From f1dbe9e388731192984f13648bb0687ab7bc8eba Mon Sep 17 00:00:00 2001 From: Miroslav Stampar Date: Wed, 18 Aug 2021 23:16:19 +0200 Subject: [PATCH] Minor bug fix --- lib/core/settings.py | 2 +- plugins/generic/databases.py | 20 +++++++++++--------- 2 files changed, 12 insertions(+), 10 deletions(-) diff --git a/lib/core/settings.py b/lib/core/settings.py index 200622f6b..b074fbbda 100644 --- a/lib/core/settings.py +++ b/lib/core/settings.py @@ -20,7 +20,7 @@ from thirdparty import six from thirdparty.six import unichr as _unichr # sqlmap version (...) -VERSION = "1.5.8.3" +VERSION = "1.5.8.4" TYPE = "dev" if VERSION.count('.') > 2 and VERSION.split('.')[-1] != '0' else "stable" TYPE_COLORS = {"dev": 33, "stable": 90, "pip": 34} VERSION_STRING = "sqlmap/%s#%s" % ('.'.join(VERSION.split('.')[:-1]) if VERSION.count('.') > 2 and VERSION.split('.')[-1] == '0' else VERSION, TYPE) diff --git a/plugins/generic/databases.py b/plugins/generic/databases.py index d77d2f025..7e902fe44 100644 --- a/plugins/generic/databases.py +++ b/plugins/generic/databases.py @@ -363,8 +363,8 @@ class Databases(object): singleTimeLogMessage(infoMsg) continue - for query, count in ((rootQuery.blind.query, rootQuery.blind.count), (getattr(rootQuery.blind, "query2", None), getattr(rootQuery.blind, "count2", None))): - if query is None: + for _query, _count in ((rootQuery.blind.query, rootQuery.blind.count), (getattr(rootQuery.blind, "query2", None), getattr(rootQuery.blind, "count2", None))): + if _query is None: break infoMsg = "fetching number of tables for " @@ -372,9 +372,11 @@ class Databases(object): logger.info(infoMsg) if Backend.getIdentifiedDbms() not in (DBMS.SQLITE, DBMS.FIREBIRD, DBMS.MAXDB, DBMS.ACCESS, DBMS.MCKOI, DBMS.EXTREMEDB): - count = count % unsafeSQLIdentificatorNaming(db) + query = _count % unsafeSQLIdentificatorNaming(db) + else: + query = _count - count = inject.getValue(count, union=False, error=False, expected=EXPECTED.INT, charsetType=CHARSET_TYPE.DIGITS) + count = inject.getValue(query, union=False, error=False, expected=EXPECTED.INT, charsetType=CHARSET_TYPE.DIGITS) if count == 0: warnMsg = "database '%s' " % unsafeSQLIdentificatorNaming(db) @@ -395,15 +397,15 @@ class Databases(object): for index in indexRange: if Backend.isDbms(DBMS.SYBASE): - query = query % (db, (kb.data.cachedTables[-1] if kb.data.cachedTables else " ")) + query = _query % (db, (kb.data.cachedTables[-1] if kb.data.cachedTables else " ")) elif Backend.getIdentifiedDbms() in (DBMS.MAXDB, DBMS.ACCESS, DBMS.MCKOI, DBMS.EXTREMEDB): - query = query % (kb.data.cachedTables[-1] if kb.data.cachedTables else " ") + query = _query % (kb.data.cachedTables[-1] if kb.data.cachedTables else " ") elif Backend.getIdentifiedDbms() in (DBMS.SQLITE, DBMS.FIREBIRD): - query = query % index + query = _query % index elif Backend.getIdentifiedDbms() in (DBMS.HSQLDB, DBMS.INFORMIX, DBMS.FRONTBASE, DBMS.VIRTUOSO): - query = query % (index, unsafeSQLIdentificatorNaming(db)) + query = _query % (index, unsafeSQLIdentificatorNaming(db)) else: - query = query % (unsafeSQLIdentificatorNaming(db), index) + query = _query % (unsafeSQLIdentificatorNaming(db), index) table = unArrayizeValue(inject.getValue(query, union=False, error=False))