mirror of
https://github.com/sqlmapproject/sqlmap.git
synced 2025-06-08 23:23:12 +03:00
Minor adjustments and bug fixes
This commit is contained in:
Bernardo Damele
parent
7b55840b35
commit
dda62ba463
|
|
@ -246,10 +246,15 @@ class Agent:
|
||||||
@rtype: C{str}
|
@rtype: C{str}
|
||||||
"""
|
"""
|
||||||
|
|
||||||
fieldsSelectTop = re.search("\ASELECT\s+TOP\s+[\d]+\s+(.+?)\s+FROM", query, re.I)
|
if "(SELECT " in query:
|
||||||
fieldsSelectDistinct = re.search("\ASELECT\s+DISTINCT\((.+?)\)\s+FROM", query, re.I)
|
firstChar = "\\("
|
||||||
fieldsSelectFrom = re.search("\ASELECT\s+(.+?)\s+FROM\s+", query, re.I)
|
else:
|
||||||
fieldsSelect = re.search("\ASELECT\s+(.*)", query, re.I)
|
firstChar = "\\A"
|
||||||
|
|
||||||
|
fieldsSelectTop = re.search("%sSELECT\s+TOP\s+[\d]+\s+(.+?)\s+FROM" % firstChar, query, re.I)
|
||||||
|
fieldsSelectDistinct = re.search("%sSELECT\s+DISTINCT\((.+?)\)\s+FROM" % firstChar, query, re.I)
|
||||||
|
fieldsSelectFrom = re.search("%sSELECT\s+(.+?)\s+FROM\s+" % firstChar, query, re.I)
|
||||||
|
fieldsSelect = re.search("%sSELECT\s+(.*)" % firstChar, query, re.I)
|
||||||
fieldsNoSelect = query
|
fieldsNoSelect = query
|
||||||
|
|
||||||
if fieldsSelectTop:
|
if fieldsSelectTop:
|
||||||
|
|
@ -296,11 +301,11 @@ class Agent:
|
||||||
"""
|
"""
|
||||||
|
|
||||||
concatQuery = ""
|
concatQuery = ""
|
||||||
query = query.replace(", ", ",")
|
query = query.replace(", ", ",")
|
||||||
|
|
||||||
fieldsSelectFrom, fieldsSelect, fieldsNoSelect, _, fieldsToCastStr = self.getFields(query)
|
fieldsSelectFrom, fieldsSelect, fieldsNoSelect, _, fieldsToCastStr = self.getFields(query)
|
||||||
castedFields = self.nullCastConcatFields(fieldsToCastStr)
|
castedFields = self.nullCastConcatFields(fieldsToCastStr)
|
||||||
concatQuery = query.replace(fieldsToCastStr, castedFields, 1)
|
concatQuery = query.replace(fieldsToCastStr, castedFields, 1)
|
||||||
|
|
||||||
if kb.dbms == "MySQL":
|
if kb.dbms == "MySQL":
|
||||||
if fieldsSelectFrom:
|
if fieldsSelectFrom:
|
||||||
|
|
|
||||||
|
|
@ -228,6 +228,15 @@ def __goInferenceProxy(expression, fromUser=False, expected=None):
|
||||||
|
|
||||||
return None
|
return None
|
||||||
|
|
||||||
|
elif count and not count.isdigit():
|
||||||
|
warnMsg = "it was not possible to count the number "
|
||||||
|
warnMsg += "of entries for the SQL query provided. "
|
||||||
|
warnMsg += "sqlmap will assume that it returns only "
|
||||||
|
warnMsg += "one entry"
|
||||||
|
logger.warn(warnMsg)
|
||||||
|
|
||||||
|
stopLimit = 1
|
||||||
|
|
||||||
elif ( not count or int(count) == 0 ):
|
elif ( not count or int(count) == 0 ):
|
||||||
warnMsg = "the SQL query provided does not "
|
warnMsg = "the SQL query provided does not "
|
||||||
warnMsg += "return any output"
|
warnMsg += "return any output"
|
||||||
|
|
|
||||||
|
|
@ -237,6 +237,15 @@ def unionUse(expression, direct=False, unescape=True, resetCounter=False):
|
||||||
infoMsg += "%d entries" % stopLimit
|
infoMsg += "%d entries" % stopLimit
|
||||||
logger.info(infoMsg)
|
logger.info(infoMsg)
|
||||||
|
|
||||||
|
elif count and not count.isdigit():
|
||||||
|
warnMsg = "it was not possible to count the number "
|
||||||
|
warnMsg += "of entries for the SQL query provided. "
|
||||||
|
warnMsg += "sqlmap will assume that it returns only "
|
||||||
|
warnMsg += "one entry"
|
||||||
|
logger.warn(warnMsg)
|
||||||
|
|
||||||
|
stopLimit = 1
|
||||||
|
|
||||||
elif ( not count or int(count) == 0 ):
|
elif ( not count or int(count) == 0 ):
|
||||||
warnMsg = "the SQL query provided does not "
|
warnMsg = "the SQL query provided does not "
|
||||||
warnMsg += "return any output"
|
warnMsg += "return any output"
|
||||||
|
|
|
||||||
|
|
@ -19,6 +19,10 @@
|
||||||
<info type="Windows" distrib="2003"/>
|
<info type="Windows" distrib="2003"/>
|
||||||
</regexp>
|
</regexp>
|
||||||
|
|
||||||
|
<regexp value="Microsoft.*5\.2">
|
||||||
|
<info type="Windows" distrib="2003"/>
|
||||||
|
</regexp>
|
||||||
|
|
||||||
<regexp value="Microsoft.*5\.1">
|
<regexp value="Microsoft.*5\.1">
|
||||||
<info type="Windows" distrib="XP"/>
|
<info type="Windows" distrib="XP"/>
|
||||||
</regexp>
|
</regexp>
|
||||||
|
|
|
||||||
|
|
@ -74,10 +74,6 @@
|
||||||
<timedelay query="BEGIN DBMS_LOCK.SLEEP(%d); END" query2="EXEC DBMS_LOCK.SLEEP(%d.00)" query3="EXEC USER_LOCK.SLEEP(%d00)"/>
|
<timedelay query="BEGIN DBMS_LOCK.SLEEP(%d); END" query2="EXEC DBMS_LOCK.SLEEP(%d.00)" query3="EXEC USER_LOCK.SLEEP(%d00)"/>
|
||||||
<substring query="SUBSTR((%s), %d, %d)"/>
|
<substring query="SUBSTR((%s), %d, %d)"/>
|
||||||
<inference query="AND ASCII(SUBSTR((%s), %d, 1)) > %d"/>
|
<inference query="AND ASCII(SUBSTR((%s), %d, 1)) > %d"/>
|
||||||
<!--
|
|
||||||
TODO: the following query does not work with inband SQL injection:
|
|
||||||
SELECT banner FROM (SELECT banner, ROWNUM AS limit FROM v$version) WHERE limit=4
|
|
||||||
-->
|
|
||||||
<banner query="SELECT banner FROM v$version WHERE ROWNUM=1"/>
|
<banner query="SELECT banner FROM v$version WHERE ROWNUM=1"/>
|
||||||
<current_user query="SELECT SYS.LOGIN_USER FROM DUAL"/>
|
<current_user query="SELECT SYS.LOGIN_USER FROM DUAL"/>
|
||||||
<current_db query="SELECT SYS.DATABASE_NAME FROM DUAL"/>
|
<current_db query="SELECT SYS.DATABASE_NAME FROM DUAL"/>
|
||||||
|
|
|
||||||
Loading…
Reference in New Issue
Block a user