mirror of
https://github.com/sqlmapproject/sqlmap.git
synced 2024-11-29 04:53:48 +03:00
update of error based injection and bug fix for --roles on MSSQL server
This commit is contained in:
parent
f2dae98448
commit
82f44989ce
|
@ -349,7 +349,16 @@ def __goError(expression, resumeValue=True):
|
|||
if output and ( expected is None or ( expected == "int" and output.isdigit() ) ):
|
||||
return output
|
||||
|
||||
expressionUnescaped = unescaper.unescape(expression)
|
||||
if kb.misc.testedDbms != "MySQL":
|
||||
if kb.dbmsDetected:
|
||||
_, _, _, _, _, _, fieldToCastStr = agent.getFields(expression)
|
||||
nulledCastedField = agent.nullAndCastField(fieldToCastStr)
|
||||
expressionReplaced = expression.replace(fieldToCastStr, nulledCastedField, 1)
|
||||
expressionUnescaped = unescaper.unescape(expressionReplaced)
|
||||
else:
|
||||
expressionUnescaped = unescaper.unescape(expression)
|
||||
else: #temporary (have to find out what's wrong with that "Subquery with more than 1 row")
|
||||
expressionUnescaped = unescaper.unescape(expression)
|
||||
|
||||
debugMsg = "query: %s" % expressionUnescaped
|
||||
logger.debug(debugMsg)
|
||||
|
@ -366,8 +375,9 @@ def __goError(expression, resumeValue=True):
|
|||
if kb.misc.testedDbms == 'MySQL':
|
||||
output = output[:-1]
|
||||
|
||||
infoMsg = "retrieved: %s" % replaceNewlineTabs(output, stdout=True)
|
||||
logger.info(infoMsg)
|
||||
if conf.verbose > 0:
|
||||
infoMsg = "retrieved: %s" % replaceNewlineTabs(output, stdout=True)
|
||||
logger.info(infoMsg)
|
||||
|
||||
return output
|
||||
|
||||
|
|
|
@ -22,7 +22,7 @@ class Enumeration(GenericEnumeration):
|
|||
def __init__(self):
|
||||
GenericEnumeration.__init__(self, "Microsoft SQL Server")
|
||||
|
||||
def getPrivileges(self):
|
||||
def getPrivileges(self, _):
|
||||
warnMsg = "on Microsoft SQL Server it is not possible to fetch "
|
||||
warnMsg += "database users privileges"
|
||||
logger.warn(warnMsg)
|
||||
|
|
Loading…
Reference in New Issue
Block a user