sqlmapproject/sqlmap
1
1
Fork 0
mirror of https://github.com/sqlmapproject/sqlmap.git synced 2025-01-24 08:14:24 +03:00
Code Issues Packages Projects Releases Wiki Activity

development update (basic ms access dumping implemented)

Browse Source
This commit is contained in:
Miroslav Stampar 2010-12-24 19:53:11 +00:00
parent 2d115e0350
commit 706d8e0b88
2 changed files with 48 additions and 24 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

70
plugins/generic/enumeration.py
View File

@ -1210,36 +1210,60 @@ class Enumeration:
plusOne = False plusOne = False
indexRange = getRange(count, dump=True, plusOne=plusOne) indexRange = getRange(count, dump=True, plusOne=plusOne)
for index in indexRange: if kb.dbms == DBMS.ACCESS:
value = " "
for column in colList: for column in colList:
if column not in lengths: for index in indexRange:
lengths[column] = 0 if column not in lengths:
lengths[column] = 0
if column not in entries: if column not in entries:
entries[column] = [] entries[column] = []
if kb.dbms in ( DBMS.MYSQL, DBMS.PGSQL ): if column == colList[0]:
query = rootQuery.blind.query % (column, conf.db, # Correction for values with unrecognized chars
conf.tbl, index) if value and '?' in value and value[0]!='?':
elif kb.dbms == DBMS.ORACLE: value = value.split('?')[0]
query = rootQuery.blind.query % (column, column, value = value[:-1] + chr(ord(value[-1]) + 1)
conf.tbl.upper(), query = rootQuery.blind.query % (column, conf.tbl, column, value)
index) else:
elif kb.dbms in (DBMS.MSSQL, DBMS.SYBASE): query = rootQuery.blind.query2 % (column, conf.tbl, colList[0], entries[column][index])
query = rootQuery.blind.query % (column, index, conf.db,
conf.tbl, colList[0],
colList[0], colList[0])
elif kb.dbms == DBMS.SQLITE: value = inject.getValue(query, inband=False)
query = rootQuery.blind.query % (column, conf.tbl, index) lengths[column] = max(lengths[column], len(value))
entries[column].append(value)
elif kb.dbms == DBMS.FIREBIRD: else:
query = rootQuery.blind.query % (index, column, conf.tbl) for index in indexRange:
for column in colList:
if column not in lengths:
lengths[column] = 0
value = inject.getValue(query, inband=False) if column not in entries:
entries[column] = []
lengths[column] = max(lengths[column], len(value)) if kb.dbms in ( DBMS.MYSQL, DBMS.PGSQL ):
entries[column].append(value) query = rootQuery.blind.query % (column, conf.db,
conf.tbl, index)
elif kb.dbms == DBMS.ORACLE:
query = rootQuery.blind.query % (column, column,
conf.tbl.upper(),
index)
elif kb.dbms in (DBMS.MSSQL, DBMS.SYBASE):
query = rootQuery.blind.query % (column, index, conf.db,
conf.tbl, colList[0],
colList[0], colList[0])
elif kb.dbms == DBMS.SQLITE:
query = rootQuery.blind.query % (column, conf.tbl, index)
elif kb.dbms == DBMS.FIREBIRD:
query = rootQuery.blind.query % (index, column, conf.tbl)
value = inject.getValue(query, inband=False)
lengths[column] = max(lengths[column], len(value))
entries[column].append(value)
for column, columnEntries in entries.items(): for column, columnEntries in entries.items():
if lengths[column] < len(column): if lengths[column] < len(column):

2
xml/queries.xml
View File

@ -359,7 +359,7 @@
<tables/> <tables/>
<dump_table> <dump_table>
<inband query="SELECT %s FROM %s"/> <inband query="SELECT %s FROM %s"/>
<blind query="SELECT MIN(%s) FROM %s WHERE %s > '%s'" count="SELECT COUNT(*) FROM %s"/> <blind query="SELECT MIN(%s) FROM %s WHERE CVAR(%s) > '%s'" query2="SELECT %s FROM %s WHERE %s = '%s'" count="SELECT COUNT(*) FROM %s"/>
</dump_table> </dump_table>
</dbms> </dbms>