sqlmapproject/sqlmap
1
1
Fork 0
mirror of https://github.com/sqlmapproject/sqlmap.git synced 2025-01-24 08:14:24 +03:00
Code Issues Packages Projects Releases Wiki Activity

Major bug fix to --union-test

Browse Source
This commit is contained in:
Bernardo Damele 2010-10-25 23:39:55 +00:00
parent 7effd0c301
commit f5904d0bc0
9 changed files with 29 additions and 29 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
lib/controller/action.py
View File

@ -64,7 +64,7 @@ def action():
if conf.timeTest:
conf.dumper.technic("time based blind sql injection payload", timeTest())
if conf.unionTest and not kb.unionPosition:
if conf.unionTest and kb.unionPosition is None:
conf.dumper.technic("valid union", unionTest())
# Enumeration options

2
lib/core/agent.py
View File

@ -453,7 +453,7 @@ class Agent:
query = query[len("TOP %s " % topNum):]
inbandQuery += "TOP %s " % topNum
if not exprPosition:
if not isinstance(exprPosition, int):
exprPosition = kb.unionPosition
intoRegExp = re.search("(\s+INTO (DUMP|OUT)FILE\s+\'(.+?)\')", query, re.I)

2
lib/core/session.py
View File

@ -232,7 +232,7 @@ def setUnion(comment=None, count=None, position=None, negative=False, falseCond=
kb.unionComment = comment
kb.unionCount = count
if position:
if position is not None:
condition = (
not kb.resumedQueries or ( kb.resumedQueries.has_key(conf.url) and
( not kb.resumedQueries[conf.url].has_key("Union position")

4
lib/request/inject.py
View File

@ -358,10 +358,10 @@ def getValue(expression, blind=True, inband=True, error=True, fromUser=False, ex
if not value:
warnMsg = "for some reason(s) it was not possible to retrieve "
warnMsg += "the query output through error SQL injection "
warnMsg += "technique, sqlmap is going %s" % ("inband" if inband and kb.unionPosition else "blind")
warnMsg += "technique, sqlmap is going %s" % ("inband" if inband and kb.unionPosition is not None else "blind")
logger.warn(warnMsg)
if inband and kb.unionPosition and not value:
if inband and kb.unionPosition is not None and not value:
value = __goInband(expression, expected, sort, resumeValue, unpack, dump)
if not value:

16
lib/techniques/inband/union/test.py
View File

@ -107,24 +107,24 @@ def __unionConfirm():
# Assure that the above function found the exploitable full inband
# SQL injection position
if not isinstance(kb.unionPosition, int):
value = __unionPosition(falseCond=True)
# Assure that the above function found the exploitable partial
# (single entry) inband SQL injection position by appending
# a false condition after the parameter value
if not isinstance(kb.unionPosition, int):
value = __unionPosition(negative=True)
# Assure that the above function found the exploitable partial
# (single entry) inband SQL injection position with negative
# parameter value
if not isinstance(kb.unionPosition, int):
value = __unionPosition(falseCond=True)
# Assure that the above function found the exploitable partial
# (single entry) inband SQL injection position by appending
# a false condition after the parameter value
if not isinstance(kb.unionPosition, int):
return
else:
setUnion(negative=True)
else:
setUnion(falseCond=True)
else:
setUnion(negative=True)
return value

6
plugins/dbms/mssqlserver/enumeration.py
View File

@ -48,7 +48,7 @@ class Enumeration(GenericEnumeration):
else:
dbs = [conf.db]
if kb.unionPosition or conf.direct:
if kb.unionPosition is not None or conf.direct:
for db in dbs:
if conf.excludeSysDbs and db in self.excludeDbsList:
infoMsg = "skipping system database '%s'" % db
@ -138,7 +138,7 @@ class Enumeration(GenericEnumeration):
continue
if kb.unionPosition or conf.direct:
if kb.unionPosition is not None or conf.direct:
query = rootQuery["inband"]["query"] % db
query += tblQuery
values = inject.getValue(query, blind=False, error=False)
@ -223,7 +223,7 @@ class Enumeration(GenericEnumeration):
continue
if kb.unionPosition or conf.direct:
if kb.unionPosition is not None or conf.direct:
query = rootQuery["inband"]["query"] % (db, db, db, db, db)
query += " AND %s" % colQuery.replace("[DB]", db)
values = inject.getValue(query, blind=False, error=False)

