sqlmapproject/sqlmap
1
1
Fork 0
mirror of https://github.com/sqlmapproject/sqlmap.git synced 2024-11-22 17:46:37 +03:00
Code Issues Packages Projects Releases Wiki Activity

update

Browse Source
This commit is contained in:
Miroslav Stampar 2010-12-08 22:14:42 +00:00
parent 5aee1fd8e0
commit d6077273e0
2 changed files with 4 additions and 16 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

6
lib/request/inject.py
View File

@ -404,12 +404,6 @@ def getValue(expression, blind=True, inband=True, error=True, time=True, fromUse
kb.technique = PAYLOAD.TECHNIQUE.ERROR kb.technique = PAYLOAD.TECHNIQUE.ERROR
value = __goError(expression, resumeValue) value = __goError(expression, resumeValue)
if not value:
warnMsg = "for some reason(s) it was not possible to retrieve "
warnMsg += "the query output through error SQL injection "
warnMsg += "technique, sqlmap is going %s" % ("inband" if inband and kb.unionPosition is not None else "blind")
logger.warn(warnMsg)
if blind and kb.booleanTest and not value: if blind and kb.booleanTest and not value:
kb.technique = PAYLOAD.TECHNIQUE.BOOLEAN kb.technique = PAYLOAD.TECHNIQUE.BOOLEAN
value = __goInferenceProxy(expression, fromUser, expected, batch, resumeValue, unpack, charsetType, firstChar, lastChar) value = __goInferenceProxy(expression, fromUser, expected, batch, resumeValue, unpack, charsetType, firstChar, lastChar)

14
lib/techniques/brute/use.py
View File

@ -9,7 +9,6 @@ See the file 'doc/COPYING' for copying permission
import time import time
from lib.core.agent import agent
from lib.core.common import clearConsoleLine from lib.core.common import clearConsoleLine
from lib.core.common import dataToStdout from lib.core.common import dataToStdout
from lib.core.common import getFileItems from lib.core.common import getFileItems
@ -21,6 +20,7 @@ from lib.core.data import conf
from lib.core.data import kb from lib.core.data import kb
from lib.core.data import logger from lib.core.data import logger
from lib.core.exception import sqlmapMissingMandatoryOptionException from lib.core.exception import sqlmapMissingMandatoryOptionException
from lib.request import inject
from lib.request.connect import Connect as Request from lib.request.connect import Connect as Request
def tableExists(tableFile): def tableExists(tableFile):
@ -37,9 +37,7 @@ def tableExists(tableFile):
for table in tables: for table in tables:
if conf.db and '(*)' not in conf.db: if conf.db and '(*)' not in conf.db:
table = "%s.%s" % (conf.db, table) table = "%s.%s" % (conf.db, table)
query = agent.prefixQuery("%s" % safeStringFormat("AND EXISTS(SELECT %d FROM %s)", (randomInt(1), table))) result = inject.checkBooleanExpression("%s" % safeStringFormat("EXISTS(SELECT %d FROM %s)", (randomInt(1), table)))
query = agent.suffixQuery(query)
result = Request.queryPage(agent.payload(newValue=query))
if result: if result:
clearConsoleLine(True) clearConsoleLine(True)
@ -88,9 +86,7 @@ def columnExists(columnFile):
length = len(columns) length = len(columns)
for column in columns: for column in columns:
query = agent.prefixQuery("%s" % safeStringFormat("AND EXISTS(SELECT %s FROM %s)", (column, table))) result = inject.checkBooleanExpression("%s" % safeStringFormat("EXISTS(SELECT %s FROM %s)", (column, table)))
query = agent.suffixQuery(query)
result = Request.queryPage(agent.payload(newValue=query))
if result: if result:
clearConsoleLine(True) clearConsoleLine(True)
@ -113,9 +109,7 @@ def columnExists(columnFile):
columns = {} columns = {}
for column in retVal: for column in retVal:
query = agent.prefixQuery("%s" % safeStringFormat("AND EXISTS(SELECT %s FROM %s WHERE %s>0)", (column, table, column))) result = inject.checkBooleanExpression("%s" % safeStringFormat("EXISTS(SELECT %s FROM %s WHERE %s>0)", (column, table, column)))
query = agent.suffixQuery(query)
result = Request.queryPage(agent.payload(newValue=query))
if result: if result:
columns[column] = 'numeric' columns[column] = 'numeric'