sqlmapproject/sqlmap
1
1
Fork 0
mirror of https://github.com/sqlmapproject/sqlmap.git synced 2025-04-25 19:33:48 +03:00
Code Issues Packages Projects Releases Wiki Activity

going global for protection of non-standard identificator naming

Browse Source
This commit is contained in:
Miroslav Stampar 2011-03-25 22:02:28 +00:00
parent 5a1f733a43
commit c9baa0094b
1 changed files with 13 additions and 17 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

30
plugins/generic/enumeration.py
View File

@ -749,8 +749,7 @@ class Enumeration:
else: else:
return tables return tables
if Backend.getIdentifiedDbms() == DBMS.MYSQL: conf.db = self.__safeSQLIdentificatorNaming(conf.db)
conf.db = self.__safeMySQLIdentificatorNaming(conf.db)
if bruteForce: if bruteForce:
resumeAvailable = False resumeAvailable = False
@ -933,9 +932,8 @@ class Enumeration:
logger.error(errMsg) logger.error(errMsg)
bruteForce = True bruteForce = True
if Backend.getIdentifiedDbms() == DBMS.MYSQL: conf.tbl = self.__safeSQLIdentificatorNaming(conf.tbl)
conf.tbl = self.__safeMySQLIdentificatorNaming(conf.tbl) conf.db = self.__safeSQLIdentificatorNaming(conf.db)
conf.db = self.__safeMySQLIdentificatorNaming(conf.db)
if bruteForce: if bruteForce:
resumeAvailable = False resumeAvailable = False
@ -1008,10 +1006,7 @@ class Enumeration:
columns = {} columns = {}
for columnData in value: for columnData in value:
name = columnData[0] name = self.__safeSQLIdentificatorNaming(columnData[0])
if Backend.getIdentifiedDbms() == DBMS.MYSQL:
name = self.__safeMySQLIdentificatorNaming(name)
if len(columnData) == 1: if len(columnData) == 1:
columns[name] = "" columns[name] = ""
@ -1087,8 +1082,7 @@ class Enumeration:
query = agent.limitQuery(index, query, field) query = agent.limitQuery(index, query, field)
column = inject.getValue(query, inband=False, error=False) column = inject.getValue(query, inband=False, error=False)
if Backend.getIdentifiedDbms() == DBMS.MYSQL: column = self.__safeSQLIdentificatorNaming(column)
column = self.__safeMySQLIdentificatorNaming(column)
if not onlyColNames: if not onlyColNames:
if Backend.getIdentifiedDbms() in ( DBMS.MYSQL, DBMS.PGSQL ): if Backend.getIdentifiedDbms() in ( DBMS.MYSQL, DBMS.PGSQL ):
@ -1213,13 +1207,16 @@ class Enumeration:
return entries, lengths return entries, lengths
def __safeMySQLIdentificatorNaming(self, value): def __safeSQLIdentificatorNaming(self, value):
""" """
Returns an safe representation of identificator name for MySQL Returns an safe representation of SQL identificator name
""" """
retVal = value retVal = value
if isinstance(value, basestring) and not re.match(r"\A[A-Za-z0-9_]+\Z", value): if isinstance(value, basestring) and not re.match(r"\A[A-Za-z0-9_]+\Z", value):
retVal = "`%s`" % value if Backend.getIdentifiedDbms() == DBMS.MYSQL:
retVal = "`%s`" % value
elif Backend.getIdentifiedDbms() in (DBMS.MSSQL, DBMS.ORACLE, DBMS.PGSQL):
retVal = "\"%s\"" % value
return retVal return retVal
def dumpTable(self): def dumpTable(self):
@ -1254,9 +1251,8 @@ class Enumeration:
rootQuery = queries[Backend.getIdentifiedDbms()].dump_table rootQuery = queries[Backend.getIdentifiedDbms()].dump_table
if Backend.getIdentifiedDbms() == DBMS.MYSQL: conf.tbl = self.__safeSQLIdentificatorNaming(conf.tbl)
conf.tbl = self.__safeMySQLIdentificatorNaming(conf.tbl) conf.db = self.__safeSQLIdentificatorNaming(conf.db)
conf.db = self.__safeMySQLIdentificatorNaming(conf.db)
if conf.col: if conf.col:
colList = conf.col.split(",") colList = conf.col.split(",")