2
plugins/dbms/mssqlserver/filesystem.py
View File

@ -92,7 +92,7 @@ class Filesystem(GenericFilesystem):
binToHexQuery = urlencode(binToHexQuery, convall=True)
inject.goStacked(binToHexQuery)
if kb.unionPosition:
if kb.unionPosition is not None:
result = inject.getValue("SELECT %s FROM %s ORDER BY id ASC" % (self.tblField, hexTbl), sort=False, resumeValue=False, blind=False, error=False)
if not result:

4
plugins/dbms/oracle/enumeration.py
View File

@ -36,7 +36,7 @@ class Enumeration(GenericEnumeration):
# Set containing the list of DBMS administrators
areAdmins = set()
if kb.unionPosition or conf.direct:
if kb.unionPosition is not None or conf.direct:
if query2:
query = rootQuery.inband.query2
condition = rootQuery.inband.condition2
@ -196,7 +196,7 @@ class Enumeration(GenericEnumeration):
colQuery = colQuery % column
for db in dbs.keys():
if kb.unionPosition or conf.direct:
if kb.unionPosition is not None or conf.direct:
query = rootQuery.inband.query
query += colQuery
values = inject.getValue(query, blind=False, error=False)

20
plugins/generic/enumeration.py
View File

@ -135,7 +135,7 @@ class Enumeration:
condition = ( kb.dbms == "Microsoft SQL Server" and kb.dbmsVersion[0] in ( "2005", "2008" ) )
condition |= ( kb.dbms == "MySQL" and not kb.data.has_information_schema )
if kb.unionPosition or conf.direct:
if kb.unionPosition is not None or conf.direct:
if condition:
query = rootQuery.inband.query2
else:
@ -194,7 +194,7 @@ class Enumeration:
logger.info(infoMsg)
if kb.unionPosition or conf.direct:
if kb.unionPosition is not None or conf.direct:
if kb.dbms == "Microsoft SQL Server" and kb.dbmsVersion[0] in ( "2005", "2008" ):
query = rootQuery.inband.query2
else:
@ -393,7 +393,7 @@ class Enumeration:
"E": "EXECUTE"
}
if kb.unionPosition or conf.direct:
if kb.unionPosition is not None or conf.direct:
if kb.dbms == "MySQL" and not kb.data.has_information_schema:
query = rootQuery.inband.query2
condition = rootQuery.inband.condition2
@ -639,7 +639,7 @@ class Enumeration:
rootQuery = queries[kb.dbms].dbs
if kb.unionPosition or conf.direct:
if kb.unionPosition is not None or conf.direct:
if kb.dbms == "MySQL" and not kb.data.has_information_schema:
query = rootQuery.inband.query2
else:
@ -708,7 +708,7 @@ class Enumeration:
rootQuery = queries[kb.dbms].tables
if kb.unionPosition or conf.direct:
if kb.unionPosition is not None or conf.direct:
query = rootQuery.inband.query
condition = rootQuery.inband.condition
@ -906,7 +906,7 @@ class Enumeration:
infoMsg += "on database '%s'" % conf.db
logger.info(infoMsg)
if kb.unionPosition or conf.direct:
if kb.unionPosition is not None or conf.direct:
if kb.dbms in ( "MySQL", "PostgreSQL" ):
query = rootQuery.inband.query % (conf.tbl, conf.db)
query += condQuery
@ -1085,7 +1085,7 @@ class Enumeration:
entriesCount = 0
if kb.unionPosition or conf.direct:
if kb.unionPosition is not None or conf.direct:
if kb.dbms == "Oracle":
query = rootQuery.inband.query % (colString, conf.tbl.upper())
elif kb.dbms == "SQLite":
@ -1343,7 +1343,7 @@ class Enumeration:
dbQuery = "%s%s" % (dbCond, dbCondParam)
dbQuery = dbQuery % db
if kb.unionPosition or conf.direct:
if kb.unionPosition is not None or conf.direct:
if kb.dbms == "MySQL" and not kb.data.has_information_schema:
query = rootQuery.inband.query2
else:
@ -1431,7 +1431,7 @@ class Enumeration:
tblQuery = "%s%s" % (tblCond, tblCondParam)
tblQuery = tblQuery % tbl
if kb.unionPosition or conf.direct:
if kb.unionPosition is not None or conf.direct:
query = rootQuery.inband.query
query += tblQuery
query += exclDbsQuery
@ -1552,7 +1552,7 @@ class Enumeration:
colQuery = "%s%s" % (colCond, colCondParam)
colQuery = colQuery % column
if kb.unionPosition or conf.direct:
if kb.unionPosition is not None or conf.direct:
query = rootQuery.inband.query
query += colQuery
query += exclDbsQuery