mirror of
https://github.com/sqlmapproject/sqlmap.git
synced 2024-11-26 11:33:47 +03:00
Proper return from error-based technique enumeration
This commit is contained in:
parent
fa58a9c86b
commit
e3a3ae11cc
|
@ -97,6 +97,8 @@ def __errorFields(expression, expressionFields, expressionFieldsList, expected=N
|
||||||
logger.warn(warnMsg)
|
logger.warn(warnMsg)
|
||||||
|
|
||||||
output = __oneShotErrorUse(expressionReplaced, field)
|
output = __oneShotErrorUse(expressionReplaced, field)
|
||||||
|
|
||||||
|
if output is not None:
|
||||||
logger.info("retrieved: %s" % output)
|
logger.info("retrieved: %s" % output)
|
||||||
|
|
||||||
if isinstance(num, int):
|
if isinstance(num, int):
|
||||||
|
@ -145,7 +147,7 @@ def errorUse(expression, expected=None, resumeValue=True, dump=False):
|
||||||
# entry per time
|
# entry per time
|
||||||
# NOTE: I assume that only queries that get data from a table can
|
# NOTE: I assume that only queries that get data from a table can
|
||||||
# return multiple entries
|
# return multiple entries
|
||||||
if " FROM " in expression.upper() and ((Backend.getIdentifiedDbms() not in FROM_TABLE) or (Backend.getIdentifiedDbms() in FROM_TABLE and not expression.upper().endswith(FROM_TABLE[Backend.getIdentifiedDbms()]))) and "EXISTS(" not in expression.upper():
|
if " FROM " in expression.upper() and ((Backend.getIdentifiedDbms() not in FROM_TABLE) or (Backend.getIdentifiedDbms() in FROM_TABLE and not expression.upper().endswith(FROM_TABLE[Backend.getIdentifiedDbms()]))) and "EXISTS(" not in expression.upper() and "(CASE" not in expression.upper():
|
||||||
limitRegExp = re.search(queries[Backend.getIdentifiedDbms()].limitregexp.query, expression, re.I)
|
limitRegExp = re.search(queries[Backend.getIdentifiedDbms()].limitregexp.query, expression, re.I)
|
||||||
topLimit = re.search("TOP\s+([\d]+)\s+", expression, re.I)
|
topLimit = re.search("TOP\s+([\d]+)\s+", expression, re.I)
|
||||||
|
|
||||||
|
@ -258,6 +260,9 @@ def errorUse(expression, expected=None, resumeValue=True, dump=False):
|
||||||
try:
|
try:
|
||||||
for num in xrange(startLimit, stopLimit):
|
for num in xrange(startLimit, stopLimit):
|
||||||
output = __errorFields(expression, expressionFields, expressionFieldsList, expected, num, resumeValue)
|
output = __errorFields(expression, expressionFields, expressionFieldsList, expected, num, resumeValue)
|
||||||
|
if output and isinstance(output, list) and len(output) == 1:
|
||||||
|
output = output[0]
|
||||||
|
|
||||||
outputs.append(output)
|
outputs.append(output)
|
||||||
|
|
||||||
except KeyboardInterrupt:
|
except KeyboardInterrupt:
|
||||||
|
@ -270,8 +275,10 @@ def errorUse(expression, expected=None, resumeValue=True, dump=False):
|
||||||
debugMsg = "performed %d queries in %d seconds" % (reqCount, duration)
|
debugMsg = "performed %d queries in %d seconds" % (reqCount, duration)
|
||||||
logger.debug(debugMsg)
|
logger.debug(debugMsg)
|
||||||
|
|
||||||
return outputs
|
if not outputs:
|
||||||
else:
|
outputs = __errorFields(expression, expressionFields, expressionFieldsList)
|
||||||
return __errorFields(expression, expressionFields, expressionFieldsList)
|
|
||||||
|
if outputs and isinstance(outputs, list) and len(outputs) == 1:
|
||||||
|
outputs = outputs[0]
|
||||||
|
|
||||||
return outputs
|
return outputs
|
||||||
|
|
|
@ -254,7 +254,7 @@ def unionUse(expression, direct=False, unescape=True, resetCounter=False, unpack
|
||||||
reqCount += 1
|
reqCount += 1
|
||||||
|
|
||||||
if kb.misc.start not in content or kb.misc.stop not in content:
|
if kb.misc.start not in content or kb.misc.stop not in content:
|
||||||
return
|
return None
|
||||||
|
|
||||||
# Parse the returned page to get the exact inband
|
# Parse the returned page to get the exact inband
|
||||||
# sql injection output
|
# sql injection output
|
||||||
|
|
|
@ -267,9 +267,6 @@ class Enumeration:
|
||||||
if parsedUser:
|
if parsedUser:
|
||||||
user = parsedUser.groups()[0]
|
user = parsedUser.groups()[0]
|
||||||
|
|
||||||
if isinstance(user, list):
|
|
||||||
user = user[0]
|
|
||||||
|
|
||||||
if not user or user in retrievedUsers:
|
if not user or user in retrievedUsers:
|
||||||
continue
|
continue
|
||||||
|
|
||||||
|
@ -539,9 +536,6 @@ class Enumeration:
|
||||||
if Backend.getIdentifiedDbms() == DBMS.MYSQL and kb.data.has_information_schema:
|
if Backend.getIdentifiedDbms() == DBMS.MYSQL and kb.data.has_information_schema:
|
||||||
unescapedUser = unescaper.unescape(user, quote=False)
|
unescapedUser = unescaper.unescape(user, quote=False)
|
||||||
|
|
||||||
if isinstance(user, list):
|
|
||||||
user = user[0]
|
|
||||||
|
|
||||||
if not user or user in retrievedUsers:
|
if not user or user in retrievedUsers:
|
||||||
continue
|
continue
|
||||||
|
|
||||||
|
|
Loading…
Reference in New Issue
Block a user