sqlmapproject/sqlmap
1
1
Fork 0
mirror of https://github.com/sqlmapproject/sqlmap.git synced 2025-04-25 19:33:48 +03:00
Code Issues Packages Projects Releases Wiki Activity

fix for Feature #136

Browse Source
This commit is contained in:
Miroslav Stampar 2010-08-31 14:25:37 +00:00
parent e810fe7b0b
commit c4040ab297
3 changed files with 12 additions and 14 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

10
plugins/dbms/sqlite/enumeration.py
View File

@ -68,16 +68,6 @@ class Enumeration(GenericEnumeration):
return [] return []
def getColumns(self, onlyColNames=False):
errMsg = "on SQLite it is not possible to enumerate database "
errMsg += "table columns"
if conf.dumpTable or conf.dumpAll:
errMsg += ", provide them with -C option"
raise sqlmapUnsupportedFeatureException, errMsg
logger.warn(errMsg)
def dumpAll(self): def dumpAll(self):
errMsg = "on SQLite you must specify the table and columns to dump" errMsg = "on SQLite you must specify the table and columns to dump"
raise sqlmapUnsupportedFeatureException, errMsg raise sqlmapUnsupportedFeatureException, errMsg

10
plugins/generic/enumeration.py
View File

@ -871,6 +871,8 @@ class Enumeration:
conf.db, conf.db, conf.db, conf.db,
conf.db, conf.tbl) conf.db, conf.tbl)
query += condQuery.replace("[DB]", conf.db) query += condQuery.replace("[DB]", conf.db)
elif kb.dbms == "SQLite":
query = rootQuery["inband"]["query"] % conf.tbl
value = inject.getValue(query, blind=False) value = inject.getValue(query, blind=False)
@ -878,8 +880,12 @@ class Enumeration:
table = {} table = {}
columns = {} columns = {}
for column, colType in value: if kb.dbms == "SQLite":
columns[column] = colType for match in re.finditer(r"(\w+) ([A-Z]+)[,\r\n]", value):
columns[match.group(1)] = match.group(2)
else:
for column, colType in value:
columns[column] = colType
table[conf.tbl] = columns table[conf.tbl] = columns
kb.data.cachedColumns[conf.db] = table kb.data.cachedColumns[conf.db] = table

4
xml/queries.xml
View File

@ -320,7 +320,9 @@
<inband query="SELECT tbl_name FROM sqlite_master WHERE type='table' ORDER BY 1"/> <inband query="SELECT tbl_name FROM sqlite_master WHERE type='table' ORDER BY 1"/>
<blind query="SELECT tbl_name FROM sqlite_master WHERE type='table' LIMIT %d, 1" count="SELECT COUNT(tbl_name) FROM sqlite_master WHERE type='table'"/> <blind query="SELECT tbl_name FROM sqlite_master WHERE type='table' LIMIT %d, 1" count="SELECT COUNT(tbl_name) FROM sqlite_master WHERE type='table'"/>
</tables> </tables>
<columns/> <columns>
<inband query="SELECT sql FROM sqlite_master WHERE tbl_name='%s'"/>
</columns>
<dump_table> <dump_table>
<inband query="SELECT %s FROM %s"/> <inband query="SELECT %s FROM %s"/>
<blind query="SELECT %s FROM %s LIMIT %d, 1" count="SELECT COUNT(*) FROM %s"/> <blind query="SELECT %s FROM %s LIMIT %d, 1" count="SELECT COUNT(*) FROM %s"/>