sqlmapproject/sqlmap
1
1
Fork 0
mirror of https://github.com/sqlmapproject/sqlmap.git synced 2024-11-25 11:03:47 +03:00
Code Issues Packages Projects Releases Wiki Activity

improvement of --common-tables and --common-columns

Browse Source
This commit is contained in:
Miroslav Stampar 2010-11-11 20:37:25 +00:00
parent 2d872f850a
commit 8aefd0bbf7
2 changed files with 79 additions and 110 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

164
lib/core/dump.py
View File

@ -138,32 +138,7 @@ class Dump:
self.lister("available databases", dbs) self.lister("available databases", dbs)
def dbTables(self, dbTables): def dbTables(self, dbTables):
if isinstance(dbTables, list) and len(dbTables) > 0: if isinstance(dbTables, dict) and len(dbTables) > 0:
maxlength = 0
for table in dbTables:
maxlength = max(maxlength, len(table))
lines = "-" * (int(maxlength) + 2)
dbTables.sort(key=lambda x: x.lower())
self.__write("Database: %s" % conf.db)
if len(dbTables) == 1:
self.__write("[1 table]")
else:
self.__write("[%d tables]" % len(dbTables))
self.__write("+%s+" % lines)
for table in dbTables:
blank = " " * (maxlength - len(table))
self.__write("| %s%s |" % (table, blank))
self.__write("+%s+\n" % lines)
elif isinstance(dbTables, dict) and len(dbTables) > 0:
maxlength = 0 maxlength = 0
for tables in dbTables.values(): for tables in dbTables.values():
@ -197,98 +172,71 @@ class Dump:
self.__write("+%s+\n" % lines) self.__write("+%s+\n" % lines)
else: else:
self.string("tables", dbTables) self.string("tables", dbTables)
def dbTableColumns(self, tableColumns): def dbTableColumns(self, tableColumns):
if isinstance(tableColumns, list) and len(tableColumns) > 0: for db, tables in tableColumns.items():
maxlength = 0 if not db:
db = "All"
for table in tableColumns: for table, columns in tables.items():
maxlength = max(maxlength, len(table)) maxlength1 = 0
maxlength2 = 0
lines = "-" * (int(maxlength) + 2) colList = columns.keys()
colList.sort(key=lambda x: x.lower())
tableColumns.sort(key=lambda x: x.lower()) for column in colList:
colType = columns[column]
self.__write("Database: %s\nTable: %s" % (conf.db if conf.db else 'All', conf.tbl)) maxlength1 = max(maxlength1, len(column))
if len(tableColumns) == 1:
self.__write("[1 column]")
else:
self.__write("[%d columns]" % len(tableColumns))
self.__write("+%s+" % lines)
for table in tableColumns:
blank = " " * (maxlength - len(table))
self.__write("| %s%s |" % (table, blank))
self.__write("+%s+\n" % lines)
elif isinstance(tableColumns, dict) and len(tableColumns) > 0:
for db, tables in tableColumns.items():
if not db:
db = "All"
for table, columns in tables.items():
maxlength1 = 0
maxlength2 = 0
colList = columns.keys()
colList.sort(key=lambda x: x.lower())
for column in colList:
colType = columns[column]
maxlength1 = max(maxlength1, len(column))
if colType is not None:
maxlength2 = max(maxlength2, len(colType))
maxlength1 = max(maxlength1, len("COLUMN"))
lines1 = "-" * (int(maxlength1) + 2)
if colType is not None: if colType is not None:
maxlength2 = max(maxlength2, len("TYPE")) maxlength2 = max(maxlength2, len(colType))
lines2 = "-" * (int(maxlength2) + 2)
self.__write("Database: %s\nTable: %s" % (db, table)) maxlength1 = max(maxlength1, len("COLUMN"))
lines1 = "-" * (int(maxlength1) + 2)
if len(columns) == 1: if colType is not None:
self.__write("[1 column]") maxlength2 = max(maxlength2, len("TYPE"))
lines2 = "-" * (int(maxlength2) + 2)
self.__write("Database: %s\nTable: %s" % (db, table))
if len(columns) == 1:
self.__write("[1 column]")
else:
self.__write("[%d columns]" % len(columns))
if colType is not None:
self.__write("+%s+%s+" % (lines1, lines2))
else:
self.__write("+%s+" % lines1)
blank1 = " " * (maxlength1 - len("COLUMN"))
if colType is not None:
blank2 = " " * (maxlength2 - len("TYPE"))
if colType is not None:
self.__write("| Column%s | Type%s |" % (blank1, blank2))
self.__write("+%s+%s+" % (lines1, lines2))
else:
self.__write("| Column%s |" % blank1)
self.__write("+%s+" % lines1)
for column in colList:
colType = columns[column]
blank1 = " " * (maxlength1 - len(column))
if colType is not None:
blank2 = " " * (maxlength2 - len(colType))
self.__write("| %s%s | %s%s |" % (column, blank1, colType, blank2))
else: else:
self.__write("[%d columns]" % len(columns)) self.__write("| %s%s |" % (column, blank1))
if colType is not None: if colType is not None:
self.__write("+%s+%s+" % (lines1, lines2)) self.__write("+%s+%s+\n" % (lines1, lines2))
else: else:
self.__write("+%s+" % lines1) self.__write("+%s+\n" % lines1)
blank1 = " " * (maxlength1 - len("COLUMN"))
if colType is not None:
blank2 = " " * (maxlength2 - len("TYPE"))
if colType is not None:
self.__write("| Column%s | Type%s |" % (blank1, blank2))
self.__write("+%s+%s+" % (lines1, lines2))
else:
self.__write("| Column%s |" % blank1)
self.__write("+%s+" % lines1)
for column in colList:
colType = columns[column]
blank1 = " " * (maxlength1 - len(column))
if colType is not None:
blank2 = " " * (maxlength2 - len(colType))
self.__write("| %s%s | %s%s |" % (column, blank1, colType, blank2))
else:
self.__write("| %s%s |" % (column, blank1))
if colType is not None:
self.__write("+%s+%s+\n" % (lines1, lines2))
else:
self.__write("+%s+\n" % lines1)
def dbTableValues(self, tableValues): def dbTableValues(self, tableValues):
replication = None replication = None

