mirror of
				https://github.com/sqlmapproject/sqlmap.git
				synced 2025-10-25 13:11:00 +03:00 
			
		
		
		
	Adding support for MsAccess usage of parsed FROM table names (e.g. in case of ColdFusion)
This commit is contained in:
		
							parent
							
								
									1782bf8e64
								
							
						
					
					
						commit
						9fad72f28b
					
				|  | @ -721,6 +721,8 @@ class Agent(object): | |||
| 
 | ||||
|         if conf.uFrom: | ||||
|             fromTable = " FROM %s" % conf.uFrom | ||||
|         elif kb.tableFrom: | ||||
|             fromTable = " FROM %s" % kb.tableFrom | ||||
|         else: | ||||
|             fromTable = fromTable or FROM_DUMMY_TABLE.get(Backend.getIdentifiedDbms(), "") | ||||
| 
 | ||||
|  |  | |||
|  | @ -1930,6 +1930,7 @@ def _setKnowledgeBaseAttributes(flushAll=True): | |||
|     kb.storeCrawlingChoice = None | ||||
|     kb.storeHashesChoice = None | ||||
|     kb.suppressResumeInfo = False | ||||
|     kb.tableFrom = None | ||||
|     kb.technique = None | ||||
|     kb.tempDir = None | ||||
|     kb.testMode = False | ||||
|  |  | |||
|  | @ -19,7 +19,7 @@ from lib.core.enums import OS | |||
| from lib.core.revision import getRevisionNumber | ||||
| 
 | ||||
| # sqlmap version (<major>.<minor>.<month>.<monthly commit>) | ||||
| VERSION = "1.0.5.120" | ||||
| VERSION = "1.0.5.121" | ||||
| REVISION = getRevisionNumber() | ||||
| STABLE = VERSION.count('.') <= 2 | ||||
| VERSION_STRING = "sqlmap/%s#%s" % (VERSION, "stable" if STABLE else "dev") | ||||
|  | @ -69,6 +69,9 @@ PAYLOAD_DELIMITER = "__PAYLOAD_DELIMITER__" | |||
| CHAR_INFERENCE_MARK = "%c" | ||||
| PRINTABLE_CHAR_REGEX = r"[^\x00-\x1f\x7f-\xff]" | ||||
| 
 | ||||
| # Regular expression used for extraction of table names (useful for (e.g.) MsAccess) | ||||
| SELECT_FROM_TABLE_REGEX = r"\bSELECT .+? FROM (?P<result>[\w.]+)\b" | ||||
| 
 | ||||
| # Regular expression used for recognition of textual content-type | ||||
| TEXT_CONTENT_TYPE_REGEX = r"(?i)(text|form|message|xml|javascript|ecmascript|json)" | ||||
| 
 | ||||
|  |  | |||
|  | @ -13,6 +13,7 @@ import StringIO | |||
| import struct | ||||
| import zlib | ||||
| 
 | ||||
| from lib.core.common import Backend | ||||
| from lib.core.common import extractErrorMessage | ||||
| from lib.core.common import extractRegexResult | ||||
| from lib.core.common import getPublicTypeMembers | ||||
|  | @ -25,6 +26,7 @@ from lib.core.common import singleTimeWarnMessage | |||
| from lib.core.data import conf | ||||
| from lib.core.data import kb | ||||
| from lib.core.data import logger | ||||
| from lib.core.enums import DBMS | ||||
| from lib.core.enums import HTTP_HEADER | ||||
| from lib.core.enums import PLACE | ||||
| from lib.core.exception import SqlmapCompressionException | ||||
|  | @ -34,6 +36,7 @@ from lib.core.settings import EVENTVALIDATION_REGEX | |||
| from lib.core.settings import MAX_CONNECTION_TOTAL_SIZE | ||||
| from lib.core.settings import META_CHARSET_REGEX | ||||
| from lib.core.settings import PARSE_HEADERS_LIMIT | ||||
| from lib.core.settings import SELECT_FROM_TABLE_REGEX | ||||
| from lib.core.settings import UNICODE_ENCODING | ||||
| from lib.core.settings import VIEWSTATE_REGEX | ||||
| from lib.parse.headers import headersParser | ||||
|  | @ -331,6 +334,9 @@ def processResponse(page, responseHeaders): | |||
| 
 | ||||
|     parseResponse(page, responseHeaders if kb.processResponseCounter < PARSE_HEADERS_LIMIT else None) | ||||
| 
 | ||||
|     if not kb.tableFrom and Backend.getIdentifiedDbms() in (DBMS.ACCESS,): | ||||
|         kb.tableFrom = extractRegexResult(SELECT_FROM_TABLE_REGEX, page) | ||||
| 
 | ||||
|     if conf.parseErrors: | ||||
|         msg = extractErrorMessage(page) | ||||
| 
 | ||||
|  |  | |||
		Loading…
	
		Reference in New Issue
	
	Block a user