mirror of
https://github.com/sqlmapproject/sqlmap.git
synced 2025-07-02 02:43:35 +03:00
several MySQL fixes/enhancements pointed out by Anton Mogilin
This commit is contained in:
parent
52f910f752
commit
aa931efd4d
|
@ -220,7 +220,7 @@ Enrico Milanese <enricomilanese@gmail.com>
|
||||||
for providing me with some ideas for the PHP backdoor
|
for providing me with some ideas for the PHP backdoor
|
||||||
|
|
||||||
Anton Mogilin <azarmaster81@yahoo.com>
|
Anton Mogilin <azarmaster81@yahoo.com>
|
||||||
for reporting a minor bug
|
for reporting couple of bugs
|
||||||
|
|
||||||
Alejo Murillo Moya <alex@65535.com>
|
Alejo Murillo Moya <alex@65535.com>
|
||||||
for suggesting a feature
|
for suggesting a feature
|
||||||
|
|
|
@ -212,6 +212,10 @@ def cmdLineParser():
|
||||||
help="Test for stacked queries (multiple "
|
help="Test for stacked queries (multiple "
|
||||||
"statements) support")
|
"statements) support")
|
||||||
|
|
||||||
|
techniques.add_option("--error-test", dest="errorTest",
|
||||||
|
action="store_true", default=False,
|
||||||
|
help="Test for error based SQL injection support (beta)")
|
||||||
|
|
||||||
techniques.add_option("--time-test", dest="timeTest",
|
techniques.add_option("--time-test", dest="timeTest",
|
||||||
action="store_true", default=False,
|
action="store_true", default=False,
|
||||||
help="Test for time based blind SQL injection")
|
help="Test for time based blind SQL injection")
|
||||||
|
@ -492,10 +496,6 @@ def cmdLineParser():
|
||||||
parser.add_option("--profile", dest="profile", action="store_true",
|
parser.add_option("--profile", dest="profile", action="store_true",
|
||||||
default=False, help=SUPPRESS_HELP)
|
default=False, help=SUPPRESS_HELP)
|
||||||
|
|
||||||
parser.add_option("--error-test", dest="errorTest",
|
|
||||||
action="store_true", default=False,
|
|
||||||
help=SUPPRESS_HELP)
|
|
||||||
|
|
||||||
parser.add_option("--cpu-throttle", dest="cpuThrottle", type="int", default=10,
|
parser.add_option("--cpu-throttle", dest="cpuThrottle", type="int", default=10,
|
||||||
help=SUPPRESS_HELP)
|
help=SUPPRESS_HELP)
|
||||||
|
|
||||||
|
|
|
@ -51,7 +51,7 @@ def errorUse(expression):
|
||||||
nulledCastedField = agent.nullAndCastField(fieldToCastStr)
|
nulledCastedField = agent.nullAndCastField(fieldToCastStr)
|
||||||
|
|
||||||
if kb.dbms == "MySQL":
|
if kb.dbms == "MySQL":
|
||||||
nulledCastedField = nulledCastedField.replace("CHAR(10000)", "CHAR(255)") #fix for that 'Subquery returns more than 1 row'
|
nulledCastedField = nulledCastedField.replace("AS CHAR)", "AS CHAR(255))") #fix for that 'Subquery returns more than 1 row'
|
||||||
|
|
||||||
expressionReplaced = expression.replace(fieldToCastStr, nulledCastedField, 1)
|
expressionReplaced = expression.replace(fieldToCastStr, nulledCastedField, 1)
|
||||||
expressionUnescaped = unescaper.unescape(expressionReplaced)
|
expressionUnescaped = unescaper.unescape(expressionReplaced)
|
||||||
|
|
|
@ -3,7 +3,7 @@
|
||||||
<root>
|
<root>
|
||||||
<!-- MySQL -->
|
<!-- MySQL -->
|
||||||
<dbms value="MySQL">
|
<dbms value="MySQL">
|
||||||
<cast query="CAST(%s AS CHAR(10000))"/>
|
<cast query="CAST(%s AS CHAR)"/>
|
||||||
<length query="LENGTH(%s)"/>
|
<length query="LENGTH(%s)"/>
|
||||||
<isnull query="IFNULL(%s, ' ')"/>
|
<isnull query="IFNULL(%s, ' ')"/>
|
||||||
<delimiter query=","/>
|
<delimiter query=","/>
|
||||||
|
@ -26,9 +26,9 @@
|
||||||
<case query="SELECT (CASE WHEN (%s) THEN 1 ELSE 0 END)"/>
|
<case query="SELECT (CASE WHEN (%s) THEN 1 ELSE 0 END)"/>
|
||||||
<error query="%s (SELECT %s FROM(SELECT COUNT(*),CONCAT(%s,(%s),%s,FLOOR(RAND(0)*2))x FROM information_schema.tables GROUP BY x)a)"/>
|
<error query="%s (SELECT %s FROM(SELECT COUNT(*),CONCAT(%s,(%s),%s,FLOOR(RAND(0)*2))x FROM information_schema.tables GROUP BY x)a)"/>
|
||||||
<inference query="AND ORD(MID((%s), %d, 1)) > %d"/>
|
<inference query="AND ORD(MID((%s), %d, 1)) > %d"/>
|
||||||
<banner query="SELECT VERSION()"/>
|
<banner query="VERSION()"/>
|
||||||
<current_user query="SELECT CURRENT_USER()"/>
|
<current_user query="CURRENT_USER()"/>
|
||||||
<current_db query="SELECT DATABASE()"/>
|
<current_db query="DATABASE()"/>
|
||||||
<is_dba query="(SELECT super_priv FROM mysql.user WHERE user=(SUBSTRING_INDEX(CURRENT_USER(), '@', 1)) LIMIT 0, 1)='Y'"/>
|
<is_dba query="(SELECT super_priv FROM mysql.user WHERE user=(SUBSTRING_INDEX(CURRENT_USER(), '@', 1)) LIMIT 0, 1)='Y'"/>
|
||||||
<check_udf query="(SELECT name FROM mysql.func WHERE name='%s' LIMIT 0, 1)='%s'"/>
|
<check_udf query="(SELECT name FROM mysql.func WHERE name='%s' LIMIT 0, 1)='%s'"/>
|
||||||
<users>
|
<users>
|
||||||
|
|
Loading…
Reference in New Issue
Block a user