sqlmapproject/sqlmap
1
1
Fork 0
mirror of https://github.com/sqlmapproject/sqlmap.git synced 2025-01-24 08:14:24 +03:00
Code Issues Packages Projects Releases Wiki Activity

added new option --space

Browse Source
This commit is contained in:
Miroslav Stampar 2010-09-24 21:59:03 +00:00
parent 327bfcbe97
commit 9cd5d3bde7
3 changed files with 22 additions and 12 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

25
lib/core/agent.py
View File

@ -28,6 +28,7 @@ from xml.etree import ElementTree as ET
from lib.core.common import randomInt
from lib.core.common import randomStr
from lib.core.common import replaceSpaces
from lib.core.convert import urlencode
from lib.core.data import conf
from lib.core.data import kb
@ -119,7 +120,7 @@ class Agent:
retValue = paramString.replace("%s=%s" % (parameter, value),
"%s=%s" % (parameter, newValue))
return retValue
return replaceSpaces(retValue)
def fullPayload(self, query):
if conf.direct:
@ -160,7 +161,7 @@ class Agent:
query += string
return query
return replaceSpaces(query)
def postfixQuery(self, string, comment=None):
"""
@ -198,7 +199,7 @@ class Agent:
else:
raise sqlmapNoneDataException, "unsupported injection type"
return string
return replaceSpaces(string)
def nullAndCastField(self, field):
"""
@ -233,7 +234,7 @@ class Agent:
# SQLite version 2 does not support neither CAST() nor IFNULL(),
# introduced only in SQLite version 3
if kb.dbms == "SQLite":
return field
return replaceSpaces(field)
if field.startswith("(CASE"):
nulledCastedField = field
@ -241,7 +242,7 @@ class Agent:
nulledCastedField = queries[kb.dbms].cast % field
nulledCastedField = queries[kb.dbms].isnull % nulledCastedField
return nulledCastedField
return replaceSpaces(nulledCastedField)
def nullCastConcatFields(self, fields):
"""
@ -274,7 +275,7 @@ class Agent:
"""
if not kb.dbmsDetected:
return fields
return replaceSpaces(fields)
fields = fields.replace(", ", ",")
fieldsSplitted = fields.split(",")
@ -287,7 +288,7 @@ class Agent:
delimiterStr = "%s'%s'%s" % (dbmsDelimiter, temp.delimiter, dbmsDelimiter)
nulledCastedConcatFields = delimiterStr.join([field for field in nulledCastedFields])
return nulledCastedConcatFields
return replaceSpaces(nulledCastedConcatFields)
def getFields(self, query):
"""
@ -346,7 +347,7 @@ class Agent:
elif kb.dbms == "Microsoft SQL Server":
concatenatedQuery = "%s+%s" % (query1, query2)
return concatenatedQuery
return replaceSpaces(concatenatedQuery)
def concatQuery(self, query, unpack=True):
"""
@ -431,7 +432,7 @@ class Agent:
elif fieldsNoSelect:
concatenatedQuery = "'%s'+%s+'%s'" % (temp.start, concatenatedQuery, temp.stop)
return concatenatedQuery
return replaceSpaces(concatenatedQuery)
def forgeInbandQuery(self, query, exprPosition=None, nullChar="NULL"):
"""
@ -509,7 +510,7 @@ class Agent:
inbandQuery = self.postfixQuery(inbandQuery, kb.unionComment)
return inbandQuery
return replaceSpaces(inbandQuery)
def limitQuery(self, num, query, field=None):
"""
@ -601,7 +602,7 @@ class Agent:
if orderBy:
limitedQuery += orderBy
return limitedQuery
return replaceSpaces(limitedQuery)
def forgeCaseStatement(self, expression):
"""
@ -620,7 +621,7 @@ class Agent:
@rtype: C{str}
"""
return queries[kb.dbms].case % expression
return replaceSpaces(queries[kb.dbms].case % expression)
# SQL agent
agent = Agent()

6
lib/core/common.py
View File

@ -1404,3 +1404,9 @@ def longestCommonPrefix(*sequences):
def commonFinderOnly(initial, sequence):
return longestCommonPrefix(*filter(lambda x: x.startswith(initial), sequence))
def replaceSpaces(query):
if query:
return query if conf.space is None else query.replace(' ', conf.space)
else:
return query

3
lib/parse/cmdline.py
View File

@ -194,6 +194,9 @@ def cmdLineParser():
injection.add_option("--threshold", dest="thold", type="float",
help="Page comparison threshold value (0.0-1.0)")
injection.add_option("--space", dest="space",
help="Use defined string instead of standard ' '")
injection.add_option("--use-between", dest="useBetween",
action="store_true",
help="Use operator BETWEEN instead of default '>'")