sqlmapproject/sqlmap
1
1
Fork 0
mirror of https://github.com/sqlmapproject/sqlmap.git synced 2025-05-09 18:23:45 +03:00
Code Issues Packages Projects Releases Wiki Activity

minor fix for resuming in multi threading mode

Browse Source
This commit is contained in:
Miroslav Stampar 2011-06-18 12:23:18 +00:00
parent cd07139919
commit ca6f9acf30
2 changed files with 10 additions and 10 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
plugins/dbms/oracle/enumeration.py
View File

@ -55,7 +55,7 @@ class Enumeration(GenericEnumeration):
if conf.user: if conf.user:
users = conf.user.split(",") users = conf.user.split(",")
query += " WHERE " query += " WHERE "
query += " OR ".join("%s = '%s'" % (condition, user) for user in users) query += " OR ".join("%s = '%s'" % (condition, user) for user in sorted(users))
values = inject.getValue(query, blind=False) values = inject.getValue(query, blind=False)

18
plugins/generic/enumeration.py
View File

@ -253,7 +253,7 @@ class Enumeration:
if conf.user: if conf.user:
query += " WHERE " query += " WHERE "
query += " OR ".join("%s = '%s'" % (condition, user) for user in users) query += " OR ".join("%s = '%s'" % (condition, user) for user in sorted(users))
if Backend.isDbms(DBMS.SYBASE): if Backend.isDbms(DBMS.SYBASE):
randStr = randomStr() randStr = randomStr()
@ -456,9 +456,9 @@ class Enumeration:
query += " WHERE " query += " WHERE "
if Backend.isDbms(DBMS.MYSQL) and kb.data.has_information_schema: if Backend.isDbms(DBMS.MYSQL) and kb.data.has_information_schema:
query += " OR ".join("%s LIKE '%%%s%%'" % (condition, user) for user in users) query += " OR ".join("%s LIKE '%%%s%%'" % (condition, user) for user in sorted(users))
else: else:
query += " OR ".join("%s = '%s'" % (condition, user) for user in users) query += " OR ".join("%s = '%s'" % (condition, user) for user in sorted(users))
values = inject.getValue(query, blind=False) values = inject.getValue(query, blind=False)
@ -819,7 +819,7 @@ class Enumeration:
logger.info(infoMsg) logger.info(infoMsg)
elif not Backend.isDbms(DBMS.SQLITE): elif not Backend.isDbms(DBMS.SQLITE):
query += " WHERE " query += " WHERE "
query += " OR ".join("%s = '%s'" % (condition, unsafeSQLIdentificatorNaming(db)) for db in dbs) query += " OR ".join("%s = '%s'" % (condition, unsafeSQLIdentificatorNaming(db)) for db in sorted(dbs))
if Backend.isDbms(DBMS.MSSQL): if Backend.isDbms(DBMS.MSSQL):
query = safeStringFormat(query, conf.db) query = safeStringFormat(query, conf.db)
@ -1040,12 +1040,12 @@ class Enumeration:
if len(colList) > 0: if len(colList) > 0:
colConsider, colCondParam = self.likeOrExact("column") colConsider, colCondParam = self.likeOrExact("column")
condQueryStr = "%%s%s" % colCondParam condQueryStr = "%%s%s" % colCondParam
condQuery = " AND (%s)" % " OR ".join(condQueryStr % (condition, unsafeSQLIdentificatorNaming(col)) for col in colList) condQuery = " AND (%s)" % " OR ".join(condQueryStr % (condition, unsafeSQLIdentificatorNaming(col)) for col in sorted(colList))
if colConsider == "1": if colConsider == "1":
infoMsg += "LIKE '%s' " % ", ".join(unsafeSQLIdentificatorNaming(col) for col in colList) infoMsg += "LIKE '%s' " % ", ".join(unsafeSQLIdentificatorNaming(col) for col in sorted(colList))
else: else:
infoMsg += "'%s' " % ", ".join(unsafeSQLIdentificatorNaming(col) for col in colList) infoMsg += "'%s' " % ", ".join(unsafeSQLIdentificatorNaming(col) for col in sorted(colList))
else: else:
condQuery = "" condQuery = ""
@ -1105,8 +1105,8 @@ class Enumeration:
infoMsg = "fetching columns " infoMsg = "fetching columns "
if len(colList) > 0: if len(colList) > 0:
condQuery = " AND (%s)" % " OR ".join("%s LIKE '%%%s%%'" % (condition, unsafeSQLIdentificatorNaming(col)) for col in colList) condQuery = " AND (%s)" % " OR ".join("%s LIKE '%%%s%%'" % (condition, unsafeSQLIdentificatorNaming(col)) for col in sorted(colList))
likeMsg = "like '%s' " % ", ".join(unsafeSQLIdentificatorNaming(col) for col in colList) likeMsg = "like '%s' " % ", ".join(unsafeSQLIdentificatorNaming(col) for col in sorted(colList))
infoMsg += likeMsg infoMsg += likeMsg
else: else:
condQuery = "" condQuery = ""