Minor refactoring

This commit is contained in:
Miroslav Stampar 2017-01-02 15:14:59 +01:00
parent e0eeed0a96
commit c29db43bfa
5 changed files with 26 additions and 27 deletions

View File

@ -1079,5 +1079,20 @@ class Agent(object):
return query return query
def whereQuery(self, query):
if conf.dumpWhere and query:
prefix, suffix = query.split(" ORDER BY ") if " ORDER BY " in query else (query, "")
if "%s)" % conf.tbl.upper() in prefix.upper():
prefix = re.sub(r"(?i)%s\)" % re.escape(conf.tbl), "%s WHERE %s)" % (conf.tbl, conf.dumpWhere), prefix)
elif re.search(r"(?i)\bWHERE\b", prefix):
prefix += " AND %s" % conf.dumpWhere
else:
prefix += " WHERE %s" % conf.dumpWhere
query = "%s ORDER BY %s" % (prefix, suffix) if suffix else prefix
return query
# SQL agent # SQL agent
agent = Agent() agent = Agent()

View File

@ -19,7 +19,7 @@ from lib.core.enums import DBMS_DIRECTORY_NAME
from lib.core.enums import OS from lib.core.enums import OS
# sqlmap version (<major>.<minor>.<month>.<monthly commit>) # sqlmap version (<major>.<minor>.<month>.<monthly commit>)
VERSION = "1.1.1.1" VERSION = "1.1.1.2"
TYPE = "dev" if VERSION.count('.') > 2 and VERSION.split('.')[-1] != '0' else "stable" TYPE = "dev" if VERSION.count('.') > 2 and VERSION.split('.')[-1] != '0' else "stable"
TYPE_COLORS = {"dev": 33, "stable": 90, "pip": 34} TYPE_COLORS = {"dev": 33, "stable": 90, "pip": 34}
VERSION_STRING = "sqlmap/%s#%s" % ('.'.join(VERSION.split('.')[:-1]) if VERSION.count('.') > 2 and VERSION.split('.')[-1] == '0' else VERSION, TYPE) VERSION_STRING = "sqlmap/%s#%s" % ('.'.join(VERSION.split('.')[:-1]) if VERSION.count('.') > 2 and VERSION.split('.')[-1] == '0' else VERSION, TYPE)

View File

@ -41,7 +41,7 @@ def pivotDumpTable(table, colList, count=None, blind=True):
if count is None: if count is None:
query = dumpNode.count % table query = dumpNode.count % table
query = whereQuery(query) query = agent.whereQuery(query)
count = inject.getValue(query, union=False, error=False, expected=EXPECTED.INT, charsetType=CHARSET_TYPE.DIGITS) if blind else inject.getValue(query, blind=False, time=False, expected=EXPECTED.INT) count = inject.getValue(query, union=False, error=False, expected=EXPECTED.INT, charsetType=CHARSET_TYPE.DIGITS) if blind else inject.getValue(query, blind=False, time=False, expected=EXPECTED.INT)
if isinstance(count, basestring) and count.isdigit(): if isinstance(count, basestring) and count.isdigit():
@ -91,7 +91,7 @@ def pivotDumpTable(table, colList, count=None, blind=True):
logger.info(infoMsg) logger.info(infoMsg)
query = dumpNode.count2 % (column, table) query = dumpNode.count2 % (column, table)
query = whereQuery(query) query = agent.whereQuery(query)
value = inject.getValue(query, blind=blind, union=not blind, error=not blind, expected=EXPECTED.INT, charsetType=CHARSET_TYPE.DIGITS) value = inject.getValue(query, blind=blind, union=not blind, error=not blind, expected=EXPECTED.INT, charsetType=CHARSET_TYPE.DIGITS)
if isNumPosStrValue(value): if isNumPosStrValue(value):
@ -125,7 +125,7 @@ def pivotDumpTable(table, colList, count=None, blind=True):
else: else:
query = dumpNode.query2.replace("'%s'", "%s") % (agent.preprocessField(table, column), table, agent.preprocessField(table, colList[0]), unescaper.escape(pivotValue, False)) query = dumpNode.query2.replace("'%s'", "%s") % (agent.preprocessField(table, column), table, agent.preprocessField(table, colList[0]), unescaper.escape(pivotValue, False))
query = whereQuery(query) query = agent.whereQuery(query)
return unArrayizeValue(inject.getValue(query, blind=blind, time=blind, union=not blind, error=not blind)) return unArrayizeValue(inject.getValue(query, blind=blind, time=blind, union=not blind, error=not blind))
try: try:
@ -179,18 +179,3 @@ def pivotDumpTable(table, colList, count=None, blind=True):
logger.critical(errMsg) logger.critical(errMsg)
return entries, lengths return entries, lengths
def whereQuery(query):
if conf.dumpWhere and query:
prefix, suffix = query.split(" ORDER BY ") if " ORDER BY " in query else (query, "")
if "%s)" % conf.tbl.upper() in prefix.upper():
prefix = re.sub(r"(?i)%s\)" % re.escape(conf.tbl), "%s WHERE %s)" % (conf.tbl, conf.dumpWhere), prefix)
elif re.search(r"(?i)\bWHERE\b", prefix):
prefix += " AND %s" % conf.dumpWhere
else:
prefix += " WHERE %s" % conf.dumpWhere
query = "%s ORDER BY %s" % (prefix, suffix) if suffix else prefix
return query

