sqlmapproject/sqlmap
1
1
Fork 0
mirror of https://github.com/sqlmapproject/sqlmap.git synced 2024-11-25 19:13:48 +03:00
Code Issues Packages Projects Releases Wiki Activity

Finishing Issue #75 (inference dumping)

Browse Source
This commit is contained in:
Miroslav Stampar 2012-07-12 14:46:57 +02:00
parent 65639cdda6
commit cba2a26b68
2 changed files with 13 additions and 3 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

4
lib/techniques/error/use.py
View File

@ -359,8 +359,8 @@ def errorUse(expression, expected=None, dump=False):
for field in expressionFieldsList: for field in expressionFieldsList:
if __oneShotErrorUse("SELECT COUNT(%s) FROM %s" % (field, kb.dumpTable)) == '0': if __oneShotErrorUse("SELECT COUNT(%s) FROM %s" % (field, kb.dumpTable)) == '0':
emptyFields.append(field) emptyFields.append(field)
debugMsg = "column '%s' for table '%s' appears to be empty. " debugMsg = "column '%s' of table '%s' will not be " % (field, kb.dumpTable)
debugMsg += "It's values will not be dumped" debugMsg += "dumped as it appears to be empty"
logger.debug(debugMsg) logger.debug(debugMsg)
if stopLimit > TURN_OFF_RESUME_INFO_LIMIT: if stopLimit > TURN_OFF_RESUME_INFO_LIMIT:

12
plugins/generic/enumeration.py
View File

@ -57,6 +57,7 @@ from lib.core.exception import sqlmapUnsupportedFeatureException
from lib.core.exception import sqlmapUserQuitException from lib.core.exception import sqlmapUserQuitException
from lib.core.session import setOs from lib.core.session import setOs
from lib.core.settings import BLANK from lib.core.settings import BLANK
from lib.core.settings import CHECK_ZERO_COLUMNS_THRESHOLD
from lib.core.settings import CONCAT_ROW_DELIMITER from lib.core.settings import CONCAT_ROW_DELIMITER
from lib.core.settings import CONCAT_VALUE_DELIMITER from lib.core.settings import CONCAT_VALUE_DELIMITER
from lib.core.settings import CURRENT_DB from lib.core.settings import CURRENT_DB
@ -1717,9 +1718,18 @@ class Enumeration:
entries, lengths = retVal entries, lengths = retVal
else: else:
emptyColumns = []
plusOne = Backend.getIdentifiedDbms() in (DBMS.ORACLE, DBMS.DB2) plusOne = Backend.getIdentifiedDbms() in (DBMS.ORACLE, DBMS.DB2)
indexRange = getLimitRange(count, dump=True, plusOne=plusOne) indexRange = getLimitRange(count, dump=True, plusOne=plusOne)
if len(colList) < len(indexRange) > CHECK_ZERO_COLUMNS_THRESHOLD:
for column in colList:
if inject.getValue("SELECT COUNT(%s) FROM %s" % (column, kb.dumpTable), inband=False, error=False) == '0':
emptyColumns.append(column)
debugMsg = "column '%s' of table '%s' will not be " % (column, kb.dumpTable)
debugMsg += "dumped as it appears to be empty"
logger.debug(debugMsg)
try: try:
for index in indexRange: for index in indexRange:
for column in colList: for column in colList:
@ -1743,7 +1753,7 @@ class Enumeration:
elif Backend.isDbms(DBMS.FIREBIRD): elif Backend.isDbms(DBMS.FIREBIRD):
query = rootQuery.blind.query % (index, column, tbl) query = rootQuery.blind.query % (index, column, tbl)
value = inject.getValue(query, inband=False, error=False, dump=True) value = NULL if column in emptyColumns else inject.getValue(query, inband=False, error=False, dump=True)
lengths[column] = max(lengths[column], len(value) if value else 0) lengths[column] = max(lengths[column], len(value) if value else 0)
entries[column].append(value) entries[column].append(value)