sqlmapproject/sqlmap
1
1
Fork 0
mirror of https://github.com/sqlmapproject/sqlmap.git synced 2025-06-07 14:43:08 +03:00
Code Issues Packages Projects Releases Wiki Activity

minor refactoring

Browse Source
This commit is contained in:
Miroslav Stampar 2011-02-19 09:36:57 +00:00
parent 5f4ffc9287
commit 72fc0a0565
1 changed files with 32 additions and 93 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

125
plugins/generic/enumeration.py
View File

@ -1123,38 +1123,37 @@ class Enumeration:
return kb.data.cachedColumns return kb.data.cachedColumns
def __pivotDumpTable(dumpNode, table, colList, indexRange, blind=True): def __pivotDumpTable(self, dumpNode, table, colList, count, blind=True):
lengths = {} lengths = {}
entries = {} entries = {}
validColumnList = False validColumnList = False
validPivotValue = False validPivotValue = False
count = len(indexRange) if len(colList) > 1:
for column in colList:
infoMsg = "fetching number of distinct "
infoMsg += "values for column '%s'" % column
logger.info(infoMsg)
for column in colList: query = dumpNode.count2 % (column, table)
infoMsg = "fetching number of distinct " if blind:
infoMsg += "values for column '%s'" % column value = inject.getValue(query, inband=False, error=False)
logger.info(infoMsg) else:
value = inject.getValue(query, blind=False)
query = dumpNode.count2 % (column, table) if isNumPosStrValue(value):
if blind: validColumnList = True
value = inject.getValue(query, inband=False, error=False) if value == count:
else: infoMsg = "using column '%s' as a pivot " % column
value = inject.getValue(query, blind=False) infoMsg += "for retrieving row data"
logger.info(infoMsg)
if isNumPosStrValue(value): validPivotValue = True
validColumnList = True
if value == count:
infoMsg = "using column '%s' as a pivot " % column
infoMsg += "for retrieving row data"
logger.info(infoMsg)
validPivotValue = True colList.remove(column)
colList.insert(0, column)
colList.remove(column) break
colList.insert(0, column)
break
if not validColumnList: if not validColumnList:
errMsg = "all column name(s) provided are non-existent" errMsg = "all column name(s) provided are non-existent"
@ -1168,7 +1167,7 @@ class Enumeration:
pivotValue = " " pivotValue = " "
breakRetrieval = False breakRetrieval = False
for index in indexRange: for i in xrange(count):
if breakRetrieval: if breakRetrieval:
break break
@ -1181,7 +1180,7 @@ class Enumeration:
if column == colList[0]: if column == colList[0]:
# Correction for pivotValues with unrecognized chars # Correction for pivotValues with unrecognized chars
if pivotValue and '?' in pivotValue and pivotValue[0]!='?': if pivotValue and '?' in pivotValue and pivotValue[0] != '?':
pivotValue = pivotValue.split('?')[0] pivotValue = pivotValue.split('?')[0]
pivotValue = pivotValue[:-1] + chr(ord(pivotValue[-1]) + 1) pivotValue = pivotValue[:-1] + chr(ord(pivotValue[-1]) + 1)
query = dumpNode.query % (column, table, column, pivotValue) query = dumpNode.query % (column, table, column, pivotValue)
@ -1203,6 +1202,8 @@ class Enumeration:
lengths[column] = max(lengths[column], len(value) if value else 0) lengths[column] = max(lengths[column], len(value) if value else 0)
entries[column].append(value) entries[column].append(value)
return entries, lengths
def dumpTable(self): def dumpTable(self):
if not conf.tbl and not conf.col: if not conf.tbl and not conf.col:
errMsg = "missing table parameter" errMsg = "missing table parameter"
@ -1365,12 +1366,6 @@ class Enumeration:
lengths = {} lengths = {}
entries = {} entries = {}
if Backend.getIdentifiedDbms() in (DBMS.ORACLE, DBMS.MSSQL, DBMS.SYBASE):
plusOne = True
else:
plusOne = False
indexRange = getRange(count, dump=True, plusOne=plusOne)
try: try:
if Backend.getIdentifiedDbms() in (DBMS.ACCESS, DBMS.SYBASE): if Backend.getIdentifiedDbms() in (DBMS.ACCESS, DBMS.SYBASE):
validColumnList = False validColumnList = False
@ -1381,71 +1376,15 @@ class Enumeration:
elif DBMS.SYBASE: elif DBMS.SYBASE:
table = "%s..%s" % (conf.db, conf.tbl) table = "%s..%s" % (conf.db, conf.tbl)
for column in colList: entries, lengths = self.__pivotDumpTable(rootQuery.blind, table, colList, int(count), blind=True)
infoMsg = "fetching number of distinct "
infoMsg += "values for column '%s'" % column
logger.info(infoMsg)
query = rootQuery.blind.count2 % (column, table)
value = inject.getValue(query, inband=False, error=False)
if isNumPosStrValue(value):
validColumnList = True
if value == count:
infoMsg = "using column '%s' as a pivot " % column
infoMsg += "for retrieving row data"
logger.info(infoMsg)
validPivotValue = True
colList.remove(column)
colList.insert(0, column)
break
if not validColumnList:
errMsg = "all column name(s) provided are non-existent"
raise sqlmapNoneDataException, errMsg
if not validPivotValue:
warnMsg = "no proper pivot column provided (with unique values)."
warnMsg += " all rows can't be retrieved."
logger.warn(warnMsg)
pivotValue = " "
breakRetrieval = False
for index in indexRange:
if breakRetrieval:
break
for column in colList:
if column not in lengths:
lengths[column] = 0
if column not in entries:
entries[column] = []
if column == colList[0]:
# Correction for pivotValues with unrecognized chars
if pivotValue and '?' in pivotValue and pivotValue[0]!='?':
pivotValue = pivotValue.split('?')[0]
pivotValue = pivotValue[:-1] + chr(ord(pivotValue[-1]) + 1)
query = rootQuery.blind.query % (column, table, column, pivotValue)
else:
query = rootQuery.blind.query2 % (column, table, colList[0], pivotValue)
value = inject.getValue(query, inband=False, error=False)
if column == colList[0]:
if not value:
breakRetrieval = True
break
else:
pivotValue = value
lengths[column] = max(lengths[column], len(value) if value else 0)
entries[column].append(value)
else: else:
if Backend.getIdentifiedDbms() in (DBMS.ORACLE, DBMS.MSSQL, DBMS.SYBASE):
plusOne = True
else:
plusOne = False
indexRange = getRange(count, dump=True, plusOne=plusOne)
for index in indexRange: for index in indexRange:
for column in colList: for column in colList:
if column not in lengths: if column not in lengths: