From 8aefd0bbf7b5c70cadc1a4482dc4daa500d38e5c Mon Sep 17 00:00:00 2001 From: Miroslav Stampar Date: Thu, 11 Nov 2010 20:37:25 +0000 Subject: [PATCH] improvement of --common-tables and --common-columns --- lib/core/dump.py | 164 ++++++++++++------------------------ lib/techniques/brute/use.py | 25 +++++- 2 files changed, 79 insertions(+), 110 deletions(-) diff --git a/lib/core/dump.py b/lib/core/dump.py index af51d5a11..b4c802123 100644 --- a/lib/core/dump.py +++ b/lib/core/dump.py @@ -138,32 +138,7 @@ class Dump: self.lister("available databases", dbs) def dbTables(self, dbTables): - if isinstance(dbTables, list) and len(dbTables) > 0: - maxlength = 0 - - for table in dbTables: - maxlength = max(maxlength, len(table)) - - lines = "-" * (int(maxlength) + 2) - - dbTables.sort(key=lambda x: x.lower()) - - self.__write("Database: %s" % conf.db) - - if len(dbTables) == 1: - self.__write("[1 table]") - else: - self.__write("[%d tables]" % len(dbTables)) - - self.__write("+%s+" % lines) - - for table in dbTables: - blank = " " * (maxlength - len(table)) - self.__write("| %s%s |" % (table, blank)) - - self.__write("+%s+\n" % lines) - - elif isinstance(dbTables, dict) and len(dbTables) > 0: + if isinstance(dbTables, dict) and len(dbTables) > 0: maxlength = 0 for tables in dbTables.values(): @@ -197,98 +172,71 @@ class Dump: self.__write("+%s+\n" % lines) else: self.string("tables", dbTables) - + def dbTableColumns(self, tableColumns): - if isinstance(tableColumns, list) and len(tableColumns) > 0: - maxlength = 0 + for db, tables in tableColumns.items(): + if not db: + db = "All" - for table in tableColumns: - maxlength = max(maxlength, len(table)) + for table, columns in tables.items(): + maxlength1 = 0 + maxlength2 = 0 - lines = "-" * (int(maxlength) + 2) + colList = columns.keys() + colList.sort(key=lambda x: x.lower()) - tableColumns.sort(key=lambda x: x.lower()) - - self.__write("Database: %s\nTable: %s" % (conf.db if conf.db else 'All', conf.tbl)) - - if len(tableColumns) == 1: - self.__write("[1 column]") - else: - self.__write("[%d columns]" % len(tableColumns)) - - self.__write("+%s+" % lines) - - for table in tableColumns: - blank = " " * (maxlength - len(table)) - self.__write("| %s%s |" % (table, blank)) - - self.__write("+%s+\n" % lines) - - elif isinstance(tableColumns, dict) and len(tableColumns) > 0: - - for db, tables in tableColumns.items(): - if not db: - db = "All" - - for table, columns in tables.items(): - maxlength1 = 0 - maxlength2 = 0 - - colList = columns.keys() - colList.sort(key=lambda x: x.lower()) - - for column in colList: - colType = columns[column] - maxlength1 = max(maxlength1, len(column)) - - if colType is not None: - maxlength2 = max(maxlength2, len(colType)) - - maxlength1 = max(maxlength1, len("COLUMN")) - lines1 = "-" * (int(maxlength1) + 2) + for column in colList: + colType = columns[column] + maxlength1 = max(maxlength1, len(column)) if colType is not None: - maxlength2 = max(maxlength2, len("TYPE")) - lines2 = "-" * (int(maxlength2) + 2) + maxlength2 = max(maxlength2, len(colType)) - self.__write("Database: %s\nTable: %s" % (db, table)) + maxlength1 = max(maxlength1, len("COLUMN")) + lines1 = "-" * (int(maxlength1) + 2) - if len(columns) == 1: - self.__write("[1 column]") + if colType is not None: + maxlength2 = max(maxlength2, len("TYPE")) + lines2 = "-" * (int(maxlength2) + 2) + + self.