View File

@ -43,7 +43,6 @@ from lib.core.settings import NULL
from lib.request import inject from lib.request import inject
from lib.utils.hash import attackDumpedTable from lib.utils.hash import attackDumpedTable
from lib.utils.pivotdumptable import pivotDumpTable from lib.utils.pivotdumptable import pivotDumpTable
from lib.utils.pivotdumptable import whereQuery
class Entries: class Entries:
""" """
@ -190,7 +189,7 @@ class Entries:
else: else:
query = rootQuery.inband.query % (colString, conf.db, tbl) query = rootQuery.inband.query % (colString, conf.db, tbl)
query = whereQuery(query) query = agent.whereQuery(query)
if not entries and query: if not entries and query:
entries = inject.getValue(query, blind=False, time=False, dump=True) entries = inject.getValue(query, blind=False, time=False, dump=True)
@ -244,7 +243,7 @@ class Entries:
else: else:
query = rootQuery.blind.count % (conf.db, tbl) query = rootQuery.blind.count % (conf.db, tbl)
query = whereQuery(query) query = agent.whereQuery(query)
count = inject.getValue(query, union=False, error=False, expected=EXPECTED.INT, charsetType=CHARSET_TYPE.DIGITS) count = inject.getValue(query, union=False, error=False, expected=EXPECTED.INT, charsetType=CHARSET_TYPE.DIGITS)
@ -329,7 +328,7 @@ class Entries:
elif Backend.isDbms(DBMS.INFORMIX): elif Backend.isDbms(DBMS.INFORMIX):
query = rootQuery.blind.query % (index, agent.preprocessField(tbl, column), conf.db, tbl, sorted(colList, key=len)[0]) query = rootQuery.blind.query % (index, agent.preprocessField(tbl, column), conf.db, tbl, sorted(colList, key=len)[0])
query = whereQuery(query) query = agent.whereQuery(query)
value = NULL if column in emptyColumns else inject.getValue(query, union=False, error=False, dump=True) value = NULL if column in emptyColumns else inject.getValue(query, union=False, error=False, dump=True)
value = '' if value is None else value value = '' if value is None else value

