sqlmapproject/sqlmap
1
1
Fork 0
mirror of https://github.com/sqlmapproject/sqlmap.git synced 2024-11-22 09:36:35 +03:00
Code Issues Packages Projects Releases Wiki Activity

Some work on Issue #68

Browse Source
This commit is contained in:
Miroslav Stampar 2012-07-11 11:58:47 +02:00
parent 115cd3479e
commit 9c4a62f725
4 changed files with 8 additions and 19 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

4
lib/request/inject.py
View File

@ -233,7 +233,7 @@ def __goInferenceProxy(expression, fromUser=False, expected=None, batch=False, u
countedExpression = countedExpression[:untilOrderChar]
if not stopLimit:
count = __goInference(payload, countedExpression, CHARSET_TYPE.DIGITS, firstChar, lastChar)
count = __goInference(payload, countedExpression, charsetType=CHARSET_TYPE.DIGITS, firstChar=firstChar, lastChar=lastChar)
if isNumPosStrValue(count):
count = int(count)
@ -485,4 +485,4 @@ def goStacked(expression, silent=False):
Request.queryPage(payload, content=False, silent=silent, noteResponseTime=False, timeBasedCompare=True)
def checkBooleanExpression(expression, expectingNone=True):
return getValue(unescaper.unescape(expression), expected=EXPECTED.BOOL, suppressOutput=True, expectingNone=expectingNone)
return getValue(unescaper.unescape(expression), expected=EXPECTED.BOOL, charsetType=CHARSET_TYPE.BINARY, suppressOutput=True, expectingNone=expectingNone)

7
lib/takeover/udf.py
View File

@ -53,12 +53,7 @@ class UDF:
logger.info("checking if UDF '%s' already exist" % udf)
query = agent.forgeCaseStatement(queries[Backend.getIdentifiedDbms()].check_udf.query % (udf, udf))
exists = inject.getValue(query, resumeValue=False, expected=EXPECTED.INT, charsetType=CHARSET_TYPE.DIGITS)
if exists == "1":
return True
else:
return False
return inject.getValue(query, resumeValue=False, expected=EXPECTED.BOOL, charsetType=CHARSET_TYPE.BINARY)
def udfCheckAndOverwrite(self, udf):
exists = self.__checkExistUdf(udf)

2
plugins/dbms/mysql/filesystem.py
View File

@ -29,7 +29,7 @@ class Filesystem(GenericFilesystem):
infoMsg = "fetching file: '%s'" % rFile
logger.info(infoMsg)
result = inject.getValue("SELECT HEX(LOAD_FILE('%s'))" % rFile)
result = inject.getValue("SELECT HEX(LOAD_FILE('%s'))" % rFile, charsetType=CHARSET_TYPE.HEXADECIMAL)
return result

14
plugins/generic/enumeration.py
View File

@ -163,7 +163,7 @@ class Enumeration:
query = queries[Backend.getIdentifiedDbms()].is_dba.query
query = agent.forgeCaseStatement(query)
kb.data.isDba = unArrayizeValue(inject.getValue(query, charsetType=CHARSET_TYPE.BINARY))
kb.data.isDba = unArrayizeValue(inject.getValue(query, expected=EXPECTED.BOOL, charsetType=CHARSET_TYPE.BINARY))
return kb.data.isDba == "1"
@ -928,6 +928,7 @@ class Enumeration:
query = rootQuery.blind.count
else:
query = rootQuery.blind.count % unsafeSQLIdentificatorNaming(db)
count = inject.getValue(query, inband=False, error=False, expected=EXPECTED.INT, charsetType=CHARSET_TYPE.DIGITS)
if not isNumPosStrValue(count):
@ -1423,11 +1424,7 @@ class Enumeration:
logger.info(infoMsg)
query = dumpNode.count2 % (column, table)
if blind:
value = inject.getValue(query, inband=False, error=False, expected=EXPECTED.INT, charsetType=CHARSET_TYPE.DIGITS)
else:
value = inject.getValue(query, blind=False, expected=EXPECTED.INT)
value = inject.getValue(query, blind=blind, inband=not blind, error=not blind, expected=EXPECTED.INT, charsetType=CHARSET_TYPE.DIGITS)
if isNumPosStrValue(value):
validColumnList = True
@ -1472,10 +1469,7 @@ class Enumeration:
else:
query = dumpNode.query2 % (column, table, colList[0], pivotValue)
if blind:
value = inject.getValue(query, inband=False, error=False)
else:
value = inject.getValue(query, blind=False)
value = inject.getValue(query, blind=blind, inband=not blind, error=not blind)
if column == colList[0]:
if isNoneValue(value):