mirror of
https://github.com/sqlmapproject/sqlmap.git
synced 2025-03-03 11:45:46 +03:00
consistency between --tables and --columns when -T and -C are respectively provided - there was a leftover from when --search called getColumns() as --columns: this is no longer the case (closes issue #306)
This commit is contained in:
parent
57412f8475
commit
e1b7a6350e
|
@ -388,19 +388,6 @@ class Databases:
|
|||
|
||||
conf.db = safeSQLIdentificatorNaming(conf.db)
|
||||
|
||||
if conf.col:
|
||||
if Backend.getIdentifiedDbms() in (DBMS.ORACLE, DBMS.DB2):
|
||||
conf.col = conf.col.upper()
|
||||
|
||||
colList = conf.col.split(",")
|
||||
else:
|
||||
colList = []
|
||||
|
||||
for col in colList:
|
||||
colList[colList.index(col)] = safeSQLIdentificatorNaming(col)
|
||||
|
||||
colList = filter(None, colList)
|
||||
|
||||
if conf.tbl:
|
||||
if Backend.getIdentifiedDbms() in (DBMS.ORACLE, DBMS.DB2):
|
||||
conf.tbl = conf.tbl.upper()
|
||||
|
@ -440,7 +427,19 @@ class Databases:
|
|||
logger.error(errMsg)
|
||||
bruteForce = True
|
||||
|
||||
if bruteForce or colList:
|
||||
if bruteForce:
|
||||
if conf.col:
|
||||
if Backend.getIdentifiedDbms() in (DBMS.ORACLE, DBMS.DB2):
|
||||
conf.col = conf.col.upper()
|
||||
|
||||
colList = conf.col.split(",")
|
||||
else:
|
||||
colList = []
|
||||
|
||||
for col in colList:
|
||||
colList[colList.index(col)] = safeSQLIdentificatorNaming(col)
|
||||
|
||||
colList = filter(None, colList)
|
||||
resumeAvailable = False
|
||||
|
||||
for tbl in tblList:
|
||||
|
@ -491,37 +490,17 @@ class Databases:
|
|||
|
||||
return {conf.db: kb.data.cachedColumns[conf.db]}
|
||||
|
||||
infoMsg = "fetching columns "
|
||||
|
||||
if len(colList) > 0:
|
||||
if colTuple is None:
|
||||
colConsider, colCondParam = self.likeOrExact("column")
|
||||
else:
|
||||
colConsider, colCondParam = colTuple
|
||||
condQueryStr = "%%s%s" % colCondParam
|
||||
condQuery = " AND (%s)" % " OR ".join(condQueryStr % (condition, unsafeSQLIdentificatorNaming(col)) for col in sorted(colList))
|
||||
|
||||
if colConsider == "1":
|
||||
infoMsg += "like '%s' " % ", ".join(unsafeSQLIdentificatorNaming(col) for col in sorted(colList))
|
||||
else:
|
||||
infoMsg += "'%s' " % ", ".join(unsafeSQLIdentificatorNaming(col) for col in sorted(colList))
|
||||
else:
|
||||
condQuery = ""
|
||||
|
||||
infoMsg += "for table '%s' " % unsafeSQLIdentificatorNaming(tbl)
|
||||
infoMsg = "fetching columns for table '%s' " % unsafeSQLIdentificatorNaming(tbl)
|
||||
infoMsg += "in database '%s'" % unsafeSQLIdentificatorNaming(conf.db)
|
||||
logger.info(infoMsg)
|
||||
|
||||
if Backend.getIdentifiedDbms() in (DBMS.MYSQL, DBMS.PGSQL):
|
||||
query = rootQuery.inband.query % (unsafeSQLIdentificatorNaming(tbl), unsafeSQLIdentificatorNaming(conf.db))
|
||||
query += condQuery
|
||||
elif Backend.getIdentifiedDbms() in (DBMS.ORACLE, DBMS.DB2):
|
||||
query = rootQuery.inband.query % unsafeSQLIdentificatorNaming(tbl.upper())
|
||||
query += condQuery
|
||||
elif Backend.isDbms(DBMS.MSSQL):
|
||||
query = rootQuery.inband.query % (conf.db, conf.db, conf.db, conf.db,
|
||||
conf.db, conf.db, conf.db, unsafeSQLIdentificatorNaming(tbl).split(".")[-1])
