blind dumping of tables in sqlite implemented

2025-10-31 16:07:55 +03:00 · 2010-12-11 22:13:19 +00:00 · 2010-12-11 22:13:19 +00:00 · c93634b6c7
commit c93634b6c7
parent b1babeefe5
7 changed files with 20 additions and 12 deletions
--- a/lib/core/common.py
+++ b/lib/core/common.py
@ -1731,6 +1731,7 @@ def isDBMSVersionAtLeast(version):
    return retVal

 def parseSqliteTableSchema(value):
+    if value:
        table = {}
        columns = {}

--- a/lib/core/settings.py
+++ b/lib/core/settings.py
@ -49,6 +49,9 @@ DUMP_STOP_MARKER    = "__STOP__"
 PAYLOAD_DELIMITER   = "\x00"
 CHAR_INFERENCE_MARK = "%c"

+# suffix used for naming meta databases in DBMS(es) without explicit database name
+METADB_SUFFIX       = "_masterdb"
+
 # minimum time response set needed for time-comparison based on standard deviation
 MIN_TIME_RESPONSES  = 10

--- a/lib/techniques/brute/use.py
+++ b/lib/techniques/brute/use.py
@ -20,6 +20,7 @@ from lib.core.data import conf
 from lib.core.data import kb
 from lib.core.data import logger
 from lib.core.exception import sqlmapMissingMandatoryOptionException
+from lib.core.settings import METADB_SUFFIX
 from lib.request import inject

 def tableExists(tableFile):
@ -34,7 +35,7 @@ def tableExists(tableFile):
    length = len(tables)

    for table in tables:
-        if conf.db and '(*)' not in conf.db:
+        if conf.db and not conf.db.endswith(METADB_SUFFIX):
            table = "%s.%s" % (conf.db, table)
        result = inject.checkBooleanExpression("%s" % safeStringFormat("EXISTS(SELECT %d FROM %s)", (randomInt(1), table)), expectingNone=True)

@ -70,7 +71,7 @@ def columnExists(columnFile):
        raise sqlmapMissingMandatoryOptionException, errMsg

    columns = getFileItems(columnFile)
-    if conf.db and '(*)' not in conf.db:
+    if conf.db and not conf.db.endswith(METADB_SUFFIX):
        table = "%s.%s" % (conf.db, conf.tbl)
    else:
        table = conf.tbl
--- a/plugins/dbms/access/fingerprint.py
+++ b/plugins/dbms/access/fingerprint.py
@ -22,6 +22,7 @@ from lib.core.data import logger
 from lib.core.enums import DBMS
 from lib.core.session import setDbms
 from lib.core.settings import ACCESS_ALIASES
+from lib.core.settings import METADB_SUFFIX
 from lib.request import inject
 from lib.request.connect import Connect as Request

@ -181,4 +182,4 @@ class Fingerprint(GenericFingerprint):
            return False

    def forceDbmsEnum(self):
-        conf.db = "Access (*)"
+        conf.db = "%s%s" % (DBMS.ACCESS, METADB_SUFFIX)
--- a/plugins/dbms/firebird/fingerprint.py
+++ b/plugins/dbms/firebird/fingerprint.py
@ -142,4 +142,4 @@ class Fingerprint(GenericFingerprint):
            return False

    def forceDbmsEnum(self):
-        conf.db = "Firebird (*)"
+        conf.db = "%s%s" % (DBMS.FIREBIRD, METADB_SUFFIX)
--- a/plugins/dbms/maxdb/fingerprint.py
+++ b/plugins/dbms/maxdb/fingerprint.py
@ -22,6 +22,7 @@ from lib.core.data import logger
 from lib.core.enums import DBMS
 from lib.core.session import setDbms
 from lib.core.settings import MAXDB_ALIASES
+from lib.core.settings import METADB_SUFFIX
 from lib.request import inject
 from lib.request.connect import Connect as Request

@ -143,4 +144,4 @@ class Fingerprint(GenericFingerprint):
            return False

    def forceDbmsEnum(self):
-        conf.db = "SAP MaxDB (*)"
+        conf.db = "%s%s" % (DBMS.MAXDB, METADB_SUFFIX)
--- a/plugins/dbms/sqlite/fingerprint.py
+++ b/plugins/dbms/sqlite/fingerprint.py
@ -16,6 +16,7 @@ from lib.core.data import kb
 from lib.core.data import logger
 from lib.core.enums import DBMS
 from lib.core.session import setDbms
+from lib.core.settings import METADB_SUFFIX
 from lib.core.settings import SQLITE_ALIASES
 from lib.request import inject
 from lib.request.connect import Connect as Request
@ -109,4 +110,4 @@ class Fingerprint(GenericFingerprint):
            return False

    def forceDbmsEnum(self):
-        conf.db = "SQLite (*)"
+        conf.db = "%s%s" % (DBMS.SQLITE, METADB_SUFFIX)