sqlmapproject/sqlmap
1
1
Fork 0
mirror of https://github.com/sqlmapproject/sqlmap.git synced 2025-01-23 15:54:24 +03:00
Code Issues Packages Projects Releases Wiki Activity

Fixes #2678

Browse Source
This commit is contained in:
Miroslav Stampar 2017-09-04 23:00:16 +02:00
parent 511f2a6d12
commit e609bd04ad
4 changed files with 16 additions and 16 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

4
lib/core/common.py
View File

@ -3586,11 +3586,11 @@ def unsafeSQLIdentificatorNaming(name):
if isinstance(name, basestring): if isinstance(name, basestring):
if Backend.getIdentifiedDbms() in (DBMS.MYSQL, DBMS.ACCESS): if Backend.getIdentifiedDbms() in (DBMS.MYSQL, DBMS.ACCESS):
retVal = name.replace("`", "") retVal = name.replace("`", "")
elif Backend.getIdentifiedDbms() in (DBMS.PGSQL, DBMS.DB2): elif Backend.getIdentifiedDbms() in (DBMS.PGSQL, DBMS.DB2, DBMS.SQLITE, DBMS.INFORMIX, DBMS.HSQLDB):
retVal = name.replace("\"", "") retVal = name.replace("\"", "")
elif Backend.getIdentifiedDbms() in (DBMS.ORACLE,): elif Backend.getIdentifiedDbms() in (DBMS.ORACLE,):
retVal = name.replace("\"", "").upper() retVal = name.replace("\"", "").upper()
elif Backend.getIdentifiedDbms() in (DBMS.MSSQL,): elif Backend.getIdentifiedDbms() in (DBMS.MSSQL, DBMS.SYBASE):
retVal = name.replace("[", "").replace("]", "") retVal = name.replace("[", "").replace("]", "")
if Backend.getIdentifiedDbms() in (DBMS.MSSQL, DBMS.SYBASE): if Backend.getIdentifiedDbms() in (DBMS.MSSQL, DBMS.SYBASE):

2
lib/core/settings.py
View File

@ -19,7 +19,7 @@ from lib.core.enums import DBMS_DIRECTORY_NAME
from lib.core.enums import OS from lib.core.enums import OS
# sqlmap version (<major>.<minor>.<month>.<monthly commit>) # sqlmap version (<major>.<minor>.<month>.<monthly commit>)
VERSION = "1.1.9.2" VERSION = "1.1.9.3"
TYPE = "dev" if VERSION.count('.') > 2 and VERSION.split('.')[-1] != '0' else "stable" TYPE = "dev" if VERSION.count('.') > 2 and VERSION.split('.')[-1] != '0' else "stable"
TYPE_COLORS = {"dev": 33, "stable": 90, "pip": 34} TYPE_COLORS = {"dev": 33, "stable": 90, "pip": 34}
VERSION_STRING = "sqlmap/%s#%s" % ('.'.join(VERSION.split('.')[:-1]) if VERSION.count('.') > 2 and VERSION.split('.')[-1] == '0' else VERSION, TYPE) VERSION_STRING = "sqlmap/%s#%s" % ('.'.join(VERSION.split('.')[:-1]) if VERSION.count('.') > 2 and VERSION.split('.')[-1] == '0' else VERSION, TYPE)

