sqlmapproject/sqlmap
1
1
Fork 0
mirror of https://github.com/sqlmapproject/sqlmap.git synced 2025-01-24 16:24:25 +03:00
Code Issues Packages Projects Releases Wiki Activity

development update (basic ms access dumping implemented)

Browse Source
This commit is contained in:
Miroslav Stampar 2010-12-24 19:53:11 +00:00
parent 2d115e0350
commit 706d8e0b88
2 changed files with 48 additions and 24 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

24
plugins/generic/enumeration.py
View File

@ -1210,6 +1210,30 @@ class Enumeration:
plusOne = False plusOne = False
indexRange = getRange(count, dump=True, plusOne=plusOne) indexRange = getRange(count, dump=True, plusOne=plusOne)
if kb.dbms == DBMS.ACCESS:
value = " "
for column in colList:
for index in indexRange:
if column not in lengths:
lengths[column] = 0
if column not in entries:
entries[column] = []
if column == colList[0]:
# Correction for values with unrecognized chars
if value and '?' in value and value[0]!='?':
value = value.split('?')[0]
value = value[:-1] + chr(ord(value[-1]) + 1)
query = rootQuery.blind.query % (column, conf.tbl, column, value)
else:
query = rootQuery.blind.query2 % (column, conf.tbl, colList[0], entries[column][index])
value = inject.getValue(query, inband=False)
lengths[column] = max(lengths[column], len(value))
entries[column].append(value)
else:
for index in indexRange: for index in indexRange:
for column in colList: for column in colList:
if column not in lengths: if column not in lengths:

2
xml/queries.xml
View File

@ -359,7 +359,7 @@
<tables/> <tables/>
<dump_table> <dump_table>
<inband query="SELECT %s FROM %s"/> <inband query="SELECT %s FROM %s"/>
<blind query="SELECT MIN(%s) FROM %s WHERE %s > '%s'" count="SELECT COUNT(*) FROM %s"/> <blind query="SELECT MIN(%s) FROM %s WHERE CVAR(%s) > '%s'" query2="SELECT %s FROM %s WHERE %s = '%s'" count="SELECT COUNT(*) FROM %s"/>
</dump_table> </dump_table>
</dbms> </dbms>