mirror of
https://github.com/sqlmapproject/sqlmap.git
synced 2024-11-28 20:43:49 +03:00
Implements #2557
This commit is contained in:
parent
864711b434
commit
9da8d55128
|
@ -19,7 +19,7 @@ from lib.core.enums import DBMS_DIRECTORY_NAME
|
||||||
from lib.core.enums import OS
|
from lib.core.enums import OS
|
||||||
|
|
||||||
# sqlmap version (<major>.<minor>.<month>.<monthly commit>)
|
# sqlmap version (<major>.<minor>.<month>.<monthly commit>)
|
||||||
VERSION = "1.1.6.4"
|
VERSION = "1.1.6.5"
|
||||||
TYPE = "dev" if VERSION.count('.') > 2 and VERSION.split('.')[-1] != '0' else "stable"
|
TYPE = "dev" if VERSION.count('.') > 2 and VERSION.split('.')[-1] != '0' else "stable"
|
||||||
TYPE_COLORS = {"dev": 33, "stable": 90, "pip": 34}
|
TYPE_COLORS = {"dev": 33, "stable": 90, "pip": 34}
|
||||||
VERSION_STRING = "sqlmap/%s#%s" % ('.'.join(VERSION.split('.')[:-1]) if VERSION.count('.') > 2 and VERSION.split('.')[-1] == '0' else VERSION, TYPE)
|
VERSION_STRING = "sqlmap/%s#%s" % ('.'.join(VERSION.split('.')[:-1]) if VERSION.count('.') > 2 and VERSION.split('.')[-1] == '0' else VERSION, TYPE)
|
||||||
|
|
|
@ -352,6 +352,7 @@ def errorUse(expression, dump=False):
|
||||||
value = [] # for empty tables
|
value = [] # for empty tables
|
||||||
return value
|
return value
|
||||||
|
|
||||||
|
if isNumPosStrValue(count) and int(count) > 1:
|
||||||
if " ORDER BY " in expression and (stopLimit - startLimit) > SLOW_ORDER_COUNT_THRESHOLD:
|
if " ORDER BY " in expression and (stopLimit - startLimit) > SLOW_ORDER_COUNT_THRESHOLD:
|
||||||
message = "due to huge table size do you want to remove "
|
message = "due to huge table size do you want to remove "
|
||||||
message += "ORDER BY clause gaining speed over consistency? [y/N] "
|
message += "ORDER BY clause gaining speed over consistency? [y/N] "
|
||||||
|
|
|
@ -284,6 +284,7 @@ def unionUse(expression, unpack=True, dump=False):
|
||||||
value = [] # for empty tables
|
value = [] # for empty tables
|
||||||
return value
|
return value
|
||||||
|
|
||||||
|
if isNumPosStrValue(count) and int(count) > 1:
|
||||||
threadData = getCurrentThreadData()
|
threadData = getCurrentThreadData()
|
||||||
|
|
||||||
try:
|
try:
|
||||||
|
|
|
@ -170,6 +170,26 @@ class Entries:
|
||||||
if not (isTechniqueAvailable(PAYLOAD.TECHNIQUE.UNION) and kb.injection.data[PAYLOAD.TECHNIQUE.UNION].where == PAYLOAD.WHERE.ORIGINAL):
|
if not (isTechniqueAvailable(PAYLOAD.TECHNIQUE.UNION) and kb.injection.data[PAYLOAD.TECHNIQUE.UNION].where == PAYLOAD.WHERE.ORIGINAL):
|
||||||
table = "%s.%s" % (conf.db, tbl)
|
table = "%s.%s" % (conf.db, tbl)
|
||||||
|
|
||||||
|
if Backend.isDbms(DBMS.MSSQL):
|
||||||
|
query = rootQuery.blind.count % table
|
||||||
|
query = agent.whereQuery(query)
|
||||||
|
|
||||||
|
count = inject.getValue(query, blind=False, time=False, expected=EXPECTED.INT, charsetType=CHARSET_TYPE.DIGITS)
|
||||||
|
if isNumPosStrValue(count):
|
||||||
|
indexRange = getLimitRange(count, plusOne=True)
|
||||||
|
|
||||||
|
for index in indexRange:
|
||||||
|
row = []
|
||||||
|
|
||||||
|
for column in colList:
|
||||||
|
query = rootQuery.blind.query3 % (column, column, table, index)
|
||||||
|
query = agent.whereQuery(query)
|
||||||
|
value = inject.getValue(query, blind=False, time=False, dump=True) or ""
|
||||||
|
row.append(value)
|