View File

@ -24,7 +24,7 @@ c55b400b72acc43e0e59c87dd8bb8d75 extra/shellcodeexec/windows/shellcodeexec.x32.
10edc8d1057e89c145218d4c5ccaaa31 lib/controller/controller.py 10edc8d1057e89c145218d4c5ccaaa31 lib/controller/controller.py
b3eec7f44bcc5d784d171a187b7fe8cb lib/controller/handler.py b3eec7f44bcc5d784d171a187b7fe8cb lib/controller/handler.py
310efc965c862cfbd7b0da5150a5ad36 lib/controller/__init__.py 310efc965c862cfbd7b0da5150a5ad36 lib/controller/__init__.py
178066b5737f0e719cbf9271051559a2 lib/core/agent.py 19905ecb4437b94512cf21d5f1720091 lib/core/agent.py
6cc95a117fbd34ef31b9aa25520f0e31 lib/core/bigarray.py 6cc95a117fbd34ef31b9aa25520f0e31 lib/core/bigarray.py
445bd2c2fe0dcca0dd3aab87eb3839d3 lib/core/common.py 445bd2c2fe0dcca0dd3aab87eb3839d3 lib/core/common.py
5065a4242a8cccf72f91e22e1007ae63 lib/core/convert.py 5065a4242a8cccf72f91e22e1007ae63 lib/core/convert.py
@ -45,7 +45,7 @@ e544108e2238d756c94a240e8a1ce061 lib/core/optiondict.py
d8e9250f3775119df07e9070eddccd16 lib/core/replication.py d8e9250f3775119df07e9070eddccd16 lib/core/replication.py
785f86e3f963fa3798f84286a4e83ff2 lib/core/revision.py 785f86e3f963fa3798f84286a4e83ff2 lib/core/revision.py
40c80b28b3a5819b737a5a17d4565ae9 lib/core/session.py 40c80b28b3a5819b737a5a17d4565ae9 lib/core/session.py
f2357b8338b164d624446ddd8d6f2cbd lib/core/settings.py 779a77140ccd74d4cdad70f28a48130b lib/core/settings.py
d91291997d2bd2f6028aaf371bf1d3b6 lib/core/shell.py d91291997d2bd2f6028aaf371bf1d3b6 lib/core/shell.py
2ad85c130cc5f2b3701ea85c2f6bbf20 lib/core/subprocessng.py 2ad85c130cc5f2b3701ea85c2f6bbf20 lib/core/subprocessng.py
afd0636d2e93c23f4f0a5c9b6023ea17 lib/core/target.py afd0636d2e93c23f4f0a5c9b6023ea17 lib/core/target.py
@ -107,7 +107,7 @@ ccfdad414ce2ec0c394c3deaa39a82bf lib/utils/hashdb.py
aff7355d582fc6c00a675eeee2a5217a lib/utils/hash.py aff7355d582fc6c00a675eeee2a5217a lib/utils/hash.py
e76a08237ee6a4cd6855af79610ea8a5 lib/utils/htmlentities.py e76a08237ee6a4cd6855af79610ea8a5 lib/utils/htmlentities.py
310efc965c862cfbd7b0da5150a5ad36 lib/utils/__init__.py 310efc965c862cfbd7b0da5150a5ad36 lib/utils/__init__.py
8e4ecc5e5bd8a5c7e2ad0a940cb1a5b1 lib/utils/pivotdumptable.py 9d8c858417d356e49e1959ba253aede4 lib/utils/pivotdumptable.py
8520a745c9b4db3814fe46f4c34c6fbc lib/utils/progress.py 8520a745c9b4db3814fe46f4c34c6fbc lib/utils/progress.py
2c3638d499f3c01c34187e531f77d004 lib/utils/purge.py 2c3638d499f3c01c34187e531f77d004 lib/utils/purge.py
2da1b35339667646e51101adaa1dfc32 lib/utils/search.py 2da1b35339667646e51101adaa1dfc32 lib/utils/search.py
@ -203,7 +203,7 @@ a7f4d3a194f52fbb4fb4488be41273b1 plugins/dbms/sybase/enumeration.py
1f46f2eac95cfdc3fa150ec5b0500eba plugins/generic/connector.py 1f46f2eac95cfdc3fa150ec5b0500eba plugins/generic/connector.py
a8f9d0516509e9e4226516ab4f13036a plugins/generic/custom.py a8f9d0516509e9e4226516ab4f13036a plugins/generic/custom.py
3b54fd65feb9f70c551d315e82653384 plugins/generic/databases.py 3b54fd65feb9f70c551d315e82653384 plugins/generic/databases.py
085f839221138aa7931bd94c33a32768 plugins/generic/entries.py 45c32855126546a0d9936ecdc943ab3f plugins/generic/entries.py
55802d1d5d65938414c77ccc27731cab plugins/generic/enumeration.py 55802d1d5d65938414c77ccc27731cab plugins/generic/enumeration.py
b6666109aa6882ca9c526d615c1bcde3 plugins/generic/filesystem.py b6666109aa6882ca9c526d615c1bcde3 plugins/generic/filesystem.py
feca57a968c528a2fe3ccafbc83a17f8 plugins/generic/fingerprint.py feca57a968c528a2fe3ccafbc83a17f8 plugins/generic/fingerprint.py