20
plugins/generic/databases.py
View File

@ -534,7 +534,7 @@ class Databases:
conf.db, conf.db, conf.db, unsafeSQLIdentificatorNaming(tbl).split(".")[-1]) conf.db, conf.db, conf.db, unsafeSQLIdentificatorNaming(tbl).split(".")[-1])
query += condQuery.replace("[DB]", conf.db) query += condQuery.replace("[DB]", conf.db)
elif Backend.getIdentifiedDbms() in (DBMS.SQLITE, DBMS.FIREBIRD): elif Backend.getIdentifiedDbms() in (DBMS.SQLITE, DBMS.FIREBIRD):
query = rootQuery.inband.query % tbl query = rootQuery.inband.query % unsafeSQLIdentificatorNaming(tbl)
if dumpMode and colList: if dumpMode and colList:
values = [(_,) for _ in colList] values = [(_,) for _ in colList]
@ -564,7 +564,7 @@ class Databases:
index, values = 1, [] index, values = 1, []
while True: while True:
query = rootQuery.inband.query2 % (conf.db, tbl, index) query = rootQuery.inband.query2 % (conf.db, unsafeSQLIdentificatorNaming(tbl), index)
value = unArrayizeValue(inject.getValue(query, blind=False, time=False)) value = unArrayizeValue(inject.getValue(query, blind=False, time=False))
if isNoneValue(value) or value == " ": if isNoneValue(value) or value == " ":
@ -663,15 +663,15 @@ class Databases:
query += condQuery.replace("[DB]", conf.db) query += condQuery.replace("[DB]", conf.db)
elif Backend.isDbms(DBMS.FIREBIRD): elif Backend.isDbms(DBMS.FIREBIRD):
query = rootQuery.blind.count % (tbl) query = rootQuery.blind.count % unsafeSQLIdentificatorNaming(tbl)
query += condQuery query += condQuery
elif Backend.isDbms(DBMS.INFORMIX): elif Backend.isDbms(DBMS.INFORMIX):
query = rootQuery.blind.count % (conf.db, conf.db, conf.db, conf.db, conf.db, tbl) query = rootQuery.blind.count % (conf.db, conf.db, conf.db, conf.db, conf.db, unsafeSQLIdentificatorNaming(tbl))
query += condQuery query += condQuery
elif Backend.isDbms(DBMS.SQLITE): elif Backend.isDbms(DBMS.SQLITE):
query = rootQuery.blind.query % tbl query = rootQuery.blind.query % unsafeSQLIdentificatorNaming(tbl)
value = unArrayizeValue(inject.getValue(query, union=False, error=False)) value = unArrayizeValue(inject.getValue(query, union=False, error=False))
parseSqliteTableSchema(value) parseSqliteTableSchema(value)
return kb.data.cachedColumns return kb.data.cachedColumns
@ -694,7 +694,7 @@ class Databases:
if Backend.isDbms(DBMS.MSSQL): if Backend.isDbms(DBMS.MSSQL):
count, index, values = 0, 1, [] count, index, values = 0, 1, []
while True: while True:
query = rootQuery.blind.query3 % (conf.db, tbl, index) query = rootQuery.blind.query3 % (conf.db, unsafeSQLIdentificatorNaming(tbl), index)
value = unArrayizeValue(inject.getValue(query, union=False, error=False)) value = unArrayizeValue(inject.getValue(query, union=False, error=False))
if isNoneValue(value) or value == " ": if isNoneValue(value) or value == " ":
break break
@ -723,11 +723,11 @@ class Databases:
query += condQuery.replace("[DB]", conf.db) query += condQuery.replace("[DB]", conf.db)
field = condition.replace("[DB]", conf.db) field = condition.replace("[DB]", conf.db)
elif Backend.isDbms(DBMS.FIREBIRD): elif Backend.isDbms(DBMS.FIREBIRD):
query = rootQuery.blind.query % (tbl) query = rootQuery.blind.query % unsafeSQLIdentificatorNaming(tbl)
query += condQuery query += condQuery
field = None field = None
elif Backend.isDbms(DBMS.INFORMIX): elif Backend.isDbms(DBMS.INFORMIX):
query = rootQuery.blind.query % (index, conf.db, conf.db, conf.db, conf.db, conf.db, tbl) query = rootQuery.blind.query % (index, conf.db, conf.db, conf.db, conf.db, conf.db, unsafeSQLIdentificatorNaming(tbl))
query += condQuery query += condQuery
field = condition field = condition
@ -761,9 +761,9 @@ class Databases:
query = rootQuery.blind.query2 % (conf.db, conf.db, conf.db, conf.db, column, conf.db, query = rootQuery.blind.query2 % (conf.db, conf.db, conf.db, conf.db, column, conf.db,
conf.db, conf.db, unsafeSQLIdentificatorNaming(tbl).split(".")[-1]) conf.db, conf.db, unsafeSQLIdentificatorNaming(tbl).split(".")[-1])
elif Backend.isDbms(DBMS.FIREBIRD): elif Backend.isDbms(DBMS.FIREBIRD):
query = rootQuery.blind.query2 % (tbl, column) query = rootQuery.blind.query2 % (unsafeSQLIdentificatorNaming(tbl), column)
elif Backend.isDbms(DBMS.INFORMIX): elif Backend.isDbms(DBMS.INFORMIX):
query = rootQuery.blind.query2 % (conf.db, conf.db, conf.db, conf.db, conf.db, tbl, column) query = rootQuery.blind.query2 % (conf.db, conf.db, conf.db, conf.db, conf.db, unsafeSQLIdentificatorNaming(tbl), column)
colType = unArrayizeValue(inject.getValue(query, union=False, error=False)) colType = unArrayizeValue(inject.getValue(query, union=False, error=False))

