sqlmapproject/sqlmap
1
1
Fork 0
mirror of https://github.com/sqlmapproject/sqlmap.git synced 2025-06-15 02:23:07 +03:00
Code Issues Packages Projects Releases Wiki Activity

Minor code refactoring

Browse Source
This commit is contained in:
Bernardo Damele 2008-12-02 23:49:38 +00:00
parent 4cb161ce4f
commit e3ddbe751f
4 changed files with 20 additions and 24 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

21
lib/core/agent.py
View File

@ -232,17 +232,20 @@ class Agent:
fieldsNoSelect = query fieldsNoSelect = query
if fieldsSelectTop: if fieldsSelectTop:
fieldsToCast = fieldsSelectTop.groups()[0] fieldsToCastStr = fieldsSelectTop.groups()[0]
elif fieldsSelectDistinct: elif fieldsSelectDistinct:
fieldsToCast = fieldsSelectDistinct.groups()[0] fieldsToCastStr = fieldsSelectDistinct.groups()[0]
elif fieldsSelectFrom: elif fieldsSelectFrom:
fieldsToCast = fieldsSelectFrom.groups()[0] fieldsToCastStr = fieldsSelectFrom.groups()[0]
elif fieldsSelect: elif fieldsSelect:
fieldsToCast = fieldsSelect.groups()[0] fieldsToCastStr = fieldsSelect.groups()[0]
elif fieldsNoSelect: elif fieldsNoSelect:
fieldsToCast = fieldsNoSelect fieldsToCastStr = fieldsNoSelect
return fieldsSelectFrom, fieldsSelect, fieldsNoSelect, fieldsToCast fieldsToCastList = fieldsToCastStr.replace(", ", ",")
fieldsToCastList = fieldsToCastList.split(",")
return fieldsSelectFrom, fieldsSelect, fieldsNoSelect, fieldsToCastList, fieldsToCastStr
def concatQuery(self, query): def concatQuery(self, query):
@ -274,9 +277,9 @@ class Agent:
concatQuery = "" concatQuery = ""
query = query.replace(", ", ",") query = query.replace(", ", ",")
fieldsSelectFrom, fieldsSelect, fieldsNoSelect, fieldsToCast = self.getFields(query) fieldsSelectFrom, fieldsSelect, fieldsNoSelect, _, fieldsToCastStr = self.getFields(query)
castedFields = self.nullCastConcatFields(fieldsToCast) castedFields = self.nullCastConcatFields(fieldsToCastStr)
concatQuery = query.replace(fieldsToCast, castedFields, 1) concatQuery = query.replace(fieldsToCastStr, castedFields, 1)
if kb.dbms == "MySQL": if kb.dbms == "MySQL":
if fieldsSelectFrom: if fieldsSelectFrom:

10
lib/request/inject.py
View File

@ -46,14 +46,6 @@ from lib.utils.resume import queryOutputLength
from lib.utils.resume import resume from lib.utils.resume import resume
def __getFieldsProxy(expression):
_, _, _, expressionFields = agent.getFields(expression)
expressionFieldsList = expressionFields.replace(", ", ",")
expressionFieldsList = expressionFieldsList.split(",")
return expressionFields, expressionFieldsList
def __goInference(payload, expression): def __goInference(payload, expression):
start = time.time() start = time.time()
@ -123,7 +115,7 @@ def __goInferenceProxy(expression, fromUser=False, expected=None):
return output return output
if kb.dbmsDetected: if kb.dbmsDetected:
expressionFields, expressionFieldsList = __getFieldsProxy(expression) _, _, _, expressionFieldsList, expressionFields = agent.getFields(expression)
if len(expressionFieldsList) > 1: if len(expressionFieldsList) > 1:
infoMsg = "the SQL query provided has more than a field. " infoMsg = "the SQL query provided has more than a field. "

10
lib/techniques/blind/inference.py
View File

@ -47,12 +47,12 @@ def bisection(payload, expression, length=None):
""" """
if kb.dbmsDetected: if kb.dbmsDetected:
_, _, _, fieldToCast = agent.getFields(expression) _, _, _, _, fieldToCastStr = agent.getFields(expression)
nulledCastedField = agent.nullAndCastField(fieldToCast) nulledCastedField = agent.nullAndCastField(fieldToCastStr)
expressionReplaced = expression.replace(fieldToCast, nulledCastedField, 1) expressionReplaced = expression.replace(fieldToCastStr, nulledCastedField, 1)
expressionUnescaped = unescaper.unescape(expressionReplaced) expressionUnescaped = unescaper.unescape(expressionReplaced)
else: else:
expressionUnescaped = unescaper.unescape(expression) expressionUnescaped = unescaper.unescape(expression)
infoMsg = "query: %s" % expressionUnescaped infoMsg = "query: %s" % expressionUnescaped
logger.info(infoMsg) logger.info(infoMsg)

3
lib/techniques/inband/union/use.py
View File

@ -94,7 +94,7 @@ def __unionPosition(count, expression, negative=False):
warnMsg += "%s inband sql injection vulnerability" % negLogMsg warnMsg += "%s inband sql injection vulnerability" % negLogMsg
if negLogMsg == "partial": if negLogMsg == "partial":
warnMsg += ", sqlmap will retrieve the expression output " warnMsg += ", sqlmap will retrieve the query output "
warnMsg += "through blind sql injection technique" warnMsg += "through blind sql injection technique"
logger.warn(warnMsg) logger.warn(warnMsg)
@ -143,6 +143,7 @@ def unionUse(expression):
# TODO: if conf.paramNegative == True and query can returns multiple # TODO: if conf.paramNegative == True and query can returns multiple
# entries, get once per time in a for cycle, see lib/request/inject.py # entries, get once per time in a for cycle, see lib/request/inject.py
# like for --sql-query and --sql-shell # like for --sql-query and --sql-shell
_, _, _, expressionFieldsList, expressionFields = agent.getFields(origExpr)
# Forge the inband SQL injection request # Forge the inband SQL injection request
query = agent.forgeInbandQuery(expression) query = agent.forgeInbandQuery(expression)