sqlmapproject/sqlmap
1
1
Fork 0
mirror of https://github.com/sqlmapproject/sqlmap.git synced 2025-02-03 05:04:11 +03:00
Code Issues Packages Projects Releases Wiki Activity

step by step getting there to partial output presentation to restful API (issue #297), not quite yet though..

Browse Source
This commit is contained in:
Bernardo Damele 2013-02-03 22:09:33 +00:00
parent b55555e4e5
commit 9370f96a67
5 changed files with 24 additions and 11 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

7
lib/core/common.py
View File

@ -1771,7 +1771,7 @@ def goGoodSamaritan(prevValue, originalCharset):
else: else:
return None, None, None, originalCharset return None, None, None, originalCharset
def getPartRun(): def getPartRun(alias=True):
""" """
Goes through call stack and finds constructs matching conf.dbmsHandler.*. Goes through call stack and finds constructs matching conf.dbmsHandler.*.
Returns it or its alias used in txt/common-outputs.txt Returns it or its alias used in txt/common-outputs.txt
@ -1803,7 +1803,10 @@ def getPartRun():
pass pass
# Return the INI tag to consider for common outputs (e.g. 'Databases') # Return the INI tag to consider for common outputs (e.g. 'Databases')
return commonPartsDict[retVal][1] if isinstance(commonPartsDict.get(retVal), tuple) else retVal if alias:
return commonPartsDict[retVal][1] if isinstance(commonPartsDict.get(retVal), tuple) else retVal
else:
return retVal
def getUnicode(value, encoding=None, system=False, noneToNull=False): def getUnicode(value, encoding=None, system=False, noneToNull=False):
""" """

7
lib/techniques/blind/inference.py
View File

@ -89,7 +89,12 @@ def bisection(payload, expression, length=None, charsetType=None, firstChar=None
try: try:
# Set kb.partRun in case "common prediction" feature (a.k.a. "good # Set kb.partRun in case "common prediction" feature (a.k.a. "good
# samaritan") is used or the engine is called from the API # samaritan") is used or the engine is called from the API
kb.partRun = getPartRun() if conf.predictOutput or hasattr(conf, "api") else None if conf.predictOutput:
kb.partRun = getPartRun()
elif hasattr(conf, "api"):
kb.partRun = getPartRun(alias=False)
else:
kb.partRun = None
if partialValue: if partialValue:
firstChar = len(partialValue) firstChar = len(partialValue)

2
lib/techniques/error/use.py
View File

@ -245,7 +245,7 @@ def errorUse(expression, dump=False):
_, _, _, _, _, expressionFieldsList, expressionFields, _ = agent.getFields(expression) _, _, _, _, _, expressionFieldsList, expressionFields, _ = agent.getFields(expression)
# Set kb.partRun in case the engine is called from the API # Set kb.partRun in case the engine is called from the API
kb.partRun = getPartRun() if hasattr(conf, "api") else None kb.partRun = getPartRun(alias=False) if hasattr(conf, "api") else None
# We have to check if the SQL query might return multiple entries # We have to check if the SQL query might return multiple entries
# and in such case forge the SQL limiting the query output one # and in such case forge the SQL limiting the query output one

2
lib/techniques/union/use.py
View File

@ -165,7 +165,7 @@ def unionUse(expression, unpack=True, dump=False):
_, _, _, _, _, expressionFieldsList, expressionFields, _ = agent.getFields(origExpr) _, _, _, _, _, expressionFieldsList, expressionFields, _ = agent.getFields(origExpr)
# Set kb.partRun in case the engine is called from the API # Set kb.partRun in case the engine is called from the API
kb.partRun = getPartRun() if hasattr(conf, "api") else None kb.partRun = getPartRun(alias=False) if hasattr(conf, "api") else None
if expressionFieldsList and len(expressionFieldsList) > 1 and "ORDER BY" in expression.upper(): if expressionFieldsList and len(expressionFieldsList) > 1 and "ORDER BY" in expression.upper():
# Removed ORDER BY clause because UNION does not play well with it # Removed ORDER BY clause because UNION does not play well with it

17
lib/utils/api.py
View File

@ -178,18 +178,26 @@ class StdDbOut(object):
if content_type is None: if content_type is None:
content_type = 99 content_type = 99
output = conf.database_cursor.execute("SELECT id, value FROM data WHERE taskid = ? AND status = ? AND content_type = ? LIMIT 0,1",
(self.taskid, status, content_type))
if status == CONTENT_STATUS.IN_PROGRESS: if status == CONTENT_STATUS.IN_PROGRESS:
output = conf.database_cursor.execute("SELECT id, value FROM data WHERE taskid = ? AND status = ? AND content_type = ? LIMIT 0,1", # Ignore all non-relevant messages
(self.taskid, status, content_type)) if kb.partRun is None:
return
if len(output) == 0: if len(output) == 0:
conf.database_cursor.execute("INSERT INTO data VALUES(NULL, ?, ?, ?, ?)", conf.database_cursor.execute("INSERT INTO data VALUES(NULL, ?, ?, ?, ?)",
(self.taskid, status, content_type, jsonize(value))) (self.taskid, status, content_type, jsonize(value)))
else: else:
new_value = "%s%s" % (output[0][1], value) new_value = "%s%s" % (dejsonize(output[0][1]), value)
conf.database_cursor.execute("UPDATE data SET value = ? WHERE id = ?", conf.database_cursor.execute("UPDATE data SET value = ? WHERE id = ?",
(jsonize(new_value), output[0][0])) (jsonize(new_value), output[0][0]))
else: else:
if len(output) > 0:
conf.database_cursor.execute("DELETE FROM data WHERE taskid = ? AND status = %s AND content_type = ?" % CONTENT_STATUS.IN_PROGRESS,
(self.taskid, content_type))
conf.database_cursor.execute("INSERT INTO data VALUES(NULL, ?, ?, ?, ?)", conf.database_cursor.execute("INSERT INTO data VALUES(NULL, ?, ?, ?, ?)",
(self.taskid, status, content_type, jsonize(value))) (self.taskid, status, content_type, jsonize(value)))
else: else:
@ -217,9 +225,6 @@ class LogRecorder(logging.StreamHandler):
def setRestAPILog(): def setRestAPILog():
if hasattr(conf, "api"): if hasattr(conf, "api"):
#conf.database_connection = sqlite3.connect(conf.database, timeout=1, isolation_level=None)
#conf.database_cursor = conf.database_connection.cursor()
conf.database_cursor = Database(conf.database) conf.database_cursor = Database(conf.database)
conf.database_cursor.connect("client") conf.database_cursor.connect("client")