__write("Database: %s\nTable: %s" % (db, table)) + + if len(columns) == 1: + self.__write("[1 column]") + else: + self.__write("[%d columns]" % len(columns)) + + if colType is not None: + self.__write("+%s+%s+" % (lines1, lines2)) + else: + self.__write("+%s+" % lines1) + + blank1 = " " * (maxlength1 - len("COLUMN")) + + if colType is not None: + blank2 = " " * (maxlength2 - len("TYPE")) + + if colType is not None: + self.__write("| Column%s | Type%s |" % (blank1, blank2)) + self.__write("+%s+%s+" % (lines1, lines2)) + else: + self.__write("| Column%s |" % blank1) + self.__write("+%s+" % lines1) + + for column in colList: + colType = columns[column] + blank1 = " " * (maxlength1 - len(column)) + + if colType is not None: + blank2 = " " * (maxlength2 - len(colType)) + self.__write("| %s%s | %s%s |" % (column, blank1, colType, blank2)) else: - self.__write("[%d columns]" % len(columns)) + self.__write("| %s%s |" % (column, blank1)) - if colType is not None: - self.__write("+%s+%s+" % (lines1, lines2)) - else: - self.__write("+%s+" % lines1) - - blank1 = " " * (maxlength1 - len("COLUMN")) - - if colType is not None: - blank2 = " " * (maxlength2 - len("TYPE")) - - if colType is not None: - self.__write("| Column%s | Type%s |" % (blank1, blank2)) - self.__write("+%s+%s+" % (lines1, lines2)) - else: - self.__write("| Column%s |" % blank1) - self.__write("+%s+" % lines1) - - for column in colList: - colType = columns[column] - blank1 = " " * (maxlength1 - len(column)) - - if colType is not None: - blank2 = " " * (maxlength2 - len(colType)) - self.__write("| %s%s | %s%s |" % (column, blank1, colType, blank2)) - else: - self.__write("| %s%s |" % (column, blank1)) - - if colType is not None: - self.__write("+%s+%s+\n" % (lines1, lines2)) - else: - self.__write("+%s+\n" % lines1) + if colType is not None: + self.__write("+%s+%s+\n" % (lines1, lines2)) + else: + self.__write("+%s+\n" % lines1) def dbTableValues(self, tableValues): replication = None diff --git a/lib/techniques/brute/use.py b/lib/techniques/brute/use.py index a0657d08c..5f6d40c03 100644 --- a/lib/techniques/brute/use.py +++ b/lib/techniques/brute/use.py @@ -18,6 +18,7 @@ from lib.core.common import pushValue from lib.core.common import randomInt from lib.core.common import safeStringFormat from lib.core.data import conf +from lib.core.data import kb from lib.core.data import logger from lib.core.exception import sqlmapMissingMandatoryOptionException from lib.request.connect import Connect as Request @@ -55,8 +56,14 @@ def tableExists(tableFile): if not retVal: warnMsg = "no table found" logger.warn(warnMsg) + else: + for item in retVal: + if not kb.data.cachedTables.has_key(conf.db): + kb.data.cachedTables[conf.db] = [item] + else: + kb.data.cachedTables[conf.db].append(item) - return retVal + return kb.data.cachedTables def columnExists(columnFile): if not conf.tbl: @@ -96,5 +103,19 @@ def columnExists(columnFile): if not retVal: warnMsg = "no column found" logger.warn(warnMsg) + else: + columns = {} - return retVal + for column in retVal: + query = agent.prefixQuery("%s" % safeStringFormat("AND EXISTS(SELECT %s FROM %s WHERE %s>0)", (column, table, column))) + query = agent.postfixQuery(query) + result = Request.queryPage(agent.payload(newValue=query)) + + if result: + columns[column] = 'numeric' + else: + columns[column] = 'non-numeric' + + kb.data.cachedColumns[conf.db] = {conf.tbl: columns} + + return kb.data.cachedColumns