sqlmapproject/sqlmap
1
1
Fork 0
mirror of https://github.com/sqlmapproject/sqlmap.git synced 2024-11-22 17:46:37 +03:00
Code Issues Packages Projects Releases Wiki Activity

Implementation for an Issue #437

Browse Source
This commit is contained in:
stamparm 2013-04-18 17:06:45 +02:00
parent 2defc30dc6
commit 9d045e14e8
4 changed files with 50 additions and 27 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

1
lib/core/optiondict.py
View File

@ -114,6 +114,7 @@ optDict = {
"getCount": "boolean", "getCount": "boolean",
"dumpTable": "boolean", "dumpTable": "boolean",
"dumpAll": "boolean", "dumpAll": "boolean",
"pivotColumn": "string",
"search": "boolean", "search": "boolean",
"db": "string", "db": "string",
"tbl": "string", "tbl": "string",

3
lib/parse/cmdline.py
View File

@ -365,6 +365,9 @@ def cmdLineParser():
enumeration.add_option("--dump-all", dest="dumpAll", action="store_true", enumeration.add_option("--dump-all", dest="dumpAll", action="store_true",
help="Dump all DBMS databases tables entries") help="Dump all DBMS databases tables entries")
enumeration.add_option("--pivot-column", dest="pivotColumn",
help="Pivot column name")
enumeration.add_option("--search", dest="search", action="store_true", enumeration.add_option("--search", dest="search", action="store_true",
help="Search column(s), table(s) and/or database name(s)") help="Search column(s), table(s) and/or database name(s)")

18
lib/utils/pivotdumptable.py
View File

@ -5,6 +5,8 @@ Copyright (c) 2006-2013 sqlmap developers (http://sqlmap.org/)
See the file 'doc/COPYING' for copying permission See the file 'doc/COPYING' for copying permission
""" """
import re
from extra.safe2bin.safe2bin import safechardecode from extra.safe2bin.safe2bin import safechardecode
from lib.core.agent import agent from lib.core.agent import agent
from lib.core.bigarray import BigArray from lib.core.bigarray import BigArray
@ -60,6 +62,21 @@ def pivotDumpTable(table, colList, count=None, blind=True):
colList = filter(None, sorted(colList, key=lambda x: len(x) if x else MAX_INT)) colList = filter(None, sorted(colList, key=lambda x: len(x) if x else MAX_INT))
if conf.pivotColumn:
if any(re.search(r"(.+\.)?%s" % conf.pivotColumn, _, re.I) for _ in colList):
infoMsg = "using column '%s' as a pivot " % conf.pivotColumn
infoMsg += "for retrieving row data"
logger.info(infoMsg)
validPivotValue = True
colList.remove(conf.pivotColumn)
colList.insert(0, conf.pivotColumn)
else:
warnMsg = "column '%s' not " % conf.pivotColumn
warnMsg += "found in table '%s'" % table
logger.warn(warnMsg)
if not validPivotValue:
for column in colList: for column in colList:
infoMsg = "fetching number of distinct " infoMsg = "fetching number of distinct "
infoMsg += "values for column '%s'" % column infoMsg += "values for column '%s'" % column
@ -77,7 +94,6 @@ def pivotDumpTable(table, colList, count=None, blind=True):
logger.info(infoMsg) logger.info(infoMsg)
validPivotValue = True validPivotValue = True
colList.remove(column) colList.remove(column)
colList.insert(0, column) colList.insert(0, column)
break break

3
sqlmap.conf
View File

@ -398,6 +398,9 @@ dumpTable = False
# Valid: True or False # Valid: True or False
dumpAll = False dumpAll = False
# Pivot column name.
pivotColumn =
# Search column(s), table(s) and/or database name(s). # Search column(s), table(s) and/or database name(s).
# Requires: db, tbl or col # Requires: db, tbl or col
# Valid: True or False # Valid: True or False