mirror of
https://github.com/sqlmapproject/sqlmap.git
synced 2025-04-25 11:23:44 +03:00
Minor bug fixes for --search with -C
This commit is contained in:
Bernardo Damele
parent
eaa2a4202f
commit
ddfae39d9e
|
|
@ -915,7 +915,7 @@ class Enumeration:
|
||||||
|
|
||||||
return kb.data.cachedTables
|
return kb.data.cachedTables
|
||||||
|
|
||||||
def getColumns(self, onlyColNames=False):
|
def getColumns(self, onlyColNames=False, colTuple=None):
|
||||||
self.forceDbmsEnum()
|
self.forceDbmsEnum()
|
||||||
|
|
||||||
if conf.db is None or conf.db == "CD":
|
if conf.db is None or conf.db == "CD":
|
||||||
|
|
@ -1038,7 +1038,10 @@ class Enumeration:
|
||||||
infoMsg = "fetching columns "
|
infoMsg = "fetching columns "
|
||||||
|
|
||||||
if len(colList) > 0:
|
if len(colList) > 0:
|
||||||
colConsider, colCondParam = self.likeOrExact("column")
|
if colTuple is None:
|
||||||
|
colConsider, colCondParam = self.likeOrExact("column")
|
||||||
|
else:
|
||||||
|
colConsider, colCondParam = colTuple
|
||||||
condQueryStr = "%%s%s" % colCondParam
|
condQueryStr = "%%s%s" % colCondParam
|
||||||
condQuery = " AND (%s)" % " OR ".join(condQueryStr % (condition, unsafeSQLIdentificatorNaming(col)) for col in sorted(colList))
|
condQuery = " AND (%s)" % " OR ".join(condQueryStr % (condition, unsafeSQLIdentificatorNaming(col)) for col in sorted(colList))
|
||||||
|
|
||||||
|
|
@ -1060,10 +1063,8 @@ class Enumeration:
|
||||||
query = rootQuery.inband.query % unsafeSQLIdentificatorNaming(tbl.upper())
|
query = rootQuery.inband.query % unsafeSQLIdentificatorNaming(tbl.upper())
|
||||||
query += condQuery
|
query += condQuery
|
||||||
elif Backend.isDbms(DBMS.MSSQL):
|
elif Backend.isDbms(DBMS.MSSQL):
|
||||||
query = rootQuery.inband.query % (conf.db, conf.db,
|
query = rootQuery.inband.query % (conf.db, conf.db, conf.db, conf.db,
|
||||||
conf.db, conf.db,
|
conf.db, conf.db, conf.db, unsafeSQLIdentificatorNaming(tbl))
|
||||||
conf.db, conf.db,
|
|
||||||
conf.db, unsafeSQLIdentificatorNaming(tbl))
|
|
||||||
query += condQuery.replace("[DB]", conf.db)
|
query += condQuery.replace("[DB]", conf.db)
|
||||||
elif Backend.isDbms(DBMS.SQLITE):
|
elif Backend.isDbms(DBMS.SQLITE):
|
||||||
query = rootQuery.inband.query % tbl
|
query = rootQuery.inband.query % tbl
|
||||||
|
|
@ -1169,10 +1170,8 @@ class Enumeration:
|
||||||
query += condQuery
|
query += condQuery
|
||||||
field = None
|
field = None
|
||||||
elif Backend.getIdentifiedDbms() in (DBMS.MSSQL, DBMS.SYBASE):
|
elif Backend.getIdentifiedDbms() in (DBMS.MSSQL, DBMS.SYBASE):
|
||||||
query = rootQuery.blind.query % (conf.db, conf.db,
|
query = rootQuery.blind.query % (conf.db, conf.db, conf.db, conf.db,
|
||||||
conf.db, conf.db,
|
conf.db, conf.db, unsafeSQLIdentificatorNaming(tbl))
|
||||||
conf.db, conf.db,
|
|
||||||
unsafeSQLIdentificatorNaming(tbl))
|
|
||||||
query += condQuery.replace("[DB]", conf.db)
|
query += condQuery.replace("[DB]", conf.db)
|
||||||
field = condition.replace("[DB]", conf.db)
|
field = condition.replace("[DB]", conf.db)
|
||||||
elif Backend.isDbms(DBMS.FIREBIRD):
|
elif Backend.isDbms(DBMS.FIREBIRD):
|
||||||
|
|
@ -1189,9 +1188,8 @@ class Enumeration:
|
||||||
elif Backend.isDbms(DBMS.ORACLE):
|
elif Backend.isDbms(DBMS.ORACLE):
|
||||||
query = rootQuery.blind.query2 % (unsafeSQLIdentificatorNaming(tbl.upper()), column)
|
query = rootQuery.blind.query2 % (unsafeSQLIdentificatorNaming(tbl.upper()), column)
|
||||||
elif Backend.isDbms(DBMS.MSSQL):
|
elif Backend.isDbms(DBMS.MSSQL):
|
||||||
query = rootQuery.blind.query2 % (conf.db, conf.db, conf.db,
|
query = rootQuery.blind.query2 % (conf.db, conf.db, conf.db, conf.db, column, conf.db,
|
||||||
conf.db, column, conf.db,
|
conf.db, conf.db, unsafeSQLIdentificatorNaming(tbl))
|
||||||
conf.db, conf.db, unsafeSQLIdentificatorNaming(tbl))
|
|
||||||
elif Backend.isDbms(DBMS.FIREBIRD):
|
elif Backend.isDbms(DBMS.FIREBIRD):
|
||||||
query = rootQuery.blind.query2 % (tbl, column)
|
query = rootQuery.blind.query2 % (tbl, column)
|
||||||
|
|
||||||
|
|
@ -1429,7 +1427,7 @@ class Enumeration:
|
||||||
|
|
||||||
return entries, lengths
|
return entries, lengths
|
||||||
|
|
||||||
def dumpTable(self):
|
def dumpTable(self, foundData=None):
|
||||||
self.forceDbmsEnum()
|
self.forceDbmsEnum()
|
||||||
|
|
||||||
if conf.db is None or conf.db == "CD":
|
if conf.db is None or conf.db == "CD":
|
||||||
|
|
@ -1475,10 +1473,14 @@ class Enumeration:
|
||||||
|
|
||||||
for tbl in tblList:
|
for tbl in tblList:
|
||||||
conf.tbl = tbl
|
conf.tbl = tbl
|
||||||
kb.data.cachedColumns = {}
|
|
||||||
kb.data.dumpedTable = {}
|
kb.data.dumpedTable = {}
|
||||||
|
|
||||||
self.getColumns(onlyColNames=True)
|
|
||||||
|
if foundData is None:
|
||||||
|
kb.data.cachedColumns = {}
|
||||||
|
self.getColumns(onlyColNames=True)
|
||||||
|
else:
|
||||||
|
kb.data.cachedColumns = foundData
|
||||||
|
|
||||||
try:
|
try:
|
||||||
if not safeSQLIdentificatorNaming(conf.db) in kb.data.cachedColumns \
|
if not safeSQLIdentificatorNaming(conf.db) in kb.data.cachedColumns \
|
||||||
|
|
@ -1651,8 +1653,7 @@ class Enumeration:
|
||||||
entries[column] = []
|
entries[column] = []
|
||||||
|
|
||||||
if Backend.getIdentifiedDbms() in ( DBMS.MYSQL, DBMS.PGSQL ):
|
if Backend.getIdentifiedDbms() in ( DBMS.MYSQL, DBMS.PGSQL ):
|
||||||
query = rootQuery.blind.query % (column, conf.db,
|
query = rootQuery.blind.query % (column, conf.db, conf.tbl, index)
|
||||||
conf.tbl, index)
|
|
||||||
elif Backend.isDbms(DBMS.ORACLE):
|
elif Backend.isDbms(DBMS.ORACLE):
|
||||||
query = rootQuery.blind.query % (column, column,
|
query = rootQuery.blind.query % (column, column,
|
||||||
tbl.upper() if not conf.db else ("%s.%s" % (conf.db.upper(), tbl.upper())),
|
tbl.upper() if not conf.db else ("%s.%s" % (conf.db.upper(), tbl.upper())),
|
||||||
|
|
@ -1671,8 +1672,7 @@ class Enumeration:
|
||||||
for column, columnEntries in entries.items():
|
for column, columnEntries in entries.items():
|
||||||
length = max(lengths[column], len(column))
|
length = max(lengths[column], len(column))
|
||||||
|
|
||||||
kb.data.dumpedTable[column] = { "length": length,
|
kb.data.dumpedTable[column] = { "length": length, "values": columnEntries }
|
||||||
"values": columnEntries }
|
|
||||||
|
|
||||||
entriesCount = len(columnEntries)
|
entriesCount = len(columnEntries)
|
||||||
|
|
||||||
|
|
@ -1802,7 +1802,7 @@ class Enumeration:
|
||||||
kb.data.cachedColumns = {}
|
kb.data.cachedColumns = {}
|
||||||
kb.data.dumpedTable = {}
|
kb.data.dumpedTable = {}
|
||||||
|
|
||||||
data = self.dumpTable()
|
data = self.dumpTable(dbs)
|
||||||
|
|
||||||
if data:
|
if data:
|
||||||
conf.dumper.dbTableValues(data)
|
conf.dumper.dbTableValues(data)
|
||||||
|
|
@ -2142,7 +2142,7 @@ class Enumeration:
|
||||||
conf.tbl = foundTbl
|
conf.tbl = foundTbl
|
||||||
conf.col = column
|
conf.col = column
|
||||||
|
|
||||||
self.getColumns(onlyColNames=True)
|
self.getColumns(onlyColNames=True, colTuple=(colConsider, colCondParam))
|
||||||
|
|
||||||
if foundDb in kb.data.cachedColumns and foundTbl in kb.data.cachedColumns[foundDb]:
|
if foundDb in kb.data.cachedColumns and foundTbl in kb.data.cachedColumns[foundDb]:
|
||||||
dbs[foundDb][foundTbl].update(kb.data.cachedColumns[foundDb][foundTbl])
|
dbs[foundDb][foundTbl].update(kb.data.cachedColumns[foundDb][foundTbl])
|
||||||
|
|
@ -2239,7 +2239,7 @@ class Enumeration:
|
||||||
conf.tbl = tbl
|
conf.tbl = tbl
|
||||||
conf.col = column
|
conf.col = column
|
||||||
|
|
||||||
self.getColumns(onlyColNames=True)
|
self.getColumns(onlyColNames=True, colTuple=(colConsider, colCondParam))
|
||||||
|
|
||||||
if db in kb.data.cachedColumns and tbl in kb.data.cachedColumns[db]:
|
if db in kb.data.cachedColumns and tbl in kb.data.cachedColumns[db]:
|
||||||
dbs[db][tbl].update(kb.data.cachedColumns[db][tbl])
|
dbs[db][tbl].update(kb.data.cachedColumns[db][tbl])
|
||||||
|
|
|
||||||
Loading…
Reference in New Issue
Block a user