sqlmapproject/sqlmap
1
1
Fork 0
mirror of https://github.com/sqlmapproject/sqlmap.git synced 2025-10-26 05:31:04 +03:00
Code Issues Packages Projects Releases Wiki Activity

upgrade of --search mechanism (lowest common denominator is now searched for - e.g. if -D -T and -C are given then -C is searched for in -D and -T)

Browse Source
This commit is contained in:
Miroslav Stampar 2011-12-02 13:32:30 +00:00
parent b03a5e8928
commit 96aacbf945
1 changed files with 40 additions and 27 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

65
plugins/generic/enumeration.py
View File

@ -879,7 +879,7 @@ class Enumeration:
if conf.excludeSysDbs: if conf.excludeSysDbs:
query += " WHERE " query += " WHERE "
query += " AND ".join("%s != '%s'" % (condition, unsafeSQLIdentificatorNaming(db)) for db in self.excludeDbsList) query += " AND ".join("%s != '%s'" % (condition, unsafeSQLIdentificatorNaming(db)) for db in self.excludeDbsList)
infoMsg = "skipping system database%s: %s" % ("s" if len(self.excludeDbsList) > 1 else "", ", ".join(db for db in self.excludeDbsList)) infoMsg = "skipping system database%s '%s'" % ("s" if len(self.excludeDbsList) > 1 else "", ", ".join(db for db in self.excludeDbsList))
logger.info(infoMsg) logger.info(infoMsg)
elif not Backend.isDbms(DBMS.SQLITE): elif not Backend.isDbms(DBMS.SQLITE):
query += " WHERE " query += " WHERE "
@ -1922,7 +1922,7 @@ class Enumeration:
if conf.excludeSysDbs: if conf.excludeSysDbs:
exclDbsQuery = "".join(" AND '%s' != %s" % (unsafeSQLIdentificatorNaming(db), dbCond) for db in self.excludeDbsList) exclDbsQuery = "".join(" AND '%s' != %s" % (unsafeSQLIdentificatorNaming(db), dbCond) for db in self.excludeDbsList)
infoMsg = "skipping system database%s: %s" % ("s" if len(self.excludeDbsList) > 1 else "", ", ".join(db for db in self.excludeDbsList)) infoMsg = "skipping system database%s '%s'" % ("s" if len(self.excludeDbsList) > 1 else "", ", ".join(db for db in self.excludeDbsList))
logger.info(infoMsg) logger.info(infoMsg)
else: else:
exclDbsQuery = "" exclDbsQuery = ""
@ -2035,12 +2035,17 @@ class Enumeration:
infoMsg += " '%s'" % unsafeSQLIdentificatorNaming(tbl) infoMsg += " '%s'" % unsafeSQLIdentificatorNaming(tbl)
logger.info(infoMsg) logger.info(infoMsg)
if conf.excludeSysDbs: if conf.db and conf.db != "CD":
exclDbsQuery = "".join(" AND '%s' != %s" % (unsafeSQLIdentificatorNaming(db), dbCond) for db in self.excludeDbsList) _ = conf.db.split(",")
infoMsg = "skipping system database%s: %s" % ("s" if len(self.excludeDbsList) > 1 else "", ", ".join(db for db in self.excludeDbsList)) whereDbsQuery = "".join(" AND '%s' = %s" % (unsafeSQLIdentificatorNaming(db), dbCond) for db in _)
infoMsg = "for database%s '%s'" % ("s" if len(_) > 1 else "", ", ".join(db for db in _))
logger.info(infoMsg)
elif conf.excludeSysDbs:
whereDbsQuery = "".join(" AND '%s' != %s" % (unsafeSQLIdentificatorNaming(db), dbCond) for db in self.excludeDbsList)
infoMsg = "skipping system database%s '%s'" % ("s" if len(self.excludeDbsList) > 1 else "", ", ".join(db for db in self.excludeDbsList))
logger.info(infoMsg) logger.info(infoMsg)
else: else:
exclDbsQuery = "" whereDbsQuery = ""
tblQuery = "%s%s" % (tblCond, tblCondParam) tblQuery = "%s%s" % (tblCond, tblCondParam)
tblQuery = tblQuery % tbl tblQuery = tblQuery % tbl
@ -2048,7 +2053,7 @@ class Enumeration:
if isTechniqueAvailable(PAYLOAD.TECHNIQUE.UNION) or isTechniqueAvailable(PAYLOAD.TECHNIQUE.ERROR) or conf.direct: if isTechniqueAvailable(PAYLOAD.TECHNIQUE.UNION) or isTechniqueAvailable(PAYLOAD.TECHNIQUE.ERROR) or conf.direct:
query = rootQuery.inband.query query = rootQuery.inband.query
query += tblQuery query += tblQuery
query += exclDbsQuery query += whereDbsQuery
values = inject.getValue(query, blind=False) values = inject.getValue(query, blind=False)
for foundDb, foundTbl in filterPairValues(values): for foundDb, foundTbl in filterPairValues(values):
@ -2071,7 +2076,7 @@ class Enumeration:
query = rootQuery.blind.count query = rootQuery.blind.count
query += tblQuery query += tblQuery
query += exclDbsQuery query += whereDbsQuery
