sqlmapproject/sqlmap
1
1
Fork 0
mirror of https://github.com/sqlmapproject/sqlmap.git synced 2025-02-16 19:40:37 +03:00
Code Issues Packages Projects Releases Wiki Activity

that Sybase is going to be pain in the ass

Browse Source
This commit is contained in:
Miroslav Stampar 2010-10-25 21:43:13 +00:00
parent 73eea81b3a
commit 9b56fbafbe
2 changed files with 5 additions and 2 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

5
plugins/generic/enumeration.py
View File

@ -20,6 +20,7 @@ from lib.core.common import getUnicode
from lib.core.common import parsePasswordHash
from lib.core.common import popValue
from lib.core.common import pushValue
from lib.core.common import randomStr
from lib.core.common import readInput
from lib.core.common import safeStringFormat
from lib.core.convert import urlencode
@ -165,7 +166,9 @@ class Enumeration:
indexRange = getRange(count, plusOne=plusOne)
for index in indexRange:
if condition:
if kb.dbms == "Sybase":
query = rootQuery.blind.query % (','.join(map(lambda x: "'%s'" % x, kb.data.cachedUsers)) if kb.data.cachedUsers else "'%s'" % randomStr())
elif condition:
query = rootQuery.blind.query2 % index
else:
query = rootQuery.blind.query % index

2
xml/queries.xml
View File

@ -473,7 +473,7 @@
<is_dba query="PATINDEX('%sa_role%', SHOW_ROLE())>0"/>
<users>
<inband query="SELECT name FROM master..syslogins ORDER BY 1"/>
<blind query="SELECT TOP 1 name FROM master..syslogins WHERE name NOT IN (SELECT TOP %d name FROM master..syslogins)" count="SELECT LTRIM(STR(COUNT(name))) FROM master..syslogins"/>
<blind query="SELECT MIN(name) FROM master..syslogins WHERE name NOT IN (%s)" count="SELECT LTRIM(STR(COUNT(name))) FROM master..syslogins"/>
</users>
<passwords>
<inband query="SELECT name, password FROM master..syslogins" condition="name"/>