|
||||
query += condQuery.replace("[DB]", conf.db)
|
||||
elif Backend.isDbms(DBMS.SQLITE):
|
||||
query = rootQuery.inband.query % tbl
|
||||
|
||||
|
@ -560,44 +539,19 @@ class Databases:
|
|||
|
||||
return {conf.db: kb.data.cachedColumns[conf.db]}
|
||||
|
||||
infoMsg = "fetching columns "
|
||||
|
||||
if len(colList) > 0:
|
||||
if colTuple is None:
|
||||
colConsider, colCondParam = self.likeOrExact("column")
|
||||
else:
|
||||
colConsider, colCondParam = colTuple
|
||||
condQueryStr = "%%s%s" % colCondParam
|
||||
condQuery = " AND (%s)" % " OR ".join(condQueryStr % (condition, unsafeSQLIdentificatorNaming(col)) for col in sorted(colList))
|
||||
|
||||
if colConsider == "1":
|
||||
infoMsg += "like '%s' " % ", ".join(unsafeSQLIdentificatorNaming(col) for col in sorted(colList))
|
||||
else:
|
||||
infoMsg += "'%s' " % ", ".join(unsafeSQLIdentificatorNaming(col) for col in sorted(colList))
|
||||
else:
|
||||
condQuery = ""
|
||||
|
||||
infoMsg += "for table '%s' " % unsafeSQLIdentificatorNaming(tbl)
|
||||
infoMsg = "fetching columns for table '%s' " % unsafeSQLIdentificatorNaming(tbl)
|
||||
infoMsg += "in database '%s'" % unsafeSQLIdentificatorNaming(conf.db)
|
||||
logger.info(infoMsg)
|
||||
|
||||
if Backend.getIdentifiedDbms() in (DBMS.MYSQL, DBMS.PGSQL):
|
||||
query = rootQuery.blind.count % (unsafeSQLIdentificatorNaming(tbl), unsafeSQLIdentificatorNaming(conf.db))
|
||||
query += condQuery
|
||||
|
||||
elif Backend.getIdentifiedDbms() in (DBMS.ORACLE, DBMS.DB2):
|
||||
query = rootQuery.blind.count % unsafeSQLIdentificatorNaming(tbl.upper())
|
||||
query += condQuery
|
||||
|
||||
elif Backend.isDbms(DBMS.MSSQL):
|
||||
query = rootQuery.blind.count % (conf.db, conf.db, \
|
||||
unsafeSQLIdentificatorNaming(tbl).split(".")[-1])
|
||||
query += condQuery.replace("[DB]", conf.db)
|
||||
|
||||
elif Backend.isDbms(DBMS.FIREBIRD):
|
||||
query = rootQuery.blind.count % (tbl)
|
||||
query += condQuery
|
||||
|
||||
elif Backend.isDbms(DBMS.SQLITE):
|
||||
query = rootQuery.blind.query % tbl
|
||||
value = inject.getValue(query, union=False, error=False)
|
||||
|
@ -620,19 +574,15 @@ class Databases:
|
|||
for index in getLimitRange(count):
|
||||
if Backend.getIdentifiedDbms() in (DBMS.MYSQL, DBMS.PGSQL):
|
||||
query = rootQuery.blind.query % (unsafeSQLIdentificatorNaming(tbl), unsafeSQLIdentificatorNaming(conf.db))
|
||||
query += condQuery
|
||||
field = None
|
||||
elif Backend.getIdentifiedDbms() in (DBMS.ORACLE, DBMS.DB2):
|
||||
query = rootQuery.blind.query % unsafeSQLIdentificatorNaming(tbl.upper())
|
||||
query += condQuery
|
||||
field = None
|
||||
elif Backend.isDbms(DBMS.MSSQL):
|
||||
query = rootQuery.blind.query.replace("'%s'", "'%s'" % unsafeSQLIdentificatorNaming(tbl).split(".")[-1]).replace("%s", conf.db).replace("%d", str(index))
|
||||
query += condQuery.replace("[DB]", conf.db)
|
||||
field = condition.replace("[DB]", conf.db)
|
||||
elif Backend.isDbms(DBMS.FIREBIRD):
|
||||
query = rootQuery.blind.query % (tbl)
|
||||
query += condQuery
|
||||
field = None
|
||||
|
||||
query = agent.limitQuery(index, query, field, field)
|
||||
|
|
Loading…
Reference in New Issue
Block a user