sqlmapproject/sqlmap
1
1
Fork 0
mirror of https://github.com/sqlmapproject/sqlmap.git synced 2025-02-16 19:40:37 +03:00
Code Issues Packages Projects Releases Wiki Activity

Probable fix for --technique=Q --dbms=Firebird (but also other potential issues with splitting of fields in expressions)

Browse Source
This commit is contained in:
Miroslav Stampar 2013-01-22 15:51:06 +01:00
parent 2ec828f1cb
commit 719c7f622b
2 changed files with 15 additions and 7 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

10
lib/core/agent.py
View File

@ -17,6 +17,7 @@ from lib.core.common import randomInt
from lib.core.common import randomStr
from lib.core.common import safeSQLIdentificatorNaming
from lib.core.common import singleTimeWarnMessage
from lib.core.common import splitFields
from lib.core.common import unArrayizeValue
from lib.core.common import zeroDepthSearch
from lib.core.data import conf
@ -384,11 +385,7 @@ class Agent(object):
if fields.startswith("(CASE") or fields.startswith("(IIF") or fields.startswith("SUBSTR") or fields.startswith("MID(") or re.search(r"\A'[^']+'\Z", fields):
nulledCastedConcatFields = fields
else:
fields = fields.replace(", ", ',')
commas = [-1, len(fields)]
commas.extend(zeroDepthSearch(fields, ','))
commas = sorted(commas)
fieldsSplitted = [fields[x + 1:y] for (x, y) in zip(commas, commas[1:])]
fieldsSplitted = splitFields(fields)
dbmsDelimiter = queries[Backend.getIdentifiedDbms()].delimiter.query
nulledCastedFields = []
@ -453,8 +450,7 @@ class Agent(object):
if re.search("\A\w+\(.*\)", fieldsToCastStr, re.I) or (fieldsSelectCase and "WHEN use" not in query) or fieldsSubstr:
fieldsToCastList = [fieldsToCastStr]
else:
fieldsToCastList = fieldsToCastStr.replace(", ", ',')
fieldsToCastList = fieldsToCastList.split(',')
fieldsToCastList = splitFields(fieldsToCastStr)
return fieldsSelectFrom, fieldsSelect, fieldsNoSelect, fieldsSelectTop, fieldsSelectCase, fieldsToCastList, fieldsToCastStr, fieldsExists

12
lib/core/common.py
View File

@ -3310,6 +3310,18 @@ def zeroDepthSearch(expression, value):
return retVal
def splitFields(fields, delimiter=','):
"""
Returns list of fields splitted by delimiter
"""
fields = fields.replace("%s " % delimiter, delimiter)
commas = [-1, len(fields)]
commas.extend(zeroDepthSearch(fields, ','))
commas = sorted(commas)
return [fields[x + 1:y] for (x, y) in zip(commas, commas[1:])]
def pollProcess(process, suppress_errors=False):
while True:
dataToStdout(".")