mirror of
https://github.com/sqlmapproject/sqlmap.git
synced 2024-11-28 20:43:49 +03:00
fix for a bug reported by viniciusmaxdaloop@gmail.com and few related patches
This commit is contained in:
parent
f3ed61af5f
commit
a397baa89a
|
@ -11,6 +11,7 @@ from lib.core.agent import agent
|
||||||
from lib.core.common import arrayizeValue
|
from lib.core.common import arrayizeValue
|
||||||
from lib.core.common import Backend
|
from lib.core.common import Backend
|
||||||
from lib.core.common import getRange
|
from lib.core.common import getRange
|
||||||
|
from lib.core.common import isNoneValue
|
||||||
from lib.core.common import isNumPosStrValue
|
from lib.core.common import isNumPosStrValue
|
||||||
from lib.core.common import isTechniqueAvailable
|
from lib.core.common import isTechniqueAvailable
|
||||||
from lib.core.common import safeSQLIdentificatorNaming
|
from lib.core.common import safeSQLIdentificatorNaming
|
||||||
|
@ -93,7 +94,7 @@ class Enumeration(GenericEnumeration):
|
||||||
query = rootQuery.inband.query % db
|
query = rootQuery.inband.query % db
|
||||||
value = inject.getValue(query, blind=False)
|
value = inject.getValue(query, blind=False)
|
||||||
|
|
||||||
if value:
|
if not isNoneValue(value):
|
||||||
kb.data.cachedTables[db] = arrayizeValue(value)
|
kb.data.cachedTables[db] = arrayizeValue(value)
|
||||||
|
|
||||||
if not kb.data.cachedTables and not conf.direct:
|
if not kb.data.cachedTables and not conf.direct:
|
||||||
|
@ -186,7 +187,7 @@ class Enumeration(GenericEnumeration):
|
||||||
query += tblQuery
|
query += tblQuery
|
||||||
values = inject.getValue(query, blind=False)
|
values = inject.getValue(query, blind=False)
|
||||||
|
|
||||||
if values:
|
if not isNoneValue(values):
|
||||||
if isinstance(values, basestring):
|
if isinstance(values, basestring):
|
||||||
values = [ values ]
|
values = [ values ]
|
||||||
|
|
||||||
|
@ -279,7 +280,7 @@ class Enumeration(GenericEnumeration):
|
||||||
query += " AND %s" % colQuery.replace("[DB]", db)
|
query += " AND %s" % colQuery.replace("[DB]", db)
|
||||||
values = inject.getValue(query, blind=False)
|
values = inject.getValue(query, blind=False)
|
||||||
|
|
||||||
if values:
|
if not isNoneValue(values):
|
||||||
if isinstance(values, basestring):
|
if isinstance(values, basestring):
|
||||||
values = [ values ]
|
values = [ values ]
|
||||||
|
|
||||||
|
|
|
@ -10,6 +10,7 @@ See the file 'doc/COPYING' for copying permission
|
||||||
from lib.core.agent import agent
|
from lib.core.agent import agent
|
||||||
from lib.core.common import Backend
|
from lib.core.common import Backend
|
||||||
from lib.core.common import getRange
|
from lib.core.common import getRange
|
||||||
|
from lib.core.common import isNoneValue
|
||||||
from lib.core.common import isNumPosStrValue
|
from lib.core.common import isNumPosStrValue
|
||||||
from lib.core.common import isTechniqueAvailable
|
from lib.core.common import isTechniqueAvailable
|
||||||
from lib.core.common import safeSQLIdentificatorNaming
|
from lib.core.common import safeSQLIdentificatorNaming
|
||||||
|
@ -64,7 +65,7 @@ class Enumeration(GenericEnumeration):
|
||||||
|
|
||||||
return self.getRoles(query2=True)
|
return self.getRoles(query2=True)
|
||||||
|
|
||||||
if values:
|
if not isNoneValue(values):
|
||||||
for value in values:
|
for value in values:
|
||||||
user = None
|
user = None
|
||||||
roles = set()
|
roles = set()
|
||||||
|
@ -204,7 +205,7 @@ class Enumeration(GenericEnumeration):
|
||||||
query += colQuery
|
query += colQuery
|
||||||
values = inject.getValue(query, blind=False)
|
values = inject.getValue(query, blind=False)
|
||||||
|
|
||||||
if values:
|
if not isNoneValue(values):
|
||||||
if isinstance(values, basestring):
|
if isinstance(values, basestring):
|
||||||
values = [ values ]
|
values = [ values ]
|
||||||
|
|
||||||
|
|
|
@ -175,7 +175,7 @@ class Enumeration:
|
||||||
query = rootQuery.inband.query
|
query = rootQuery.inband.query
|
||||||
value = inject.getValue(query, blind=False)
