Implementation for an Issue #437

2024-11-22 09:36:35 +03:00 · 2013-04-18 17:06:45 +02:00 · 2013-04-18 17:06:45 +02:00 · 9d045e14e8
commit 9d045e14e8
parent 2defc30dc6
4 changed files with 50 additions and 27 deletions
--- a/lib/core/optiondict.py
+++ b/lib/core/optiondict.py
@ -114,6 +114,7 @@ optDict = {
                               "getCount":          "boolean",
                               "dumpTable":         "boolean",
                               "dumpAll":           "boolean",
+                               "pivotColumn":       "string",
                               "search":            "boolean",
                               "db":                "string",
                               "tbl":               "string",
--- a/lib/parse/cmdline.py
+++ b/lib/parse/cmdline.py
@ -365,6 +365,9 @@ def cmdLineParser():
        enumeration.add_option("--dump-all", dest="dumpAll", action="store_true",
                               help="Dump all DBMS databases tables entries")

+        enumeration.add_option("--pivot-column", dest="pivotColumn",
+                               help="Pivot column name")
+
        enumeration.add_option("--search", dest="search", action="store_true",
                               help="Search column(s), table(s) and/or database name(s)")

--- a/lib/utils/pivotdumptable.py
+++ b/lib/utils/pivotdumptable.py
@ -5,6 +5,8 @@ Copyright (c) 2006-2013 sqlmap developers (http://sqlmap.org/)
 See the file 'doc/COPYING' for copying permission
 """

+import re
+
 from extra.safe2bin.safe2bin import safechardecode
 from lib.core.agent import agent
 from lib.core.bigarray import BigArray
@ -60,6 +62,21 @@ def pivotDumpTable(table, colList, count=None, blind=True):

    colList = filter(None, sorted(colList, key=lambda x: len(x) if x else MAX_INT))

+    if conf.pivotColumn:
+        if any(re.search(r"(.+\.)?%s" % conf.pivotColumn, _, re.I) for _ in colList):
+            infoMsg = "using column '%s' as a pivot " % conf.pivotColumn
+            infoMsg += "for retrieving row data"
+            logger.info(infoMsg)
+
+            validPivotValue = True
+            colList.remove(conf.pivotColumn)
+            colList.insert(0, conf.pivotColumn)
+        else:
+            warnMsg = "column '%s' not " % conf.pivotColumn
+            warnMsg += "found in table '%s'" % table
+            logger.warn(warnMsg)
+
+    if not validPivotValue:
        for column in colList:
            infoMsg = "fetching number of distinct "
            infoMsg += "values for column '%s'" % column
@ -77,7 +94,6 @@ def pivotDumpTable(table, colList, count=None, blind=True):
                    logger.info(infoMsg)

                    validPivotValue = True
-
                    colList.remove(column)
                    colList.insert(0, column)
                    break
--- a/sqlmap.conf
+++ b/sqlmap.conf
@ -398,6 +398,9 @@ dumpTable = False
 # Valid: True or False
 dumpAll = False

+# Pivot column name.
+pivotColumn = 
+
 # Search column(s), table(s) and/or database name(s).
 # Requires: db, tbl or col
 # Valid: True or False