mirror of
https://github.com/sqlmapproject/sqlmap.git
synced 2024-11-28 20:43:49 +03:00
update
This commit is contained in:
parent
44504746cf
commit
e17ac5fdca
|
@ -27,6 +27,7 @@ from lib.core.enums import DBMS
|
||||||
from lib.core.enums import PAYLOAD
|
from lib.core.enums import PAYLOAD
|
||||||
from lib.core.enums import PLACE
|
from lib.core.enums import PLACE
|
||||||
from lib.core.exception import sqlmapNoneDataException
|
from lib.core.exception import sqlmapNoneDataException
|
||||||
|
from lib.core.settings import INBAND_FROM_TABLE
|
||||||
from lib.core.settings import PAYLOAD_DELIMITER
|
from lib.core.settings import PAYLOAD_DELIMITER
|
||||||
|
|
||||||
class Agent:
|
class Agent:
|
||||||
|
@ -515,8 +516,8 @@ class Agent:
|
||||||
intoRegExp = intoRegExp.group(1)
|
intoRegExp = intoRegExp.group(1)
|
||||||
query = query[:query.index(intoRegExp)]
|
query = query[:query.index(intoRegExp)]
|
||||||
|
|
||||||
if getIdentifiedDBMS() == DBMS.ORACLE and inbandQuery.endswith(" FROM DUAL"):
|
if getIdentifiedDBMS() in INBAND_FROM_TABLE and inbandQuery.endswith(INBAND_FROM_TABLE[getIdentifiedDBMS()]):
|
||||||
inbandQuery = inbandQuery[:-len(" FROM DUAL")]
|
inbandQuery = inbandQuery[:-len(INBAND_FROM_TABLE[getIdentifiedDBMS()])]
|
||||||
|
|
||||||
for element in range(count):
|
for element in range(count):
|
||||||
if element > 0:
|
if element > 0:
|
||||||
|
@ -535,9 +536,9 @@ class Agent:
|
||||||
conditionIndex = query.index(" FROM ")
|
conditionIndex = query.index(" FROM ")
|
||||||
inbandQuery += query[conditionIndex:]
|
inbandQuery += query[conditionIndex:]
|
||||||
|
|
||||||
if getIdentifiedDBMS() == DBMS.ORACLE:
|
if getIdentifiedDBMS() in INBAND_FROM_TABLE:
|
||||||
if " FROM " not in inbandQuery:
|
if " FROM " not in inbandQuery:
|
||||||
inbandQuery += " FROM DUAL"
|
inbandQuery += INBAND_FROM_TABLE[getIdentifiedDBMS()]
|
||||||
|
|
||||||
if intoRegExp:
|
if intoRegExp:
|
||||||
inbandQuery += intoRegExp
|
inbandQuery += intoRegExp
|
||||||
|
@ -554,8 +555,8 @@ class Agent:
|
||||||
else:
|
else:
|
||||||
inbandQuery += char
|
inbandQuery += char
|
||||||
|
|
||||||
if getIdentifiedDBMS() == DBMS.ORACLE:
|
if getIdentifiedDBMS() in INBAND_FROM_TABLE:
|
||||||
inbandQuery += " FROM DUAL"
|
inbandQuery += INBAND_FROM_TABLE[getIdentifiedDBMS()]
|
||||||
|
|
||||||
inbandQuery = self.suffixQuery(inbandQuery, comment, suffix)
|
inbandQuery = self.suffixQuery(inbandQuery, comment, suffix)
|
||||||
|
|
||||||
|
|
|
@ -12,6 +12,7 @@ import os
|
||||||
import subprocess
|
import subprocess
|
||||||
import sys
|
import sys
|
||||||
|
|
||||||
|
from lib.core.enums import DBMS
|
||||||
from lib.core.revision import getRevisionNumber
|
from lib.core.revision import getRevisionNumber
|
||||||
|
|
||||||
# sqlmap version and site
|
# sqlmap version and site
|
||||||
|
@ -119,6 +120,8 @@ SYBASE_ALIASES = [ "sybase", "sybase sql server" ]
|
||||||
SUPPORTED_DBMS = MSSQL_ALIASES + MYSQL_ALIASES + PGSQL_ALIASES + ORACLE_ALIASES + SQLITE_ALIASES + ACCESS_ALIASES + FIREBIRD_ALIASES + MAXDB_ALIASES + SYBASE_ALIASES
|
SUPPORTED_DBMS = MSSQL_ALIASES + MYSQL_ALIASES + PGSQL_ALIASES + ORACLE_ALIASES + SQLITE_ALIASES + ACCESS_ALIASES + FIREBIRD_ALIASES + MAXDB_ALIASES + SYBASE_ALIASES
|
||||||
SUPPORTED_OS = ( "linux", "windows" )
|
SUPPORTED_OS = ( "linux", "windows" )
|
||||||
|
|
||||||
|
INBAND_FROM_TABLE = {DBMS.ORACLE: " FROM DUAL", DBMS.ACCESS: " FROM MSysObjects", DBMS.FIREBIRD: " FROM RDB$DATABASE", DBMS.MAXDB: " FROM VERSIONS"}
