sqlmapproject/sqlmap
1
1
Fork 0
mirror of https://github.com/sqlmapproject/sqlmap.git synced 2025-02-03 13:14:13 +03:00
Code Issues Packages Projects Releases Wiki Activity

Improvement and fix for pivotDumpTable mechanism

Browse Source
This commit is contained in:
Miroslav Stampar 2012-10-28 23:09:35 +01:00
parent d7973c3e32
commit 919f75db9b
2 changed files with 5 additions and 10 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

13
lib/utils/pivotdumptable.py
View File

@ -23,6 +23,7 @@ from lib.core.exception import sqlmapConnectionException
from lib.core.exception import sqlmapNoneDataException from lib.core.exception import sqlmapNoneDataException
from lib.core.settings import INFERENCE_UNKNOWN_CHAR from lib.core.settings import INFERENCE_UNKNOWN_CHAR
from lib.core.settings import MAX_INT from lib.core.settings import MAX_INT
from lib.core.unescaper import unescaper
from lib.request import inject from lib.request import inject
def pivotDumpTable(table, colList, count=None, blind=True): def pivotDumpTable(table, colList, count=None, blind=True):
@ -101,23 +102,17 @@ def pivotDumpTable(table, colList, count=None, blind=True):
for column in colList: for column in colList:
def _(pivotValue): def _(pivotValue):
# Correction for pivotValues with unrecognized/problematic chars
for char in (INFERENCE_UNKNOWN_CHAR, '\''):
if pivotValue and char in pivotValue and pivotValue[0] != char:
pivotValue = pivotValue.split(char)[0]
pivotValue = pivotValue[:-1] + decodeIntToUnicode(ord(pivotValue[-1]) + 1)
break
if column == colList[0]: if column == colList[0]:
query = dumpNode.query % (column, table, column, pivotValue) query = dumpNode.query.replace("'%s'", "%s") % (column, table, column, unescaper.unescape(pivotValue, False))
else: else:
query = dumpNode.query2 % (column, table, colList[0], pivotValue) query = dumpNode.query2.replace("'%s'", "%s") % (column, table, colList[0], unescaper.unescape(pivotValue, False))
return unArrayizeValue(inject.getValue(query, blind=blind, time=blind, union=not blind, error=not blind)) return unArrayizeValue(inject.getValue(query, blind=blind, time=blind, union=not blind, error=not blind))
value = _(pivotValue) value = _(pivotValue)
if column == colList[0]: if column == colList[0]:
if isNoneValue(value): if isNoneValue(value):
for pivotValue in filter(None, (" " if pivotValue == " " else None, "%s%s" % (pivotValue[0], chr(ord(pivotValue[1]) + 1)) if len(pivotValue) > 1 else None, chr(ord(pivotValue[0]) + 1))): for pivotValue in filter(None, (" " if pivotValue == " " else None, "%s%s" % (pivotValue[0], unichr(ord(pivotValue[1]) + 1)) if len(pivotValue) > 1 else None, unichr(ord(pivotValue[0]) + 1))):
value = _(pivotValue) value = _(pivotValue)
if not isNoneValue(value): if not isNoneValue(value):
break break

2
xml/queries.xml
View File

@ -472,7 +472,7 @@
<substring query="SUBSTR((%s),%d,%d)"/> <substring query="SUBSTR((%s),%d,%d)"/>
<users> <users>
<inband query="SELECT username FROM domain.users"/> <inband query="SELECT username FROM domain.users"/>
<blind query="SELECT MIN(username) FROM domain.users WHERE username > '%s'" count="SELECT CHR(COUNT(*)) FROM domain.users"/> <blind query="SELECT MIN(username) FROM domain.users WHERE username>'%s'" count="SELECT CHR(COUNT(*)) FROM domain.users"/>
</users> </users>
<columns> <columns>
<inband query="SELECT columnname,datatype,len FROM domain.columns WHERE tablename='%s' AND schemaname=%s"/> <inband query="SELECT columnname,datatype,len FROM domain.columns WHERE tablename='%s' AND schemaname=%s"/>