unsafeSQLIdentificatorNaming(conf.db)
|
||||
warnMsg += " (no usable column names)"
|
||||
logger.warn(warnMsg)
|
||||
continue
|
||||
|
||||
colNames = colString = ", ".join(column for column in colList)
|
||||
rootQuery = queries[Backend.getIdentifiedDbms()].dump_table
|
||||
|
||||
|
@ -420,7 +431,12 @@ class Entries:
|
|||
continue
|
||||
|
||||
conf.tbl = table
|
||||
conf.col = ",".join(column for column in filter(None, sorted(columns)))
|
||||
colList = filter(None, sorted(columns))
|
||||
|
||||
if conf.excludeCol:
|
||||
colList = [_ for _ in colList if _ not in conf.excludeCol.split(',')]
|
||||
|
||||
conf.col = ",".join(colList)
|
||||
kb.data.cachedColumns = {}
|
||||
kb.data.dumpedTable = {}
|
||||
|
||||
|
|
|
@ -349,7 +349,7 @@ class Search:
|
|||
elif test[0] in ("q", "Q"):
|
||||
raise SqlmapUserQuitException
|
||||
else:
|
||||
regex = "|".join(conf.col.split(","))
|
||||
regex = '|'.join(conf.col.split(','))
|
||||
conf.dumper.dbTableColumns(columnExists(paths.COMMON_COLUMNS, regex))
|
||||
|
||||
message = "do you want to dump entries? [Y/n] "
|
||||
|
@ -368,6 +368,10 @@ class Search:
|
|||
infoMsgTbl = ""
|
||||
infoMsgDb = ""
|
||||
colList = conf.col.split(",")
|
||||
|
||||
if conf.excludeCol:
|
||||
colList = [_ for _ in colList if _ not in conf.excludeCol.split(',')]
|
||||
|
||||
origTbl = conf.tbl
|
||||
origDb = conf.db
|
||||
colCond = rootQuery.inband.condition
|
||||
|
|
|
@ -445,12 +445,15 @@ getComments = False
|
|||
# Back-end database management system database to enumerate.
|
||||
db =
|
||||
|
||||
# Back-end database management system database table to enumerate.
|
||||
# Back-end database management system database table(s) to enumerate.
|
||||
tbl =
|
||||
|
||||
# Back-end database management system database table column to enumerate.
|
||||
# Back-end database management system database table column(s) to enumerate.
|
||||
col =
|
||||
|
||||
# Back-end database management system database table column(s) to not enumerate.
|
||||
excludeCol =
|
||||
|
||||
# Back-end database management system database user to enumerate.
|
||||
user =
|
||||
|
||||
|
|
Loading…
Reference in New Issue
Block a user