sqlmapproject/sqlmap
1
1
Fork 0
mirror of https://github.com/sqlmapproject/sqlmap.git synced 2024-11-25 19:13:48 +03:00
Code Issues Packages Projects Releases Wiki Activity

update of error based injection and bug fix for --roles on MSSQL server

Browse Source
This commit is contained in:
Miroslav Stampar 2010-10-20 06:40:33 +00:00
parent f2dae98448
commit 82f44989ce
2 changed files with 15 additions and 5 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

18
lib/request/inject.py
View File

@ -348,8 +348,17 @@ def __goError(expression, resumeValue=True):
if output and ( expected is None or ( expected == "int" and output.isdigit() ) ):
return output
expressionUnescaped = unescaper.unescape(expression)
if kb.misc.testedDbms != "MySQL":
if kb.dbmsDetected:
_, _, _, _, _, _, fieldToCastStr = agent.getFields(expression)
nulledCastedField = agent.nullAndCastField(fieldToCastStr)
expressionReplaced = expression.replace(fieldToCastStr, nulledCastedField, 1)
expressionUnescaped = unescaper.unescape(expressionReplaced)
else:
expressionUnescaped = unescaper.unescape(expression)
else: #temporary (have to find out what's wrong with that "Subquery with more than 1 row")
expressionUnescaped = unescaper.unescape(expression)
debugMsg = "query: %s" % expressionUnescaped
logger.debug(debugMsg)
@ -366,8 +375,9 @@ def __goError(expression, resumeValue=True):
if kb.misc.testedDbms == 'MySQL':
output = output[:-1]
infoMsg = "retrieved: %s" % replaceNewlineTabs(output, stdout=True)
logger.info(infoMsg)
if conf.verbose > 0:
infoMsg = "retrieved: %s" % replaceNewlineTabs(output, stdout=True)
logger.info(infoMsg)
return output

2
plugins/dbms/mssqlserver/enumeration.py
View File

@ -22,7 +22,7 @@ class Enumeration(GenericEnumeration):
def __init__(self):
GenericEnumeration.__init__(self, "Microsoft SQL Server")
def getPrivileges(self):
def getPrivileges(self, _):
warnMsg = "on Microsoft SQL Server it is not possible to fetch "
warnMsg += "database users privileges"
logger.warn(warnMsg)