Minor fixes

2025-10-31 16:07:55 +03:00 · 2013-02-15 16:48:58 +01:00 · 2013-02-15 16:48:58 +01:00 · 97c06854a4
commit 97c06854a4
parent 0e7f771be6
4 changed files with 13 additions and 13 deletions
--- a/lib/core/dump.py
+++ b/lib/core/dump.py
@ -579,9 +579,9 @@ class Dump(object):

        for column in dbColumnsDict.keys():
            if colConsider == "1":
-                colConsiderStr = "s like '" + column + "' were"
+                colConsiderStr = "s like '%s' were" % unsafeSQLIdentificatorNaming(column)
            else:
-                colConsiderStr = " '%s' was" % column
+                colConsiderStr = " '%s' was" % unsafeSQLIdentificatorNaming(column)

            msg = "Column%s found in the " % colConsiderStr
            msg += "following databases:"
--- a/plugins/generic/databases.py
+++ b/plugins/generic/databases.py
@ -247,7 +247,7 @@ class Databases:
                return tableExists(paths.COMMON_TABLES)

        infoMsg = "fetching tables for database"
-        infoMsg += "%s: '%s'" % ("s" if len(dbs) > 1 else "", ", ".join(db if isinstance(db, basestring) else db[0] for db in sorted(dbs)))
+        infoMsg += "%s: '%s'" % ("s" if len(dbs) > 1 else "", ", ".join(unsafeSQLIdentificatorNaming(unArrayizeValue(db)) for db in sorted(dbs)))
        logger.info(infoMsg)

        rootQuery = queries[Backend.getIdentifiedDbms()].tables
@ -261,7 +261,7 @@ class Databases:
                    query += " WHERE %s" % condition

                    if conf.excludeSysDbs:
-                        infoMsg = "skipping system database%s '%s'" % ("s" if len(self.excludeDbsList) > 1 else "", ", ".join(db for db in self.excludeDbsList))
+                        infoMsg = "skipping system database%s '%s'" % ("s" if len(self.excludeDbsList) > 1 else "", ", ".join(unsafeSQLIdentificatorNaming(db) for db in self.excludeDbsList))
                        logger.info(infoMsg)
                        query += " IN (%s)" % ",".join("'%s'" % unsafeSQLIdentificatorNaming(db) for db in sorted(dbs) if db not in self.excludeDbsList)
                    else:
@ -290,7 +290,7 @@ class Databases:
        if not kb.data.cachedTables and isInferenceAvailable() and not conf.direct:
            for db in dbs:
                if conf.excludeSysDbs and db in self.excludeDbsList:
-                    infoMsg = "skipping system database '%s'" % db
+                    infoMsg = "skipping system database '%s'" % unsafeSQLIdentificatorNaming(db)
                    logger.info(infoMsg)

                    continue
@ -569,7 +569,7 @@ class Databases:
                   and conf.db in kb.data.cachedColumns and tbl in \
                   kb.data.cachedColumns[conf.db]:
                    infoMsg = "fetched tables' columns on "
-                    infoMsg += "database '%s'" % conf.db
+                    infoMsg += "database '%s'" % unsafeSQLIdentificatorNaming(conf.db)
                    logger.info(infoMsg)

                    return {conf.db: kb.data.cachedColumns[conf.db]}
@ -692,7 +692,7 @@ class Databases:

        if not kb.data.cachedColumns:
            warnMsg = "unable to retrieve column names for "
-            warnMsg += ("table '%s' " % tblList[0]) if len(tblList) == 1 else "any table "
+            warnMsg += ("table '%s' " % unsafeSQLIdentificatorNaming(unArrayizeValue(tblList))) if len(tblList) == 1 else "any table "
            warnMsg += "in database '%s'" % unsafeSQLIdentificatorNaming(conf.db)
            logger.warn(warnMsg)

--- a/plugins/generic/entries.py
+++ b/plugins/generic/entries.py
@ -363,7 +363,7 @@ class Entries:

                        self.dumpTable()
                    except SqlmapNoneDataException:
-                        infoMsg = "skipping table '%s'" % table
+                        infoMsg = "skipping table '%s'" % unsafeSQLIdentificatorNaming(table)
                        logger.info(infoMsg)

    def dumpFoundColumn(self, dbs, foundCols, colConsider):
@ -378,7 +378,7 @@ class Entries:

        for db, tblData in dbs.items():
            if tblData:
-                message += "[%s]\n" % db
+                message += "[%s]\n" % unsafeSQLIdentificatorNaming(db)

        message += "[q]uit"
        test = readInput(message, default="a")
@ -441,7 +441,7 @@ class Entries:

        for db, tablesList in tables.items():
            if tablesList:
-                message += "[%s]\n" % db
+                message += "[%s]\n" % unsafeSQLIdentificatorNaming(db)

        message += "[q]uit"
        test = readInput(message, default="a")
@ -459,11 +459,11 @@ class Entries:

            conf.db = db
            dumpFromTbls = []
-            message = "which table(s) of database '%s'?\n" % db
+            message = "which table(s) of database '%s'?\n" % unsafeSQLIdentificatorNaming(db)
            message += "[a]ll (default)\n"

            for tbl in tablesList:
-                message += "[%s]\n" % tbl
+                message += "[%s]\n" % unsafeSQLIdentificatorNaming(tbl)

            message += "[s]kip\n"
            message += "[q]uit"
--- a/plugins/generic/search.py
+++ b/plugins/generic/search.py
@ -519,7 +519,7 @@ class Search:
                        logger.info(infoMsg)

                        query = rootQuery.blind.count2
-                        query = query % db
+                        query = query % unsafeSQLIdentificatorNaming(db)
                        query += " AND %s" % colQuery
                        query += whereTblsQuery