25
lib/techniques/brute/use.py
View File

@ -18,6 +18,7 @@ from lib.core.common import pushValue
from lib.core.common import randomInt from lib.core.common import randomInt
from lib.core.common import safeStringFormat from lib.core.common import safeStringFormat
from lib.core.data import conf from lib.core.data import conf
from lib.core.data import kb
from lib.core.data import logger from lib.core.data import logger
from lib.core.exception import sqlmapMissingMandatoryOptionException from lib.core.exception import sqlmapMissingMandatoryOptionException
from lib.request.connect import Connect as Request from lib.request.connect import Connect as Request
@ -55,8 +56,14 @@ def tableExists(tableFile):
if not retVal: if not retVal:
warnMsg = "no table found" warnMsg = "no table found"
logger.warn(warnMsg) logger.warn(warnMsg)
else:
for item in retVal:
if not kb.data.cachedTables.has_key(conf.db):
kb.data.cachedTables[conf.db] = [item]
else:
kb.data.cachedTables[conf.db].append(item)
return retVal return kb.data.cachedTables
def columnExists(columnFile): def columnExists(columnFile):
if not conf.tbl: if not conf.tbl:
@ -96,5 +103,19 @@ def columnExists(columnFile):
if not retVal: if not retVal:
warnMsg = "no column found" warnMsg = "no column found"
logger.warn(warnMsg) logger.warn(warnMsg)
else:
columns = {}
return retVal for column in retVal:
query = agent.prefixQuery("%s" % safeStringFormat("AND EXISTS(SELECT %s FROM %s WHERE %s>0)", (column, table, column)))
query = agent.postfixQuery(query)
result = Request.queryPage(agent.payload(newValue=query))
if result:
columns[column] = 'numeric'
else:
columns[column] = 'non-numeric'
kb.data.cachedColumns[conf.db] = {conf.tbl: columns}
return kb.data.cachedColumns