sqlmapproject/sqlmap
1
1
Fork 0
mirror of https://github.com/sqlmapproject/sqlmap.git synced 2025-02-16 19:40:37 +03:00
Code Issues Packages Projects Releases Wiki Activity

minor update

Browse Source
This commit is contained in:
Miroslav Stampar 2010-10-23 08:05:24 +00:00
parent f8850e3f41
commit 98f5586b87
2 changed files with 9 additions and 5 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

12
lib/techniques/blind/inference.py
View File

@ -17,6 +17,8 @@ from lib.core.common import dataToStdout
from lib.core.common import getCharset from lib.core.common import getCharset
from lib.core.common import goGoodSamaritan from lib.core.common import goGoodSamaritan
from lib.core.common import getPartRun from lib.core.common import getPartRun
from lib.core.common import popValue
from lib.core.common import pushValue
from lib.core.common import readInput from lib.core.common import readInput
from lib.core.common import replaceNewlineTabs from lib.core.common import replaceNewlineTabs
from lib.core.common import safeStringFormat from lib.core.common import safeStringFormat
@ -113,7 +115,7 @@ def bisection(payload, expression, length=None, charsetType=None, firstChar=None
hintlock.release() hintlock.release()
if hintValue is not None and len(hintValue) >= idx: if hintValue is not None and len(hintValue) >= idx:
if kb.dbms == "SQLite": if kb.dbms in ("SQLite", "Microsoft Access", "SAP MaxDB"):
posValue = hintValue[idx-1] posValue = hintValue[idx-1]
else: else:
posValue = ord(hintValue[idx-1]) posValue = ord(hintValue[idx-1])
@ -165,8 +167,8 @@ def bisection(payload, expression, length=None, charsetType=None, firstChar=None
position = (len(charTbl) >> 1) position = (len(charTbl) >> 1)
posValue = charTbl[position] posValue = charTbl[position]
if kb.dbms == "SQLite": if kb.dbms in ("SQLite", "Microsoft Access", "SAP MaxDB"):
posValueOld = posValue pushValue(posValue)
posValue = chr(posValue) if posValue < 128 else unichr(posValue) posValue = chr(posValue) if posValue < 128 else unichr(posValue)
forgedPayload = safeStringFormat(payload, (expressionUnescaped, idx, posValue)) forgedPayload = safeStringFormat(payload, (expressionUnescaped, idx, posValue))
@ -174,8 +176,8 @@ def bisection(payload, expression, length=None, charsetType=None, firstChar=None
queriesCount[0] += 1 queriesCount[0] += 1
result = Request.queryPage(urlencode(forgedPayload)) result = Request.queryPage(urlencode(forgedPayload))
if kb.dbms == "SQLite": if kb.dbms in ("SQLite", "Microsoft Access", "SAP MaxDB"):
posValue = posValueOld posValue = popValue()
if result: if result:
minValue = posValue minValue = posValue

2
xml/queries.xml
View File

@ -354,6 +354,7 @@
<timedelay/> <timedelay/>
<substring query="MID((%s), %d, %d)"/> <substring query="MID((%s), %d, %d)"/>
<case query="IIF(%s,1,0)"/> <case query="IIF(%s,1,0)"/>
<inference query="AND MID((%s), %d, 1) > '%s'"/>
<banner/> <banner/>
<current_user query="SELECT CURRENTUSER()"/> <current_user query="SELECT CURRENTUSER()"/>
<current_db/> <current_db/>
@ -429,6 +430,7 @@
<current_db query="SELECT DATABASE() FROM DUAL"/> <current_db query="SELECT DATABASE() FROM DUAL"/>
<order query="ORDER BY %s ASC"/> <order query="ORDER BY %s ASC"/>
<case query="SELECT (CASE WHEN (%s) THEN 1 ELSE 0 END)"/> <case query="SELECT (CASE WHEN (%s) THEN 1 ELSE 0 END)"/>
<inference query="AND SUBSTR((%s), %d, 1) > '%s'"/>
<delimiter query=","/> <delimiter query=","/>
<substring query="SUBSTR((%s), %d, %d)"/> <substring query="SUBSTR((%s), %d, %d)"/>
</dbms> </dbms>