sqlmapproject/sqlmap
1
1
Fork 0
mirror of https://github.com/sqlmapproject/sqlmap.git synced 2025-06-20 13:03:23 +03:00
Code Issues Packages Projects Releases Wiki Activity

dealing with variables in SQL procs - issue #33

Browse Source
This commit is contained in:
Bernardo Damele 2012-07-10 01:05:03 +01:00
parent 2527554f8e
commit f645ac6040
1 changed files with 13 additions and 4 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

17
lib/core/common.py
View File

@ -1567,11 +1567,20 @@ def getSQLSnippet(dbms, sfile, **variables):
for _ in re.findall(r"%RANDINT\d+%", retVal, re.I): for _ in re.findall(r"%RANDINT\d+%", retVal, re.I):
retVal = retVal.replace(_, randomInt()) retVal = retVal.replace(_, randomInt())
_ = re.findall(r"%(\w+)%", retVal, re.I) variables = re.findall(r"%(\w+)%", retVal, re.I)
if _: if variables:
errMsg = "unresolved variable%s '%s' in SQL file '%s'" % ("s" if len(_) > 1 else "", ", ".join(_), sfile) errMsg = "unresolved variable%s '%s' in SQL file '%s'" % ("s" if len(variables) > 1 else "", ", ".join(variables), sfile)
raise sqlmapGenericException, errMsg logger.error(errMsg)
msg = "do you want to provide the substitution values? [y/N] "
choice = readInput(msg, default="N")
if choice and choice[0].lower() == "y":
for var in variables:
msg = "insert value for variable '%s': " % var
val = readInput(msg)
retVal = retVal.replace(r"%%%s%%" % var, val)
return retVal return retVal