||||||
|
|
||||||
|
entries.append(row)
|
||||||
|
|
||||||
|
if not entries:
|
||||||
try:
|
try:
|
||||||
retVal = pivotDumpTable(table, colList, blind=False)
|
retVal = pivotDumpTable(table, colList, blind=False)
|
||||||
except KeyboardInterrupt:
|
except KeyboardInterrupt:
|
||||||
|
@ -285,6 +305,25 @@ class Entries:
|
||||||
elif Backend.isDbms(DBMS.MAXDB):
|
elif Backend.isDbms(DBMS.MAXDB):
|
||||||
table = "%s.%s" % (conf.db, tbl)
|
table = "%s.%s" % (conf.db, tbl)
|
||||||
|
|
||||||
|
if Backend.isDbms(DBMS.MSSQL):
|
||||||
|
indexRange = getLimitRange(count, plusOne=True)
|
||||||
|
for index in indexRange:
|
||||||
|
for column in colList:
|
||||||
|
query = rootQuery.blind.query3 % (column, column, table, index)
|
||||||
|
query = agent.whereQuery(query)
|
||||||
|
|
||||||
|
value = inject.getValue(query, union=False, error=False, dump=True) or ""
|
||||||
|
|
||||||
|
if column not in lengths:
|
||||||
|
lengths[column] = 0
|
||||||
|
|
||||||
|
if column not in entries:
|
||||||
|
entries[column] = BigArray()
|
||||||
|
|
||||||
|
lengths[column] = max(lengths[column], len(DUMP_REPLACEMENTS.get(getUnicode(value), getUnicode(value))))
|
||||||
|
entries[column].append(value)
|
||||||
|
|
||||||
|
if not entries:
|
||||||
try:
|
try:
|
||||||
retVal = pivotDumpTable(table, colList, count, blind=True)
|
retVal = pivotDumpTable(table, colList, count, blind=True)
|
||||||
except KeyboardInterrupt:
|
except KeyboardInterrupt:
|
||||||
|
|
|
@ -46,7 +46,7 @@ a09c6ceee8dbb624cc3ca1d17749c8a5 lib/core/option.py
|
||||||
d8e9250f3775119df07e9070eddccd16 lib/core/replication.py
|
d8e9250f3775119df07e9070eddccd16 lib/core/replication.py
|
||||||
785f86e3f963fa3798f84286a4e83ff2 lib/core/revision.py
|
785f86e3f963fa3798f84286a4e83ff2 lib/core/revision.py
|
||||||
40c80b28b3a5819b737a5a17d4565ae9 lib/core/session.py
|
40c80b28b3a5819b737a5a17d4565ae9 lib/core/session.py
|
||||||
6e7731aa5bc04ef76a597c91e0701665 lib/core/settings.py
|
d556e1cf87bd101aa7f0a46fdbbbdff3 lib/core/settings.py
|
||||||
d91291997d2bd2f6028aaf371bf1d3b6 lib/core/shell.py
|
d91291997d2bd2f6028aaf371bf1d3b6 lib/core/shell.py
|
||||||
2ad85c130cc5f2b3701ea85c2f6bbf20 lib/core/subprocessng.py
|
2ad85c130cc5f2b3701ea85c2f6bbf20 lib/core/subprocessng.py
|
||||||
8136241fdbdb99a5dc0e51ba72918f6e lib/core/target.py
|
8136241fdbdb99a5dc0e51ba72918f6e lib/core/target.py
|
||||||
|
@ -93,11 +93,11 @@ b7dd3a2697a08108ddc9a4264922c2e8 lib/takeover/web.py
|
||||||
ab1601a7f429b47637c4fb8af703d0f1 lib/techniques/dns/test.py
|
ab1601a7f429b47637c4fb8af703d0f1 lib/techniques/dns/test.py
|
||||||
d3da4c7ceaf57c4687a052d58722f6bb lib/techniques/dns/use.py
|
d3da4c7ceaf57c4687a052d58722f6bb lib/techniques/dns/use.py
|
||||||
310efc965c862cfbd7b0da5150a5ad36 lib/techniques/error/__init__.py
|
310efc965c862cfbd7b0da5150a5ad36 lib/techniques/error/__init__.py
|
||||||
c7e6589ef171819c4630ca8434f0250b lib/techniques/error/use.py
|
84b729215fd00e789ed75d9c00c97761 lib/techniques/error/use.py
|
||||||
310efc965c862cfbd7b0da5150a5ad36 lib/techniques/__init__.py
|
310efc965c862cfbd7b0da5150a5ad36 lib/techniques/__init__.py
|
||||||
310efc965c862cfbd7b0da5150a5ad36 lib/techniques/union/__init__.py
|
310efc965c862cfbd7b0da5150a5ad36 lib/techniques/union/__init__.py
|
||||||
d71e48e6fd08f75cc612bf8b260994ce lib/techniques/union/test.py
