mirror of
https://github.com/sqlmapproject/sqlmap.git
synced 2024-11-25 02:53:46 +03:00
Minor enhancement to be able to enumerate table columns and dump table
entries also if the database name is not provided by using the current database on MySQL and MSSQL, the 'public' scheme on PostgreSQL and the 'USERS' TABLESPACE_NAME on Oracle. Minor bug fix so that when the user provide as SELECT statement to be processed an asterisk, now it also work if in the FROM there is no database name specified. Minor layout adjustments.
This commit is contained in:
parent
81ed7c2086
commit
9329f8c9c4
|
@ -507,15 +507,20 @@ def expandAsteriskForColumns(expression):
|
|||
# If the user provided an asterisk rather than the column(s)
|
||||
# name, sqlmap will retrieve the columns itself and reprocess
|
||||
# the SQL query string (expression)
|
||||
asterisk = re.search("^SELECT\s+\*\s+FROM\s+(\w+)[\.]+(\w+)\s*", expression, re.I)
|
||||
asterisk = re.search("^SELECT\s+\*\s+FROM\s+([\w\.\_]+)\s*", expression, re.I)
|
||||
|
||||
if asterisk:
|
||||
infoMsg = "you did not provide the fields in your query. "
|
||||
infoMsg += "sqlmap will retrieve the column names itself"
|
||||
logger.info(infoMsg)
|
||||
|
||||
conf.db = asterisk.group(1)
|
||||
conf.tbl = asterisk.group(2)
|
||||
dbTbl = asterisk.group(1)
|
||||
|
||||
if dbTbl and "." in dbTbl:
|
||||
conf.db, conf.tbl = dbTbl.split(".")
|
||||
else:
|
||||
conf.tbl = dbTbl
|
||||
|
||||
columnsDict = conf.dbmsHandler.getColumns(onlyColNames=True)
|
||||
|
||||
if columnsDict and conf.db in columnsDict and conf.tbl in columnsDict[conf.db]:
|
||||
|
|
|
@ -56,7 +56,7 @@ SQLMAP_SOURCE_URL = "http://downloads.sourceforge.net/sqlmap/sqlmap-%s.zip"
|
|||
MSSQL_SYSTEM_DBS = ( "Northwind", "model", "msdb", "pubs", "tempdb" )
|
||||
MYSQL_SYSTEM_DBS = ( "information_schema", "mysql" ) # Before MySQL 5.0 only "mysql"
|
||||
PGSQL_SYSTEM_DBS = ( "information_schema", "pg_catalog" )
|
||||
ORACLE_SYSTEM_DBS = ( "SYSTEM", "SYSAUX" )
|
||||
ORACLE_SYSTEM_DBS = ( "SYSTEM", "SYSAUX" ) # These are TABLESPACE_NAME
|
||||
|
||||
MSSQL_ALIASES = [ "microsoft sql server", "mssqlserver", "mssql", "ms" ]
|
||||
MYSQL_ALIASES = [ "mysql", "my" ]
|
||||
|
|
|
@ -54,6 +54,8 @@ def queriesForAutoCompletion():
|
|||
autoComplQuery = query
|
||||
elif isinstance(query, dict) and "inband" in query:
|
||||
autoComplQuery = query["inband"]["query"]
|
||||
else:
|
||||
continue
|
||||
|
||||
autoComplQueries[autoComplQuery] = None
|
||||
|
||||
|
|
|
@ -168,11 +168,11 @@ def cmdLineParser():
|
|||
|
||||
enumeration.add_option("--columns", dest="getColumns", action="store_true",
|
||||
help="Enumerate DBMS database table columns "
|
||||
"(req: -T, -D)")
|
||||
"(req:-T opt:-D)")
|
||||
|
||||
enumeration.add_option("--dump", dest="dumpTable", action="store_true",
|
||||
help="Dump DBMS database table entries "
|
||||
"(req: -T, -D opt: -C, --start, --stop)")
|
||||
"(req: -T, opt: -D, -C, --start, --stop)")
|
||||
|
||||
enumeration.add_option("--dump-all", dest="dumpAll", action="store_true",
|
||||
help="Dump all DBMS databases tables entries")
|
||||
|
|
|
@ -372,7 +372,7 @@ def getValue(expression, blind=True, inband=True, fromUser=False, expected=None)
|
|||
|
||||
expression = cleanQuery(expression)
|
||||
expression = expandAsteriskForColumns(expression)
|
||||
value = None
|
||||
value = None
|
||||
|
||||
if inband and conf.unionUse and kb.dbms:
|
||||
value = __goInband(expression, expected)
|
||||
|
|
|
@ -730,8 +730,12 @@ class Enumeration:
|
|||
self.forceDbmsEnum()
|
||||
|
||||
if not conf.db:
|
||||
errMsg = "missing database parameter"
|
||||
raise sqlmapMissingMandatoryOptionException, errMsg
|
||||
warnMsg = "missing database parameter, sqlmap is going to "
|
||||
warnMsg += "use the current database to enumerate table "
|
||||
warnMsg += "'%s' columns" % conf.tbl
|
||||
logger.warn(warnMsg)
|
||||
|
||||
conf.db = self.getCurrentDb()
|
||||
|
||||
infoMsg = "fetching columns "
|
||||
infoMsg += "for table '%s' " % conf.tbl
|
||||
|
@ -740,10 +744,6 @@ class Enumeration:
|
|||
|
||||
rootQuery = queries[kb.dbms].columns
|
||||
|
||||
if kb.dbms == "Oracle":
|
||||
conf.db = conf.db.upper()
|
||||
conf.tbl = conf.tbl.upper()
|
||||
|
||||
if conf.unionUse:
|
||||
if kb.dbms in ( "MySQL", "PostgreSQL" ):
|
||||
query = rootQuery["inband"]["query"] % (conf.tbl, conf.db)
|
||||
|
@ -840,8 +840,12 @@ class Enumeration:
|
|||
self.forceDbmsEnum()
|
||||
|
||||
if not conf.db:
|
||||
errMsg = "missing database parameter"
|
||||
raise sqlmapMissingMandatoryOptionException, errMsg
|
||||
warnMsg = "missing database parameter, sqlmap is going to "
|
||||
warnMsg += "use the current database to dump table "
|
||||
warnMsg += "'%s' entries" % conf.tbl
|
||||
logger.warn(warnMsg)
|
||||
|
||||
conf.db = self.getCurrentDb()
|
||||
|
||||
rootQuery = queries[kb.dbms].dumpTable
|
||||
|
||||
|
|
Loading…
Reference in New Issue
Block a user