sqlmapproject/sqlmap
1
1
Fork 0
mirror of https://github.com/sqlmapproject/sqlmap.git synced 2025-10-26 05:31:04 +03:00
Code Issues Packages Projects Releases Wiki Activity

proper fix for #306

Browse Source
This commit is contained in:
Bernardo Damele 2012-12-18 15:31:30 +00:00
parent 30201d29bd
commit d1d99d930b
1 changed files with 17 additions and 19 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

36
plugins/generic/databases.py
View File

@ -440,7 +440,7 @@ class Databases:
logger.error(errMsg) logger.error(errMsg)
bruteForce = True bruteForce = True
if bruteForce or colList: if bruteForce:
resumeAvailable = False resumeAvailable = False
for tbl in tblList: for tbl in tblList:
@ -492,21 +492,20 @@ class Databases:
return {conf.db: kb.data.cachedColumns[conf.db]} return {conf.db: kb.data.cachedColumns[conf.db]}
infoMsg = "fetching columns " infoMsg = "fetching columns "
condQuery = ""
if len(colList) > 0: if len(colList) > 0:
if colTuple is None: if colTuple:
colConsider, colCondParam = self.likeOrExact("column") _, colCondParam = colTuple
else:
colConsider, colCondParam = colTuple
condQueryStr = "%%s%s" % colCondParam
condQuery = " AND (%s)" % " OR ".join(condQueryStr % (condition, unsafeSQLIdentificatorNaming(col)) for col in sorted(colList))
if colConsider == "1":
infoMsg += "like '%s' " % ", ".join(unsafeSQLIdentificatorNaming(col) for col in sorted(colList)) infoMsg += "like '%s' " % ", ".join(unsafeSQLIdentificatorNaming(col) for col in sorted(colList))
else: else:
colCondParam = "='%s'"
infoMsg += "'%s' " % ", ".join(unsafeSQLIdentificatorNaming(col) for col in sorted(colList)) infoMsg += "'%s' " % ", ".join(unsafeSQLIdentificatorNaming(col) for col in sorted(colList))
condQueryStr = "%%s%s" % colCondParam
condQuery = " AND (%s)" % " OR ".join(condQueryStr % (condition, unsafeSQLIdentificatorNaming(col)) for col in sorted(colList))
else: else:
condQuery = "" infoMsg += "'%s' " % ", ".join(unsafeSQLIdentificatorNaming(col) for col in sorted(colList))
infoMsg += "for table '%s' " % unsafeSQLIdentificatorNaming(tbl) infoMsg += "for table '%s' " % unsafeSQLIdentificatorNaming(tbl)
infoMsg += "in database '%s'" % unsafeSQLIdentificatorNaming(conf.db) infoMsg += "in database '%s'" % unsafeSQLIdentificatorNaming(conf.db)
@ -561,21 +560,20 @@ class Databases:
return {conf.db: kb.data.cachedColumns[conf.db]} return {conf.db: kb.data.cachedColumns[conf.db]}
infoMsg = "fetching columns " infoMsg = "fetching columns "
condQuery = ""
if len(colList) > 0: if len(colList) > 0:
if colTuple is None: if colTuple:
colConsider, colCondParam = self.likeOrExact("column") _, colCondParam = colTuple
else:
colConsider, colCondParam = colTuple
condQueryStr = "%%s%s" % colCondParam
condQuery = " AND (%s)" % " OR ".join(condQueryStr % (condition, unsafeSQLIdentificatorNaming(col)) for col in sorted(colList))
if colConsider == "1":
infoMsg += "like '%s' " % ", ".join(unsafeSQLIdentificatorNaming(col) for col in sorted(colList)) infoMsg += "like '%s' " % ", ".join(unsafeSQLIdentificatorNaming(col) for col in sorted(colList))
else: else:
colCondParam = "='%s'"
infoMsg += "'%s' " % ", ".join(unsafeSQLIdentificatorNaming(col) for col in sorted(colList)) infoMsg += "'%s' " % ", ".join(unsafeSQLIdentificatorNaming(col) for col in sorted(colList))
condQueryStr = "%%s%s" % colCondParam
condQuery = " AND (%s)" % " OR ".join(condQueryStr % (condition, unsafeSQLIdentificatorNaming(col)) for col in sorted(colList))
else: else:
condQuery = "" infoMsg += "'%s' " % ", ".join(unsafeSQLIdentificatorNaming(col) for col in sorted(colList))
infoMsg += "for table '%s' " % unsafeSQLIdentificatorNaming(tbl) infoMsg += "for table '%s' " % unsafeSQLIdentificatorNaming(tbl)
infoMsg += "in database '%s'" % unsafeSQLIdentificatorNaming(conf.db) infoMsg += "in database '%s'" % unsafeSQLIdentificatorNaming(conf.db)