count = inject.getValue(query, inband=False, error=False, expected=EXPECTED.INT, charsetType=2) count = inject.getValue(query, inband=False, error=False, expected=EXPECTED.INT, charsetType=2)
if not isNumPosStrValue(count): if not isNumPosStrValue(count):
@ -2088,7 +2093,7 @@ class Enumeration:
for index in indexRange: for index in indexRange:
query = rootQuery.blind.query query = rootQuery.blind.query
query += tblQuery query += tblQuery
query += exclDbsQuery query += whereDbsQuery
if Backend.isDbms(DBMS.DB2): if Backend.isDbms(DBMS.DB2):
query += ") AS foobar" query += ") AS foobar"
query = agent.limitQuery(index, query) query = agent.limitQuery(index, query)
@ -2199,21 +2204,29 @@ class Enumeration:
foundCols[column] = {} foundCols[column] = {}
if conf.excludeSysDbs: if conf.db and conf.db != "CD":
exclDbsQuery = "".join(" AND '%s' != %s" % (db, dbCond) for db in self.excludeDbsList) _ = conf.db.split(",")
infoMsg = "skipping system database%s: %s" % ("s" if len(self.excludeDbsList) > 1 else "", ", ".join(db for db in self.excludeDbsList)) whereDbsQuery = "".join(" AND '%s' = %s" % (unsafeSQLIdentificatorNaming(db), dbCond) for db in _)
infoMsg = "for database%s '%s'" % ("s" if len(_) > 1 else "", ", ".join(db for db in _))
logger.info(infoMsg)
elif conf.excludeSysDbs:
whereDbsQuery = "".join(" AND '%s' != %s" % (unsafeSQLIdentificatorNaming(db), dbCond) for db in self.excludeDbsList)
infoMsg = "skipping system database%s '%s'" % ("s" if len(self.excludeDbsList) > 1 else "", ", ".join(db for db in self.excludeDbsList))
logger.info(infoMsg) logger.info(infoMsg)
else: else:
exclDbsQuery = "" whereDbsQuery = ""
colQuery = "%s%s" % (colCond, colCondParam) colQuery = "%s%s" % (colCond, colCondParam)
colQuery = colQuery % unsafeSQLIdentificatorNaming(column) colQuery = colQuery % unsafeSQLIdentificatorNaming(column)
if isTechniqueAvailable(PAYLOAD.TECHNIQUE.UNION) or isTechniqueAvailable(PAYLOAD.TECHNIQUE.ERROR) or conf.direct: if isTechniqueAvailable(PAYLOAD.TECHNIQUE.UNION) or isTechniqueAvailable(PAYLOAD.TECHNIQUE.ERROR) or conf.direct:
query = rootQuery.inband.query if not all((conf.db, conf.tbl)):
query += colQuery query = rootQuery.inband.query
query += exclDbsQuery query += colQuery
values = inject.getValue(query, blind=False) query += whereDbsQuery
values = inject.getValue(query, blind=False)
else:
values = ((conf.db, conf.tbl),)
for foundDb, foundTbl in filterPairValues(values): for foundDb, foundTbl in filterPairValues(values):
foundDb = safeSQLIdentificatorNaming(foundDb) foundDb = safeSQLIdentificatorNaming(foundDb)
@ -2254,7 +2267,7 @@ class Enumeration:
query = rootQuery.blind.count query = rootQuery.blind.count
query += colQuery query += colQuery
query += exclDbsQuery query += whereDbsQuery
count = inject.getValue(query, inband=False, error=False, expected=EXPECTED.INT, charsetType=2) count = inject.getValue(query, inband=False, error=False, expected=EXPECTED.INT, charsetType=2)
if not isNumPosStrValue(count): if not isNumPosStrValue(count):
@ -2271,7 +2284,7 @@ class Enumeration:
for index in indexRange: for index in indexRange:
query = rootQuery.blind.query query = rootQuery.blind.query
query += colQuery query += colQuery
query += exclDbsQuery query += whereDbsQuery
if Backend.isDbms(DBMS.DB2): if Backend.isDbms(DBMS.DB2):
query += ") AS foobar" query += ") AS foobar"
query = agent.limitQuery(index, query) query = agent.limitQuery(index, query)
@ -2345,16 +2358,16 @@ class Enumeration:
self.dumpFoundColumn(dbs, foundCols, colConsider) self.dumpFoundColumn(dbs, foundCols, colConsider)
def search(self): def search(self):
if conf.db:
conf.dumper.lister("found databases", self.searchDb())
if conf.tbl:
conf.dumper.dbTables(self.searchTable())
if conf.col: if conf.col:
self.searchColumn() self.searchColumn()
if not conf.db and not conf.tbl and not conf.col: elif conf.tbl:
conf.dumper.dbTables(self.searchTable())
elif conf.db:
conf.dumper.lister("found databases", self.searchDb())
else:
errMsg = "missing parameter, provide -D, -T or -C together " errMsg = "missing parameter, provide -D, -T or -C together "
errMsg += "with --search" errMsg += "with --search"
raise sqlmapMissingMandatoryOptionException, errMsg raise sqlmapMissingMandatoryOptionException, errMsg