mirror of
				https://github.com/sqlmapproject/sqlmap.git
				synced 2025-10-26 13:41:10 +03:00 
			
		
		
		
	that Sybase is going to be pain in the ass
This commit is contained in:
		
							parent
							
								
									73eea81b3a
								
							
						
					
					
						commit
						9b56fbafbe
					
				|  | @ -20,6 +20,7 @@ from lib.core.common import getUnicode | ||||||
| from lib.core.common import parsePasswordHash | from lib.core.common import parsePasswordHash | ||||||
| from lib.core.common import popValue | from lib.core.common import popValue | ||||||
| from lib.core.common import pushValue | from lib.core.common import pushValue | ||||||
|  | from lib.core.common import randomStr | ||||||
| from lib.core.common import readInput | from lib.core.common import readInput | ||||||
| from lib.core.common import safeStringFormat | from lib.core.common import safeStringFormat | ||||||
| from lib.core.convert import urlencode | from lib.core.convert import urlencode | ||||||
|  | @ -165,7 +166,9 @@ class Enumeration: | ||||||
|             indexRange = getRange(count, plusOne=plusOne) |             indexRange = getRange(count, plusOne=plusOne) | ||||||
| 
 | 
 | ||||||
|             for index in indexRange: |             for index in indexRange: | ||||||
|                 if condition: |                 if kb.dbms == "Sybase": | ||||||
|  |                     query = rootQuery.blind.query % (','.join(map(lambda x: "'%s'" % x, kb.data.cachedUsers)) if kb.data.cachedUsers else "'%s'" % randomStr()) | ||||||
|  |                 elif condition: | ||||||
|                     query = rootQuery.blind.query2 % index |                     query = rootQuery.blind.query2 % index | ||||||
|                 else: |                 else: | ||||||
|                     query = rootQuery.blind.query % index |                     query = rootQuery.blind.query % index | ||||||
|  |  | ||||||
|  | @ -473,7 +473,7 @@ | ||||||
|         <is_dba query="PATINDEX('%sa_role%', SHOW_ROLE())>0"/> |         <is_dba query="PATINDEX('%sa_role%', SHOW_ROLE())>0"/> | ||||||
|         <users> |         <users> | ||||||
|             <inband query="SELECT name FROM master..syslogins ORDER BY 1"/> |             <inband query="SELECT name FROM master..syslogins ORDER BY 1"/> | ||||||
|             <blind query="SELECT TOP 1 name FROM master..syslogins WHERE name NOT IN (SELECT TOP %d name FROM master..syslogins)" count="SELECT LTRIM(STR(COUNT(name))) FROM master..syslogins"/> |             <blind query="SELECT MIN(name) FROM master..syslogins WHERE name NOT IN (%s)" count="SELECT LTRIM(STR(COUNT(name))) FROM master..syslogins"/> | ||||||
|         </users> |         </users> | ||||||
|         <passwords> |         <passwords> | ||||||
|             <inband query="SELECT name, password FROM master..syslogins" condition="name"/> |             <inband query="SELECT name, password FROM master..syslogins" condition="name"/> | ||||||
|  |  | ||||||
		Loading…
	
		Reference in New Issue
	
	Block a user