Adding support for MsAccess usage of parsed FROM table names (e.g. in case of ColdFusion)

2025-02-02 20:54:13 +03:00 · 2016-05-31 11:08:23 +02:00 · 2016-05-31 11:08:23 +02:00 · 9fad72f28b
commit 9fad72f28b
parent 1782bf8e64
4 changed files with 13 additions and 1 deletions
--- a/lib/core/agent.py
+++ b/lib/core/agent.py
@ -721,6 +721,8 @@ class Agent(object):
        if conf.uFrom:
            fromTable = " FROM %s" % conf.uFrom
        elif kb.tableFrom:
            fromTable = " FROM %s" % kb.tableFrom
        else:
            fromTable = fromTable or FROM_DUMMY_TABLE.get(Backend.getIdentifiedDbms(), "")
--- a/lib/core/option.py
+++ b/lib/core/option.py
@ -1930,6 +1930,7 @@ def _setKnowledgeBaseAttributes(flushAll=True):
    kb.storeCrawlingChoice = None
    kb.storeHashesChoice = None
    kb.suppressResumeInfo = False
    kb.tableFrom = None
    kb.technique = None
    kb.tempDir = None
    kb.testMode = False
--- a/lib/core/settings.py
+++ b/lib/core/settings.py
@ -19,7 +19,7 @@ from lib.core.enums import OS
 from lib.core.revision import getRevisionNumber
 # sqlmap version (<major>.<minor>.<month>.<monthly commit>)
-VERSION = "1.0.5.120"
+VERSION = "1.0.5.121"
 REVISION = getRevisionNumber()
 STABLE = VERSION.count('.') <= 2
 VERSION_STRING = "sqlmap/%s#%s" % (VERSION, "stable" if STABLE else "dev")
@ -69,6 +69,9 @@ PAYLOAD_DELIMITER = "__PAYLOAD_DELIMITER__"
 CHAR_INFERENCE_MARK = "%c"
 PRINTABLE_CHAR_REGEX = r"[^\x00-\x1f\x7f-\xff]"
 # Regular expression used for extraction of table names (useful for (e.g.) MsAccess)
 SELECT_FROM_TABLE_REGEX = r"\bSELECT .+? FROM (?P<result>[\w.]+)\b"
 # Regular expression used for recognition of textual content-type
 TEXT_CONTENT_TYPE_REGEX = r"(?i)(text|form|message|xml|javascript|ecmascript|json)"
--- a/lib/request/basic.py
+++ b/lib/request/basic.py
@ -13,6 +13,7 @@ import StringIO
 import struct
 import zlib
 from lib.core.common import Backend
 from lib.core.common import extractErrorMessage
 from lib.core.common import extractRegexResult
 from lib.core.common import getPublicTypeMembers
@ -25,6 +26,7 @@ from lib.core.common import singleTimeWarnMessage
 from lib.core.data import conf
 from lib.core.data import kb
 from lib.core.data import logger
 from lib.core.enums import DBMS
 from lib.core.enums import HTTP_HEADER
 from lib.core.enums import PLACE
 from lib.core.exception import SqlmapCompressionException
@ -34,6 +36,7 @@ from lib.core.settings import EVENTVALIDATION_REGEX
 from lib.core.settings import MAX_CONNECTION_TOTAL_SIZE
 from lib.core.settings import META_CHARSET_REGEX
 from lib.core.settings import PARSE_HEADERS_LIMIT
 from lib.core.settings import SELECT_FROM_TABLE_REGEX
 from lib.core.settings import UNICODE_ENCODING
 from lib.core.settings import VIEWSTATE_REGEX
 from lib.parse.headers import headersParser
@ -331,6 +334,9 @@ def processResponse(page, responseHeaders):
    parseResponse(page, responseHeaders if kb.processResponseCounter < PARSE_HEADERS_LIMIT else None)
    if not kb.tableFrom and Backend.getIdentifiedDbms() in (DBMS.ACCESS,):
        kb.tableFrom = extractRegexResult(SELECT_FROM_TABLE_REGEX, page)
    if conf.parseErrors:
        msg = extractErrorMessage(page)