sqlmapproject/sqlmap
1
1
Fork 0
mirror of https://github.com/sqlmapproject/sqlmap.git synced 2025-01-24 08:14:24 +03:00
Code Issues Packages Projects Releases Wiki Activity

now user can explicitly state number of UNION affected columns via --union-cols (e.g. --union-cols=5)

Browse Source
This commit is contained in:
Miroslav Stampar 2011-06-18 10:51:14 +00:00
parent 7c537f6896
commit 905fef0eae
4 changed files with 15 additions and 6 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

6
lib/core/option.py
View File

@ -1743,8 +1743,10 @@ def __basicOptionValidation():
errMsg = "value for --time-sec option must be an integer greater than 0" errMsg = "value for --time-sec option must be an integer greater than 0"
raise sqlmapSyntaxException, errMsg raise sqlmapSyntaxException, errMsg
if isinstance(conf.uCols, basestring) and ("-" not in conf.uCols or len(conf.uCols.split("-")) != 2): if isinstance(conf.uCols, basestring):
errMsg = "value for --union-cols must be a range with hyphon (e.g. 1-10)" if not conf.uCols.isdigit() and ("-" not in conf.uCols or len(conf.uCols.split("-")) != 2):
errMsg = "value for --union-cols must be a range with hyphon "
errMsg += "(e.g. 1-10) or integer value (e.g. 5)"
raise sqlmapSyntaxException, errMsg raise sqlmapSyntaxException, errMsg
if conf.charset: if conf.charset:

2
lib/techniques/blind/inference.py
View File

@ -116,7 +116,7 @@ def bisection(payload, expression, length=None, charsetType=None, firstChar=None
if conf.threads == 1 and not timeBasedCompare: if conf.threads == 1 and not timeBasedCompare:
warnMsg = "running in a single-thread mode. Please consider " warnMsg = "running in a single-thread mode. Please consider "
warnMsg += "usage of --threads switch to speedup data fetching" warnMsg += "usage of --threads switch for faster data retrieval"
singleTimeWarnMessage(warnMsg) singleTimeWarnMessage(warnMsg)
if conf.verbose in (1, 2) and not showEta: if conf.verbose in (1, 2) and not showEta:

4
lib/techniques/inband/union/test.py
View File

@ -196,6 +196,10 @@ def __unionTestByCharBruteforce(comment, place, parameter, value, prefix, suffix
query = agent.prefixQuery("UNION ALL SELECT %s" % kb.uChar) query = agent.prefixQuery("UNION ALL SELECT %s" % kb.uChar)
total = conf.uColsStop+1 - conf.uColsStart total = conf.uColsStop+1 - conf.uColsStart
# In case that user explicitly stated number of columns affected
if conf.uColsStop == conf.uColsStart:
count = conf.uColsStart
else:
count = __findUnionCharCount(comment, place, parameter, value, prefix, suffix) count = __findUnionCharCount(comment, place, parameter, value, prefix, suffix)
if count: if count:

3
lib/techniques/inband/union/use.py
View File

@ -113,7 +113,10 @@ def configUnion(char=None, columns=None):
return return
columns = columns.replace(" ", "") columns = columns.replace(" ", "")
if "-" in columns:
colsStart, colsStop = columns.split("-") colsStart, colsStop = columns.split("-")
else:
colsStart, colsStop = columns, columns
if not colsStart.isdigit() or not colsStop.isdigit(): if not colsStart.isdigit() or not colsStop.isdigit():
raise sqlmapSyntaxException, "--union-cols must be a range of integers" raise sqlmapSyntaxException, "--union-cols must be a range of integers"