sqlmapproject/sqlmap
1
1
Fork 0
mirror of https://github.com/sqlmapproject/sqlmap.git synced 2024-11-22 09:36:35 +03:00
Code Issues Packages Projects Releases Wiki Activity

Implementation for an Issue #437

Browse Source
This commit is contained in:
stamparm 2013-04-18 17:06:45 +02:00
parent 2defc30dc6
commit 9d045e14e8
4 changed files with 50 additions and 27 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

1
lib/core/optiondict.py
View File

@ -114,6 +114,7 @@ optDict = {
"getCount": "boolean", "getCount": "boolean",
"dumpTable": "boolean", "dumpTable": "boolean",
"dumpAll": "boolean", "dumpAll": "boolean",
"pivotColumn": "string",
"search": "boolean", "search": "boolean",
"db": "string", "db": "string",
"tbl": "string", "tbl": "string",

3
lib/parse/cmdline.py
View File

@ -365,6 +365,9 @@ def cmdLineParser():
enumeration.add_option("--dump-all", dest="dumpAll", action="store_true", enumeration.add_option("--dump-all", dest="dumpAll", action="store_true",
help="Dump all DBMS databases tables entries") help="Dump all DBMS databases tables entries")
enumeration.add_option("--pivot-column", dest="pivotColumn",
help="Pivot column name")
enumeration.add_option("--search", dest="search", action="store_true", enumeration.add_option("--search", dest="search", action="store_true",
help="Search column(s), table(s) and/or database name(s)") help="Search column(s), table(s) and/or database name(s)")

70
lib/utils/pivotdumptable.py
View File

@ -5,6 +5,8 @@ Copyright (c) 2006-2013 sqlmap developers (http://sqlmap.org/)
See the file 'doc/COPYING' for copying permission See the file 'doc/COPYING' for copying permission
""" """
import re
from extra.safe2bin.safe2bin import safechardecode from extra.safe2bin.safe2bin import safechardecode
from lib.core.agent import agent from lib.core.agent import agent
from lib.core.bigarray import BigArray from lib.core.bigarray import BigArray
@ -60,36 +62,50 @@ def pivotDumpTable(table, colList, count=None, blind=True):
colList = filter(None, sorted(colList, key=lambda x: len(x) if x else MAX_INT)) colList = filter(None, sorted(colList, key=lambda x: len(x) if x else MAX_INT))
for column in colList: if conf.pivotColumn:
infoMsg = "fetching number of distinct " if any(re.search(r"(.+\.)?%s" % conf.pivotColumn, _, re.I) for _ in colList):
infoMsg += "values for column '%s'" % column infoMsg = "using column '%s' as a pivot " % conf.pivotColumn
logger.info(infoMsg) infoMsg += "for retrieving row data"
logger.info(infoMsg)
query = dumpNode.count2 % (column, table) validPivotValue = True
value = inject.getValue(query, blind=blind, union=not blind, error=not blind, expected=EXPECTED.INT, charsetType=CHARSET_TYPE.DIGITS) colList.remove(conf.pivotColumn)
colList.insert(0, conf.pivotColumn)
if isNumPosStrValue(value): else:
validColumnList = True warnMsg = "column '%s' not " % conf.pivotColumn
warnMsg += "found in table '%s'" % table
if value == count: logger.warn(warnMsg)
infoMsg = "using column '%s' as a pivot " % column
infoMsg += "for retrieving row data"
logger.info(infoMsg)
validPivotValue = True
colList.remove(column)
colList.insert(0, column)
break
if not validColumnList:
errMsg = "all column name(s) provided are non-existent"
raise SqlmapNoneDataException(errMsg)
if not validPivotValue: if not validPivotValue:
warnMsg = "no proper pivot column provided (with unique values)." for column in colList:
warnMsg += " It won't be possible to retrieve all rows" infoMsg = "fetching number of distinct "
logger.warn(warnMsg) infoMsg += "values for column '%s'" % column
logger.info(infoMsg)
query = dumpNode.count2 % (column, table)
value = inject.getValue(query, blind=blind, union=not blind, error=not blind, expected=EXPECTED.INT, charsetType=CHARSET_TYPE.DIGITS)
if isNumPosStrValue(value):
validColumnList = True
if value == count:
infoMsg = "using column '%s' as a pivot " % column
infoMsg += "for retrieving row data"
logger.info(infoMsg)
validPivotValue = True
colList.remove(column)
colList.insert(0, column)
break
if not validColumnList:
errMsg = "all column name(s) provided are non-existent"
raise SqlmapNoneDataException(errMsg)
if not validPivotValue:
warnMsg = "no proper pivot column provided (with unique values)."
warnMsg += " It won't be possible to retrieve all rows"
logger.warn(warnMsg)
pivotValue = " " pivotValue = " "
breakRetrieval = False breakRetrieval = False

3
sqlmap.conf
View File

@ -398,6 +398,9 @@ dumpTable = False
# Valid: True or False # Valid: True or False
dumpAll = False dumpAll = False
# Pivot column name.
pivotColumn =
# Search column(s), table(s) and/or database name(s). # Search column(s), table(s) and/or database name(s).
# Requires: db, tbl or col # Requires: db, tbl or col
# Valid: True or False # Valid: True or False