6
txt/checksum.md5
View File

@ -27,7 +27,7 @@ a66093c734c7f94ecdf94d882c2d8b89 lib/controller/controller.py
310efc965c862cfbd7b0da5150a5ad36 lib/controller/__init__.py 310efc965c862cfbd7b0da5150a5ad36 lib/controller/__init__.py
9f1adb993f66da030a4168571978e6fa lib/core/agent.py 9f1adb993f66da030a4168571978e6fa lib/core/agent.py
6cc95a117fbd34ef31b9aa25520f0e31 lib/core/bigarray.py 6cc95a117fbd34ef31b9aa25520f0e31 lib/core/bigarray.py
fc1f0a8732386fd502612fb4094fbcec lib/core/common.py 55e0317b8bacce94bd6edb1a644e6b4d lib/core/common.py
5065a4242a8cccf72f91e22e1007ae63 lib/core/convert.py 5065a4242a8cccf72f91e22e1007ae63 lib/core/convert.py
a8143dab9d3a27490f7d49b6b29ea530 lib/core/data.py a8143dab9d3a27490f7d49b6b29ea530 lib/core/data.py
7936d78b1a7f1f008ff92bf2f88574ba lib/core/datatype.py 7936d78b1a7f1f008ff92bf2f88574ba lib/core/datatype.py
@ -46,7 +46,7 @@ c5f09788ee8ff9c9d12a052986875bc6 lib/core/option.py
d8e9250f3775119df07e9070eddccd16 lib/core/replication.py d8e9250f3775119df07e9070eddccd16 lib/core/replication.py
785f86e3f963fa3798f84286a4e83ff2 lib/core/revision.py 785f86e3f963fa3798f84286a4e83ff2 lib/core/revision.py
40c80b28b3a5819b737a5a17d4565ae9 lib/core/session.py 40c80b28b3a5819b737a5a17d4565ae9 lib/core/session.py
5c4f3ca6d7e34e0c004c45cef1019e4a lib/core/settings.py b57b58b96088042397ce57b93a6be153 lib/core/settings.py
d91291997d2bd2f6028aaf371bf1d3b6 lib/core/shell.py d91291997d2bd2f6028aaf371bf1d3b6 lib/core/shell.py
2ad85c130cc5f2b3701ea85c2f6bbf20 lib/core/subprocessng.py 2ad85c130cc5f2b3701ea85c2f6bbf20 lib/core/subprocessng.py
4a6ecdd8a6e44bb4737bd9bc7f9b5743 lib/core/target.py 4a6ecdd8a6e44bb4737bd9bc7f9b5743 lib/core/target.py
@ -203,7 +203,7 @@ deed74334b637767fc9de8f74b37647a plugins/dbms/sybase/fingerprint.py
654cd5e69cf5e5c644bfa5d284e61206 plugins/dbms/sybase/takeover.py 654cd5e69cf5e5c644bfa5d284e61206 plugins/dbms/sybase/takeover.py
f700954549ad8ebf77f5187262fb9af0 plugins/generic/connector.py f700954549ad8ebf77f5187262fb9af0 plugins/generic/connector.py
5390591ca955036d492de11355b52e8f plugins/generic/custom.py 5390591ca955036d492de11355b52e8f plugins/generic/custom.py
4ad4bccc03256b8f3d21ba4f8f759404 plugins/generic/databases.py 9fc0c45c314e597fd6ae3b0068daafc0 plugins/generic/databases.py
106f19c1d895963e2efa8ee193a537ec plugins/generic/entries.py 106f19c1d895963e2efa8ee193a537ec plugins/generic/entries.py
55802d1d5d65938414c77ccc27731cab plugins/generic/enumeration.py 55802d1d5d65938414c77ccc27731cab plugins/generic/enumeration.py
0d10a0410c416fece51c26a935e68568 plugins/generic/filesystem.py 0d10a0410c416fece51c26a935e68568 plugins/generic/filesystem.py