|
value = inject.getValue(query, blind=False)
|
||||||
|
|
||||||
if value:
|
if not isNoneValue(value):
|
||||||
kb.data.cachedUsers = arrayizeValue(value)
|
kb.data.cachedUsers = arrayizeValue(value)
|
||||||
|
|
||||||
if not kb.data.cachedUsers and not conf.direct:
|
if not kb.data.cachedUsers and not conf.direct:
|
||||||
|
@ -272,7 +272,7 @@ class Enumeration:
|
||||||
else:
|
else:
|
||||||
value = inject.getValue(query, blind=False)
|
value = inject.getValue(query, blind=False)
|
||||||
|
|
||||||
if value:
|
if not isNoneValue(value):
|
||||||
for user, password in value:
|
for user, password in value:
|
||||||
if not user or user == " ":
|
if not user or user == " ":
|
||||||
continue
|
continue
|
||||||
|
@ -467,7 +467,7 @@ class Enumeration:
|
||||||
|
|
||||||
return self.getPrivileges(query2=True)
|
return self.getPrivileges(query2=True)
|
||||||
|
|
||||||
if values:
|
if not isNoneValue(values):
|
||||||
for value in values:
|
for value in values:
|
||||||
user = None
|
user = None
|
||||||
privileges = set()
|
privileges = set()
|
||||||
|
@ -683,7 +683,7 @@ class Enumeration:
|
||||||
query = rootQuery.inband.query
|
query = rootQuery.inband.query
|
||||||
value = inject.getValue(query, blind=False)
|
value = inject.getValue(query, blind=False)
|
||||||
|
|
||||||
if value:
|
if not isNoneValue(value):
|
||||||
kb.data.cachedDbs = arrayizeValue(value)
|
kb.data.cachedDbs = arrayizeValue(value)
|
||||||
|
|
||||||
if not kb.data.cachedDbs and not conf.direct:
|
if not kb.data.cachedDbs and not conf.direct:
|
||||||
|
@ -826,7 +826,7 @@ class Enumeration:
|
||||||
value = inject.getValue(query, blind=False)
|
value = inject.getValue(query, blind=False)
|
||||||
value = filter(lambda x: x, value)
|
value = filter(lambda x: x, value)
|
||||||
|
|
||||||
if value:
|
if not isNoneValue(value):
|
||||||
if Backend.isDbms(DBMS.SQLITE):
|
if Backend.isDbms(DBMS.SQLITE):
|
||||||
if isinstance(value, basestring):
|
if isinstance(value, basestring):
|
||||||
value = [[ DBMS.SQLITE, value ]]
|
value = [[ DBMS.SQLITE, value ]]
|
||||||
|
@ -1073,12 +1073,12 @@ class Enumeration:
|
||||||
|
|
||||||
if Backend.isDbms(DBMS.SQLITE):
|
if Backend.isDbms(DBMS.SQLITE):
|
||||||
parseSqliteTableSchema(value)
|
parseSqliteTableSchema(value)
|
||||||
elif value:
|
elif not isNoneValue(value):
|
||||||
table = {}
|
table = {}
|
||||||
columns = {}
|
columns = {}
|
||||||
|
|
||||||
for columnData in value:
|
for columnData in value:
|
||||||
if columnData[0] is not None:
|
if not isNoneValue(columnData):
|
||||||
name = safeSQLIdentificatorNaming(columnData[0])
|
name = safeSQLIdentificatorNaming(columnData[0])
|
||||||
|
|
||||||
if len(columnData) == 1:
|
if len(columnData) == 1:
|
||||||
|
@ -1836,7 +1836,7 @@ class Enumeration:
|
||||||
query += exclDbsQuery
|
query += exclDbsQuery
|
||||||
values = inject.getValue(query, blind=False)
|
values = inject.getValue(query, blind=False)
|
||||||
|
|
||||||
if values:
|
if not isNoneValue(values):
|
||||||
if isinstance(values, basestring):
|
if isinstance(values, basestring):
|
||||||
values = [ values ]
|
values = [ values ]
|
||||||
|
|
||||||
|
@ -1946,7 +1946,7 @@ class Enumeration:
|
||||||
query += exclDbsQuery
|
query += exclDbsQuery
|
||||||
values = inject.getValue(query, blind=False)
|
values = inject.getValue(query, blind=False)
|
||||||
|
|
||||||
if values:
|
if not isNoneValue(values):
|
||||||
if isinstance(values, basestring):
|
if isinstance(values, basestring):
|
||||||
values = [ values ]
|
values = [ values ]
|
||||||
|
|
||||||
|
@ -2109,7 +2109,7 @@ class Enumeration:
|
||||||
query += exclDbsQuery
|
query += exclDbsQuery
|
||||||
values = inject.getValue(query, blind=False)
|
values = inject.getValue(query, blind=False)
|
||||||
|
|
||||||
if values:
|
if not isNoneValue(values):
|
||||||
if isinstance(values, basestring):
|
if isinstance(values, basestring):
|
||||||
values = [ values ]
|
values = [ values ]
|
||||||
|
|
||||||
|
|
Loading…
Reference in New Issue
Block a user