sqlmapproject/sqlmap
1
1
Fork 0
mirror of https://github.com/sqlmapproject/sqlmap.git synced 2025-02-09 08:00:36 +03:00
Code Issues Packages Projects Releases Wiki Activity

added support for --search -T for SQLite

Browse Source
This commit is contained in:
Bernardo Damele 2013-01-14 16:26:11 +00:00
parent 8cff8301f5
commit e555c2be30
2 changed files with 54 additions and 36 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

85
plugins/generic/search.py
View File

@ -193,6 +193,16 @@ class Search:
query += whereDbsQuery query += whereDbsQuery
values = inject.getValue(query, blind=False, time=False) values = inject.getValue(query, blind=False, time=False)
if Backend.isDbms(DBMS.SQLITE):
newValues = []
if isinstance(values, basestring):
values = [values]
for value in values:
newValues.append(["SQLite_masterdb", value])
values = newValues
for foundDb, foundTbl in filterPairValues(values): for foundDb, foundTbl in filterPairValues(values):
foundDb = safeSQLIdentificatorNaming(foundDb) foundDb = safeSQLIdentificatorNaming(foundDb)
foundTbl = safeSQLIdentificatorNaming(foundTbl, True) foundTbl = safeSQLIdentificatorNaming(foundTbl, True)
@ -205,47 +215,50 @@ class Search:
else: else:
foundTbls[foundDb] = [foundTbl] foundTbls[foundDb] = [foundTbl]
else: else:
infoMsg = "fetching number of databases with table" if not Backend.isDbms(DBMS.SQLITE):
if tblConsider == "1": infoMsg = "fetching number of databases with table"
infoMsg += "s like"
infoMsg += " '%s'" % unsafeSQLIdentificatorNaming(tbl)
logger.info(infoMsg)
query = rootQuery.blind.count
query += tblQuery
query += whereDbsQuery
count = inject.getValue(query, union=False, error=False, expected=EXPECTED.INT, charsetType=CHARSET_TYPE.DIGITS)
if not isNumPosStrValue(count):
warnMsg = "no databases have table"
if tblConsider == "1": if tblConsider == "1":
warnMsg += "s like" infoMsg += "s like"
warnMsg += " '%s'" % unsafeSQLIdentificatorNaming(tbl) infoMsg += " '%s'" % unsafeSQLIdentificatorNaming(tbl)
logger.warn(warnMsg) logger.info(infoMsg)
continue query = rootQuery.blind.count
indexRange = getLimitRange(count)
for index in indexRange:
query = rootQuery.blind.query
query += tblQuery query += tblQuery
query += whereDbsQuery query += whereDbsQuery
if Backend.isDbms(DBMS.DB2): count = inject.getValue(query, union=False, error=False, expected=EXPECTED.INT, charsetType=CHARSET_TYPE.DIGITS)
query += ") AS foobar"
query = agent.limitQuery(index, query)
foundDb = unArrayizeValue(inject.getValue(query, union=False, error=False)) if not isNumPosStrValue(count):
foundDb = safeSQLIdentificatorNaming(foundDb) warnMsg = "no databases have table"
if tblConsider == "1":
warnMsg += "s like"
warnMsg += " '%s'" % unsafeSQLIdentificatorNaming(tbl)
logger.warn(warnMsg)
if foundDb not in foundTbls: continue
foundTbls[foundDb] = []
indexRange = getLimitRange(count)
for index in indexRange:
query = rootQuery.blind.query
query += tblQuery
query += whereDbsQuery
if Backend.isDbms(DBMS.DB2):
query += ") AS foobar"
query = agent.limitQuery(index, query)
foundDb = unArrayizeValue(inject.getValue(query, union=False, error=False))
foundDb = safeSQLIdentificatorNaming(foundDb)
if foundDb not in foundTbls:
foundTbls[foundDb] = []
if tblConsider == "2":
foundTbls[foundDb].append(tbl)
if tblConsider == "2": if tblConsider == "2":
foundTbls[foundDb].append(tbl) continue
else:
if tblConsider == "2": foundTbls["SQLite_masterdb"] = []
continue
for db in foundTbls.keys(): for db in foundTbls.keys():
db = safeSQLIdentificatorNaming(db) db = safeSQLIdentificatorNaming(db)
@ -257,7 +270,8 @@ class Search:
logger.info(infoMsg) logger.info(infoMsg)
query = rootQuery.blind.count2 query = rootQuery.blind.count2
query = query % unsafeSQLIdentificatorNaming(db) if not Backend.isDbms(DBMS.SQLITE):
query = query % unsafeSQLIdentificatorNaming(db)
query += " AND %s" % tblQuery query += " AND %s" % tblQuery
count = inject.getValue(query, union=False, error=False, expected=EXPECTED.INT, charsetType=CHARSET_TYPE.DIGITS) count = inject.getValue(query, union=False, error=False, expected=EXPECTED.INT, charsetType=CHARSET_TYPE.DIGITS)
@ -275,7 +289,8 @@ class Search:
for index in indexRange: for index in indexRange:
query = rootQuery.blind.query2 query = rootQuery.blind.query2
query = query % unsafeSQLIdentificatorNaming(db) if not Backend.isDbms(DBMS.SQLITE):
query = query % unsafeSQLIdentificatorNaming(db)
query += " AND %s" % tblQuery query += " AND %s" % tblQuery
query = agent.limitQuery(index, query) query = agent.limitQuery(index, query)

5
xml/queries.xml
View File

@ -347,7 +347,10 @@
<blind query="SELECT %s FROM %s LIMIT %d,1" count="SELECT COUNT(*) FROM %s"/> <blind query="SELECT %s FROM %s LIMIT %d,1" count="SELECT COUNT(*) FROM %s"/>
</dump_table> </dump_table>
<search_db/> <search_db/>
<search_table/> <search_table>
<inband query="SELECT tbl_name FROM sqlite_master WHERE type='table' AND " condition="tbl_name" condition2=""/>
<blind query="" query2="SELECT tbl_name FROM sqlite_master WHERE type='table'" count="" count2="SELECT COUNT(tbl_name) FROM sqlite_master WHERE type='table'" condition="tbl_name" condition2=""/>
</search_table>
<search_column/> <search_column/>
</dbms> </dbms>