mirror of
https://github.com/sqlmapproject/sqlmap.git
synced 2024-11-25 11:03:47 +03:00
minor update for MSSQL --tables (fallback to other method)
This commit is contained in:
parent
13f2afbbc9
commit
f412706fee
|
@ -93,8 +93,11 @@ class Enumeration(GenericEnumeration):
|
|||
|
||||
continue
|
||||
|
||||
query = rootQuery.inband.query.replace("%s", db)
|
||||
value = inject.getValue(query, blind=False)
|
||||
for query in (rootQuery.inband.query, rootQuery.inband.query2):
|
||||
query = query.replace("%s", db)
|
||||
value = inject.getValue(query, blind=False)
|
||||
if not isNoneValue(value):
|
||||
break
|
||||
|
||||
if not isNoneValue(value):
|
||||
kb.data.cachedTables[db] = arrayizeValue(value)
|
||||
|
|
|
@ -887,9 +887,6 @@ class Enumeration:
|
|||
if len(dbs) < 2 and ("%s," % condition) in query:
|
||||
query = query.replace("%s," % condition, "", 1)
|
||||
|
||||
if Backend.isDbms(DBMS.MSSQL):
|
||||
query = safeStringFormat(query, conf.db)
|
||||
|
||||
value = inject.getValue(query, blind=False)
|
||||
|
||||
if not isNoneValue(value):
|
||||
|
|
|
@ -184,7 +184,7 @@
|
|||
<blind query="SELECT TOP 1 name FROM master..sysdatabases WHERE name NOT IN (SELECT TOP %d name FROM master..sysdatabases ORDER BY name) ORDER BY name" count="SELECT LTRIM(STR(COUNT(name))) FROM master..sysdatabases"/>
|
||||
</dbs>
|
||||
<tables>
|
||||
<inband query="SELECT %s..sysusers.name+'.'+%s..sysobjects.name FROM %s..sysobjects INNER JOIN %s..sysusers ON %s..sysobjects.uid = %s..sysusers.uid WHERE xtype IN ('u', 'v')"/>
|
||||
<inband query="SELECT %s..sysusers.name+'.'+%s..sysobjects.name FROM %s..sysobjects INNER JOIN %s..sysusers ON %s..sysobjects.uid = %s..sysusers.uid WHERE xtype IN ('u', 'v')" query2="SELECT table_schema+'.'+table_name FROM information_schema.tables WHERE table_catalog='%s'"/>
|
||||
<blind query="SELECT TOP 1 %s..sysusers.name+'.'+%s..sysobjects.name FROM %s..sysobjects INNER JOIN %s..sysusers ON %s..sysobjects.uid = %s..sysusers.uid WHERE xtype IN ('u', 'v') AND %s..sysusers.name+'.'+%s..sysobjects.name NOT IN (SELECT TOP %d %s..sysusers.name+'.'+%s..sysobjects.name FROM %s..sysobjects INNER JOIN %s..sysusers ON %s..sysobjects.uid = %s..sysusers.uid WHERE xtype IN ('u', 'v') ORDER BY %s..sysusers.name+'.'+%s..sysobjects.name) ORDER BY %s..sysusers.name+'.'+%s..sysobjects.name" count="SELECT LTRIM(STR(COUNT(name))) FROM %s..sysobjects WHERE xtype IN ('u','v')"/>
|
||||
</tables>
|
||||
<columns>
|
||||
|
|
Loading…
Reference in New Issue
Block a user