mirror of
https://github.com/sqlmapproject/sqlmap.git
synced 2025-01-24 00:04:23 +03:00
blind dumping of tables in sqlite implemented
This commit is contained in:
parent
b1babeefe5
commit
c93634b6c7
|
@ -1731,11 +1731,12 @@ def isDBMSVersionAtLeast(version):
|
|||
return retVal
|
||||
|
||||
def parseSqliteTableSchema(value):
|
||||
table = {}
|
||||
columns = {}
|
||||
if value:
|
||||
table = {}
|
||||
columns = {}
|
||||
|
||||
for match in re.finditer(getCompiledRegex(r"(\w+) ([A-Z]+)[,\r\n]"), value):
|
||||
columns[match.group(1)] = match.group(2)
|
||||
for match in re.finditer(getCompiledRegex(r"(\w+) ([A-Z]+)[,\r\n]"), value):
|
||||
columns[match.group(1)] = match.group(2)
|
||||
|
||||
table[conf.tbl] = columns
|
||||
kb.data.cachedColumns[conf.db] = table
|
||||
table[conf.tbl] = columns
|
||||
kb.data.cachedColumns[conf.db] = table
|
||||
|
|
|
@ -49,6 +49,9 @@ DUMP_STOP_MARKER = "__STOP__"
|
|||
PAYLOAD_DELIMITER = "\x00"
|
||||
CHAR_INFERENCE_MARK = "%c"
|
||||
|
||||
# suffix used for naming meta databases in DBMS(es) without explicit database name
|
||||
METADB_SUFFIX = "_masterdb"
|
||||
|
||||
# minimum time response set needed for time-comparison based on standard deviation
|
||||
MIN_TIME_RESPONSES = 10
|
||||
|
||||
|
|
|
@ -20,6 +20,7 @@ from lib.core.data import conf
|
|||
from lib.core.data import kb
|
||||
from lib.core.data import logger
|
||||
from lib.core.exception import sqlmapMissingMandatoryOptionException
|
||||
from lib.core.settings import METADB_SUFFIX
|
||||
from lib.request import inject
|
||||
|
||||
def tableExists(tableFile):
|
||||
|
@ -34,7 +35,7 @@ def tableExists(tableFile):
|
|||
length = len(tables)
|
||||
|
||||
for table in tables:
|
||||
if conf.db and '(*)' not in conf.db:
|
||||
if conf.db and not conf.db.endswith(METADB_SUFFIX):
|
||||
table = "%s.%s" % (conf.db, table)
|
||||
result = inject.checkBooleanExpression("%s" % safeStringFormat("EXISTS(SELECT %d FROM %s)", (randomInt(1), table)), expectingNone=True)
|
||||
|
||||
|
@ -70,7 +71,7 @@ def columnExists(columnFile):
|
|||
raise sqlmapMissingMandatoryOptionException, errMsg
|
||||
|
||||
columns = getFileItems(columnFile)
|
||||
if conf.db and '(*)' not in conf.db:
|
||||
if conf.db and not conf.db.endswith(METADB_SUFFIX):
|
||||
table = "%s.%s" % (conf.db, conf.tbl)
|
||||
else:
|
||||
table = conf.tbl
|
||||
|
|
|
@ -22,6 +22,7 @@ from lib.core.data import logger
|
|||
from lib.core.enums import DBMS
|
||||
from lib.core.session import setDbms
|
||||
from lib.core.settings import ACCESS_ALIASES
|
||||
from lib.core.settings import METADB_SUFFIX
|
||||
from lib.request import inject
|
||||
from lib.request.connect import Connect as Request
|
||||
|
||||
|
@ -181,4 +182,4 @@ class Fingerprint(GenericFingerprint):
|
|||
return False
|
||||
|
||||
def forceDbmsEnum(self):
|
||||
conf.db = "Access (*)"
|
||||
conf.db = "%s%s" % (DBMS.ACCESS, METADB_SUFFIX)
|
||||
|
|
|
@ -142,4 +142,4 @@ class Fingerprint(GenericFingerprint):
|
|||
return False
|
||||
|
||||
def forceDbmsEnum(self):
|
||||
conf.db = "Firebird (*)"
|
||||
conf.db = "%s%s" % (DBMS.FIREBIRD, METADB_SUFFIX)
|
||||
|
|
|
@ -22,6 +22,7 @@ from lib.core.data import logger
|
|||
from lib.core.enums import DBMS
|
||||
from lib.core.session import setDbms
|
||||
from lib.core.settings import MAXDB_ALIASES
|
||||
from lib.core.settings import METADB_SUFFIX
|
||||
from lib.request import inject
|
||||
from lib.request.connect import Connect as Request
|
||||
|
||||
|
@ -143,4 +144,4 @@ class Fingerprint(GenericFingerprint):
|
|||
return False
|
||||
|
||||
def forceDbmsEnum(self):
|
||||
conf.db = "SAP MaxDB (*)"
|
||||
conf.db = "%s%s" % (DBMS.MAXDB, METADB_SUFFIX)
|
||||
|
|
|
@ -16,6 +16,7 @@ from lib.core.data import kb
|
|||
from lib.core.data import logger
|
||||
from lib.core.enums import DBMS
|
||||
from lib.core.session import setDbms
|
||||
from lib.core.settings import METADB_SUFFIX
|
||||
from lib.core.settings import SQLITE_ALIASES
|
||||
from lib.request import inject
|
||||
from lib.request.connect import Connect as Request
|
||||
|
@ -109,4 +110,4 @@ class Fingerprint(GenericFingerprint):
|
|||
return False
|
||||
|
||||
def forceDbmsEnum(self):
|
||||
conf.db = "SQLite (*)"
|
||||
conf.db = "%s%s" % (DBMS.SQLITE, METADB_SUFFIX)
|
||||
|
|
Loading…
Reference in New Issue
Block a user