|
d71e48e6fd08f75cc612bf8b260994ce lib/techniques/union/test.py
|
||||||
36194e6c0a8dd14139f57ebf87bb80f9 lib/techniques/union/use.py
|
db3090ff9a740ba096ba676fcf44ebfc lib/techniques/union/use.py
|
||||||
67f0ad96ec2207d7e59c788b858afd6d lib/utils/api.py
|
67f0ad96ec2207d7e59c788b858afd6d lib/utils/api.py
|
||||||
7d10ba0851da8ee9cd3c140dcd18798e lib/utils/brute.py
|
7d10ba0851da8ee9cd3c140dcd18798e lib/utils/brute.py
|
||||||
ed70f1ca9113664043ec9e6778e48078 lib/utils/crawler.py
|
ed70f1ca9113664043ec9e6778e48078 lib/utils/crawler.py
|
||||||
|
@ -203,7 +203,7 @@ deed74334b637767fc9de8f74b37647a plugins/dbms/sybase/fingerprint.py
|
||||||
be7481a96214220bcd8f51ca00239bed plugins/generic/connector.py
|
be7481a96214220bcd8f51ca00239bed plugins/generic/connector.py
|
||||||
5390591ca955036d492de11355b52e8f plugins/generic/custom.py
|
5390591ca955036d492de11355b52e8f plugins/generic/custom.py
|
||||||
4ad4bccc03256b8f3d21ba4f8f759404 plugins/generic/databases.py
|
4ad4bccc03256b8f3d21ba4f8f759404 plugins/generic/databases.py
|
||||||
5eae2e0992a719bfce9cf78ed0a0ea2f plugins/generic/entries.py
|
12b0420d9588828e4a83fe8e89bef162 plugins/generic/entries.py
|
||||||
55802d1d5d65938414c77ccc27731cab plugins/generic/enumeration.py
|
55802d1d5d65938414c77ccc27731cab plugins/generic/enumeration.py
|
||||||
0d10a0410c416fece51c26a935e68568 plugins/generic/filesystem.py
|
0d10a0410c416fece51c26a935e68568 plugins/generic/filesystem.py
|
||||||
2e397afd83939889d1a7a07893b19ae7 plugins/generic/fingerprint.py
|
2e397afd83939889d1a7a07893b19ae7 plugins/generic/fingerprint.py
|
||||||
|
@ -459,4 +459,4 @@ a279656ea3fcb85c727249b02f828383 xml/livetests.xml
|
||||||
3194e2688a7576e1f877d5b137f7c260 xml/payloads/stacked_queries.xml
|
3194e2688a7576e1f877d5b137f7c260 xml/payloads/stacked_queries.xml
|
||||||
c2d8dd03db5a663e79eabb4495dd0723 xml/payloads/time_blind.xml
|
c2d8dd03db5a663e79eabb4495dd0723 xml/payloads/time_blind.xml
|
||||||
ac649aff0e7db413e4937e446e398736 xml/payloads/union_query.xml
|
ac649aff0e7db413e4937e446e398736 xml/payloads/union_query.xml
|
||||||
5bd467d86d7cb55fbe5f66e4ff9a6bec xml/queries.xml
|
7fa7db2c2296baa5e9ea381d4880492f xml/queries.xml
|
||||||
|
|
|
@ -194,7 +194,7 @@
|
||||||
</columns>
|
</columns>
|
||||||
<dump_table>
|
<dump_table>
|
||||||
<inband query="SELECT %s FROM %s.%s"/>
|
<inband query="SELECT %s FROM %s.%s"/>
|
||||||
<blind query="SELECT MIN(%s) FROM %s WHERE CONVERT(NVARCHAR(4000),%s)>'%s'" query2="SELECT MAX(%s) FROM %s WHERE CONVERT(NVARCHAR(4000),%s) LIKE '%s'" count="SELECT LTRIM(STR(COUNT(*))) FROM %s" count2="SELECT LTRIM(STR(COUNT(DISTINCT(%s)))) FROM %s"/>
|
<blind query="SELECT MIN(%s) FROM %s WHERE CONVERT(NVARCHAR(4000),%s)>'%s'" query2="SELECT MAX(%s) FROM %s WHERE CONVERT(NVARCHAR(4000),%s) LIKE '%s'" query3="SELECT %s FROM (SELECT %s, ROW_NUMBER() OVER (ORDER BY (SELECT 1)) AS LIMIT FROM %s)x WHERE LIMIT=%d" count="SELECT LTRIM(STR(COUNT(*))) FROM %s" count2="SELECT LTRIM(STR(COUNT(DISTINCT(%s)))) FROM %s"/>
|
||||||
</dump_table>
|
</dump_table>
|
||||||
<search_db>
|
<search_db>
|
||||||
<inband query="SELECT name FROM master..sysdatabases WHERE %s" condition="name"/>
|
<inband query="SELECT name FROM master..sysdatabases WHERE %s" condition="name"/>
|
||||||
|
|
Loading…
Reference in New Issue
Block a user