|
||||||
|
|
||||||
SQL_STATEMENTS = {
|
SQL_STATEMENTS = {
|
||||||
"SQL SELECT statement": (
|
"SQL SELECT statement": (
|
||||||
"select ",
|
"select ",
|
||||||
|
|
|
@ -22,6 +22,7 @@ from lib.core.data import logger
|
||||||
from lib.core.data import queries
|
from lib.core.data import queries
|
||||||
from lib.core.enums import DBMS
|
from lib.core.enums import DBMS
|
||||||
from lib.core.enums import PAYLOAD
|
from lib.core.enums import PAYLOAD
|
||||||
|
from lib.core.settings import INBAND_FROM_TABLE
|
||||||
from lib.core.unescaper import unescaper
|
from lib.core.unescaper import unescaper
|
||||||
from lib.parse.html import htmlParser
|
from lib.parse.html import htmlParser
|
||||||
from lib.request.connect import Connect as Request
|
from lib.request.connect import Connect as Request
|
||||||
|
@ -97,14 +98,14 @@ def __unionTestByCharBruteforce(comment, place, parameter, value, prefix, suffix
|
||||||
query = agent.prefixQuery("UNION ALL SELECT %s" % conf.uChar)
|
query = agent.prefixQuery("UNION ALL SELECT %s" % conf.uChar)
|
||||||
|
|
||||||
for count in range(conf.uColsStart, conf.uColsStop+1):
|
for count in range(conf.uColsStart, conf.uColsStop+1):
|
||||||
if getIdentifiedDBMS() == DBMS.ORACLE and query.endswith(" FROM DUAL"):
|
if getIdentifiedDBMS() in INBAND_FROM_TABLE and query.endswith(INBAND_FROM_TABLE[getIdentifiedDBMS()]):
|
||||||
query = query[:-len(" FROM DUAL")]
|
query = query[:-len(INBAND_FROM_TABLE[getIdentifiedDBMS()])]
|
||||||
|
|
||||||
if count:
|
if count:
|
||||||
query += ", %s" % conf.uChar
|
query += ", %s" % conf.uChar
|
||||||
|
|
||||||
if getIdentifiedDBMS() == DBMS.ORACLE:
|
if getIdentifiedDBMS() in INBAND_FROM_TABLE:
|
||||||
query += " FROM DUAL"
|
query += INBAND_FROM_TABLE[getIdentifiedDBMS()]
|
||||||
|
|
||||||
status = '%d/%d (%d%s)' % (count, conf.uColsStop, round(100.0*count/conf.uColsStop), '%')
|
status = '%d/%d (%d%s)' % (count, conf.uColsStop, round(100.0*count/conf.uColsStop), '%')
|
||||||
debugMsg = "testing number of columns: %s" % status
|
debugMsg = "testing number of columns: %s" % status
|
||||||
|
|
|
@ -25,6 +25,7 @@ from lib.core.data import queries
|
||||||
from lib.core.enums import DBMS
|
from lib.core.enums import DBMS
|
||||||
from lib.core.enums import PAYLOAD
|
from lib.core.enums import PAYLOAD
|
||||||
from lib.core.exception import sqlmapSyntaxException
|
from lib.core.exception import sqlmapSyntaxException
|
||||||
|
from lib.core.settings import INBAND_FROM_TABLE
|
||||||
from lib.core.unescaper import unescaper
|
from lib.core.unescaper import unescaper
|
||||||
from lib.request.connect import Connect as Request
|
from lib.request.connect import Connect as Request
|
||||||
from lib.utils.resume import resume
|
from lib.utils.resume import resume
|
||||||
|
@ -118,7 +119,7 @@ def unionUse(expression, direct=False, unescape=True, resetCounter=False, unpack
|
||||||
stopLimit = conf.limitStop
|
stopLimit = conf.limitStop
|
||||||
|
|
||||||
if not stopLimit or stopLimit <= 1:
|
if not stopLimit or stopLimit <= 1:
|
||||||
if getIdentifiedDBMS() == DBMS.ORACLE and expression.endswith("FROM DUAL"):
|
if getIdentifiedDBMS() in INBAND_FROM_TABLE and expression.endswith(INBAND_FROM_TABLE[getIdentifiedDBMS()]):
|
||||||
test = False
|
test = False
|
||||||
else:
|
else:
|
||||||
test = True
|
test = True
|
||||||
|
|
Loading…
Reference in New Issue
Block a user