sqlmapproject/sqlmap
1
1
Fork 0
mirror of https://github.com/sqlmapproject/sqlmap.git synced 2025-02-03 13:14:13 +03:00
Code Issues Packages Projects Releases Wiki Activity

Continuation of work on fixing DISTINCT/--search issues (Oracle)

Browse Source
This commit is contained in:
Miroslav Stampar 2013-01-30 18:08:34 +01:00
parent 838e98192e
commit 6b6e36b2ec
2 changed files with 10 additions and 8 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

14
plugins/generic/search.py
View File

@ -16,6 +16,7 @@ from lib.core.common import isNumPosStrValue
from lib.core.common import isTechniqueAvailable from lib.core.common import isTechniqueAvailable
from lib.core.common import readInput from lib.core.common import readInput
from lib.core.common import safeSQLIdentificatorNaming from lib.core.common import safeSQLIdentificatorNaming
from lib.core.common import safeStringFormat
from lib.core.common import unArrayizeValue from lib.core.common import unArrayizeValue
from lib.core.common import unsafeSQLIdentificatorNaming from lib.core.common import unsafeSQLIdentificatorNaming
from lib.core.data import conf from lib.core.data import conf
@ -157,8 +158,6 @@ class Search:
foundTbls = {} foundTbls = {}
tblList = conf.tbl.split(",") tblList = conf.tbl.split(",")
import pdb
pdb.set_trace()
rootQuery = queries[Backend.getIdentifiedDbms()].search_table rootQuery = queries[Backend.getIdentifiedDbms()].search_table
tblCond = rootQuery.inband.condition tblCond = rootQuery.inband.condition
dbCond = rootQuery.inband.condition2 dbCond = rootQuery.inband.condition2
@ -300,13 +299,16 @@ class Search:
for index in indexRange: for index in indexRange:
query = rootQuery.blind.query2 query = rootQuery.blind.query2
if query.endswith("'%s')"):
query = query[:-1] + " AND %s)" % tblQuery
else:
query += " AND %s" % tblQuery
if Backend.isDbms(DBMS.FIREBIRD): if Backend.isDbms(DBMS.FIREBIRD):
query = query % index query = safeStringFormat(query, index)
if Backend.getIdentifiedDbms() not in (DBMS.SQLITE, DBMS.FIREBIRD): if Backend.getIdentifiedDbms() not in (DBMS.SQLITE, DBMS.FIREBIRD):
query = query % unsafeSQLIdentificatorNaming(db) query = safeStringFormat(query, unsafeSQLIdentificatorNaming(db))
query += " AND %s" % tblQuery
if not Backend.isDbms(DBMS.FIREBIRD): if not Backend.isDbms(DBMS.FIREBIRD):
query = agent.limitQuery(index, query) query = agent.limitQuery(index, query)

4
xml/queries.xml
View File

@ -283,11 +283,11 @@
</search_db> </search_db>
<search_table> <search_table>
<inband query="SELECT OWNER,TABLE_NAME FROM SYS.ALL_TABLES WHERE %s" condition="TABLE_NAME" condition2="OWNER"/> <inband query="SELECT OWNER,TABLE_NAME FROM SYS.ALL_TABLES WHERE %s" condition="TABLE_NAME" condition2="OWNER"/>
<blind query="SELECT OWNER FROM SYS.ALL_TABLES WHERE %s" query2="SELECT TABLE_NAME FROM SYS.ALL_TABLES WHERE OWNER='%s'" count="SELECT COUNT(OWNER) FROM SYS.ALL_TABLES WHERE %s" count2="SELECT COUNT(TABLE_NAME) FROM SYS.ALL_TABLES WHERE OWNER='%s'" condition="TABLE_NAME" condition2="OWNER"/> <blind query="SELECT OWNER FROM (SELECT DISTINCT(OWNER) FROM SYS.ALL_TABLES WHERE %s)" query2="SELECT TABLE_NAME FROM (SELECT DISTINCT(TABLE_NAME) FROM SYS.ALL_TABLES WHERE OWNER='%s')" count="SELECT COUNT(DISTINCT(OWNER)) FROM SYS.ALL_TABLES WHERE %s" count2="SELECT COUNT(DISTINCT(TABLE_NAME)) FROM SYS.ALL_TABLES WHERE OWNER='%s'" condition="TABLE_NAME" condition2="OWNER"/>
</search_table> </search_table>
<search_column> <search_column>
<inband query="SELECT OWNER,TABLE_NAME FROM SYS.ALL_TAB_COLUMNS WHERE %s" condition="COLUMN_NAME" condition2="OWNER" condition3="TABLE_NAME"/> <inband query="SELECT OWNER,TABLE_NAME FROM SYS.ALL_TAB_COLUMNS WHERE %s" condition="COLUMN_NAME" condition2="OWNER" condition3="TABLE_NAME"/>
<blind query="SELECT OWNER FROM SYS.ALL_TAB_COLUMNS WHERE %s" query2="SELECT TABLE_NAME FROM SYS.ALL_TAB_COLUMNS WHERE OWNER='%s'" count="SELECT COUNT(OWNER) FROM SYS.ALL_TAB_COLUMNS WHERE %s" count2="SELECT COUNT(TABLE_NAME) FROM SYS.ALL_TAB_COLUMNS WHERE OWNER='%s'" condition="COLUMN_NAME" condition2="OWNER" condition3="TABLE_NAME"/> <blind query="SELECT OWNER FROM (SELECT DISTINCT(OWNER) FROM SYS.ALL_TAB_COLUMNS WHERE %s)" query2="SELECT TABLE_NAME FROM (SELECT DISTINCT(TABLE_NAME) FROM SYS.ALL_TAB_COLUMNS WHERE OWNER='%s')" count="SELECT COUNT(DISTINCT(OWNER)) FROM SYS.ALL_TAB_COLUMNS WHERE %s" count2="SELECT COUNT(DISTINCT(TABLE_NAME)) FROM SYS.ALL_TAB_COLUMNS WHERE OWNER='%s'" condition="COLUMN_NAME" condition2="OWNER" condition3="TABLE_NAME"/>
</search_column> </search_column>
</dbms> </dbms>