sqlmapproject/sqlmap
1
1
Fork 0
mirror of https://github.com/sqlmapproject/sqlmap.git synced 2024-11-29 04:53:48 +03:00
Code Issues Packages Projects Releases Wiki Activity

Major bug fix to correctly handle custom SQL "limited" queries on Oracle

Browse Source
This commit is contained in:
Bernardo Damele 2009-01-03 01:19:04 +00:00
parent 2d87a3349f
commit d0604ef513
2 changed files with 11 additions and 21 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

30
lib/core/agent.py
View File

@ -184,9 +184,6 @@ class Agent:
@rtype: C{str} @rtype: C{str}
""" """
if field.upper().endswith(", ROWNUM AS LIMIT"):
return field
nulledCastedField = queries[kb.dbms].cast % field nulledCastedField = queries[kb.dbms].cast % field
nulledCastedField = queries[kb.dbms].isnull % nulledCastedField nulledCastedField = queries[kb.dbms].isnull % nulledCastedField
@ -257,15 +254,10 @@ class Agent:
@rtype: C{str} @rtype: C{str}
""" """
if query.startswith("SELECT ") and "(SELECT " in query: fieldsSelectTop = re.search("\ASELECT\s+TOP\s+[\d]+\s+(.+?)\s+FROM", query, re.I)
firstChar = "\\(" fieldsSelectDistinct = re.search("\ASELECT\s+DISTINCT\((.+?)\)\s+FROM", query, re.I)
else: fieldsSelectFrom = re.search("\ASELECT\s+(.+?)\s+FROM\s+", query, re.I)
firstChar = "\\A" fieldsSelect = re.search("\ASELECT\s+(.*)", query, re.I)
fieldsSelectTop = re.search("%sSELECT\s+TOP\s+[\d]+\s+(.+?)\s+FROM" % firstChar, query, re.I)
fieldsSelectDistinct = re.search("%sSELECT\s+DISTINCT\((.+?)\)\s+FROM" % firstChar, query, re.I)
fieldsSelectFrom = re.search("%sSELECT\s+(.+?)\s+FROM\s+" % firstChar, query, re.I)
fieldsSelect = re.search("%sSELECT\s+(.*)" % firstChar, query, re.I)
fieldsNoSelect = query fieldsNoSelect = query
if fieldsSelectTop: if fieldsSelectTop:
@ -282,8 +274,9 @@ class Agent:
fieldsToCastList = fieldsToCastStr.replace(", ", ",") fieldsToCastList = fieldsToCastStr.replace(", ", ",")
fieldsToCastList = fieldsToCastList.split(",") fieldsToCastList = fieldsToCastList.split(",")
if query.startswith("SELECT ") and "(SELECT " in query: # TODO: really needed?!
fieldsSelectFrom = None #if query.startswith("SELECT ") and "(SELECT " in query:
# fieldsSelectFrom = None
return fieldsSelectFrom, fieldsSelect, fieldsNoSelect, fieldsSelectTop, fieldsToCastList, fieldsToCastStr return fieldsSelectFrom, fieldsSelect, fieldsNoSelect, fieldsSelectTop, fieldsToCastList, fieldsToCastStr
@ -331,21 +324,18 @@ class Agent:
elif fieldsNoSelect: elif fieldsNoSelect:
concatQuery = "CONCAT('%s',%s,'%s')" % (temp.start, concatQuery, temp.stop) concatQuery = "CONCAT('%s',%s,'%s')" % (temp.start, concatQuery, temp.stop)
elif kb.dbms in ( "Oracle", "PostgreSQL" ): elif kb.dbms in ( "PostgreSQL", "Oracle" ):
if fieldsSelectFrom: if fieldsSelectFrom:
concatQuery = concatQuery.replace("SELECT ", "'%s'||" % temp.start, 1) concatQuery = concatQuery.replace("SELECT ", "'%s'||" % temp.start, 1)
concatQuery = concatQuery.replace(" FROM ", "||'%s' FROM " % temp.stop, 1) concatQuery = concatQuery.replace(" FROM ", "||'%s' FROM " % temp.stop, 1)
elif fieldsSelect: elif fieldsSelect:
concatQuery = concatQuery.replace("SELECT ", "'%s'||" % temp.start, 1) concatQuery = concatQuery.replace("SELECT ", "'%s'||" % temp.start, 1)
concatQuery += "||'%s'" % temp.stop concatQuery += "||'%s'" % temp.stop
if kb.dbms == "Oracle":
concatQuery += " FROM DUAL"
elif fieldsNoSelect: elif fieldsNoSelect:
concatQuery = "'%s'||%s||'%s'" % (temp.start, concatQuery, temp.stop) concatQuery = "'%s'||%s||'%s'" % (temp.start, concatQuery, temp.stop)
if kb.dbms == "Oracle": if kb.dbms == "Oracle" and ( fieldsSelect or fieldsNoSelect ):
concatQuery += " FROM DUAL" concatQuery += " FROM DUAL"
elif kb.dbms == "Microsoft SQL Server": elif kb.dbms == "Microsoft SQL Server":
if fieldsSelectTop: if fieldsSelectTop:

2
lib/core/settings.py
View File

@ -83,7 +83,7 @@ SQL_STATEMENTS = {
" limit ", " limit ",
" offset ", " offset ",
" union all ", " union all ",
" rownum ", ), " rownum as ", ),
"SQL data definition": ( "SQL data definition": (
"create ", "create ",