PenTest/sqlmap
1
0
Fork 0
mirror of https://github.com/sqlmapproject/sqlmap.git synced 2025-12-06 12:41:30 +00:00
Code Issues Projects Releases Wiki Activity

Major code refactoring - moved to one location only (getIdentifiedDBMS() in common.py) the retrieval of identified/fingerprinted DBMS.

Browse Source 
Minor bug fixes thanks to previous refactoring too.
This commit is contained in:
Bernardo Damele
2011-01-13 17:36:54 +00:00
parent a1d1f69c3f
commit 2ac8debea0
37 changed files with 342 additions and 314 deletions
Download Patch File Download Diff File Expand all files Collapse all files

6
lib/techniques/blind/inference.py
View File

@@ -16,6 +16,7 @@ from lib.core.common import dataToSessionFile
from lib.core.common import dataToStdout
from lib.core.common import filterControlChars
from lib.core.common import getCharset
from lib.core.common import getIdentifiedDBMS
from lib.core.common import goGoodSamaritan
from lib.core.common import getPartRun
from lib.core.common import popValue
@@ -49,7 +50,6 @@ def bisection(payload, expression, length=None, charsetType=None, firstChar=None
finalValue = ""
asciiTbl = getCharset(charsetType)
timeBasedCompare = (kb.technique in (PAYLOAD.TECHNIQUE.TIME, PAYLOAD.TECHNIQUE.STACKED))
dbms = kb.dbms if kb.dbms else kb.misc.testedDbms
# Set kb.partRun in case "common prediction" feature (a.k.a. "good
# samaritan") is used
@@ -121,7 +121,7 @@ def bisection(payload, expression, length=None, charsetType=None, firstChar=None
hintlock.release()
if hintValue is not None and len(hintValue) >= idx:
if dbms in (DBMS.SQLITE, DBMS.ACCESS, DBMS.MAXDB):
if getIdentifiedDBMS() in (DBMS.SQLITE, DBMS.ACCESS, DBMS.MAXDB):
posValue = hintValue[idx-1]
else:
posValue = ord(hintValue[idx-1])
@@ -454,7 +454,7 @@ def bisection(payload, expression, length=None, charsetType=None, firstChar=None
# check it via equal against the substring-query output
if commonPattern is not None:
# Substring-query containing equals commonPattern
subquery = queries[dbms].substring.query % (expressionUnescaped, 1, len(commonPattern))
subquery = queries[getIdentifiedDBMS()].substring.query % (expressionUnescaped, 1, len(commonPattern))
testValue = unescaper.unescape("'%s'" % commonPattern) if "'" not in commonPattern else unescaper.unescape("%s" % commonPattern, quote=False)
query = agent.prefixQuery(safeStringFormat("AND (%s) = %s", (subquery, testValue)))
query = agent.suffixQuery(query)