PenTest/sqlmap
1
0
Fork 0
mirror of https://github.com/sqlmapproject/sqlmap.git synced 2025-12-07 13:11:29 +00:00
Code Issues Projects Releases Wiki Activity

Minor refactoring

Browse Source
This commit is contained in:
Miroslav Stampar
2012-10-25 09:56:36 +02:00
parent c2058dfc8f
commit 54fbb22ab8
4 changed files with 13 additions and 10 deletions
Download Patch File Download Diff File Expand all files Collapse all files

1
plugins/generic/entries.py
View File

@@ -210,6 +210,7 @@ class Entries:
query = rootQuery.blind.count % tbl
else:
query = rootQuery.blind.count % (conf.db, tbl)
count = inject.getValue(query, inband=False, error=False, expected=EXPECTED.INT, charsetType=CHARSET_TYPE.DIGITS)
lengths = {}

7
plugins/generic/search.py
View File

@@ -6,6 +6,7 @@ See the file 'doc/COPYING' for copying permission
"""
from lib.core.agent import agent
from lib.core.common import arrayizeValue
from lib.core.common import Backend
from lib.core.common import filterPairValues
from lib.core.common import getLimitRange
@@ -83,8 +84,7 @@ class Search:
values = inject.getValue(query, blind=False)
if not isNoneValue(values):
if isinstance(values, basestring):
values = [values]
values = arrayizeValue(values)
for value in values:
value = safeSQLIdentificatorNaming(value)
@@ -100,6 +100,7 @@ class Search:
query = rootQuery.blind.count2
else:
query = rootQuery.blind.count
query += dbQuery
query += exclDbsQuery
count = inject.getValue(query, inband=False, error=False, expected=EXPECTED.INT, charsetType=CHARSET_TYPE.DIGITS)
@@ -232,6 +233,7 @@ class Search:
if Backend.isDbms(DBMS.DB2):
query += ") AS foobar"
query = agent.limitQuery(index, query)
foundDb = inject.getValue(query, inband=False, error=False)
foundDb = safeSQLIdentificatorNaming(foundDb)
@@ -275,6 +277,7 @@ class Search:
query = query % unsafeSQLIdentificatorNaming(db)
query += " AND %s" % tblQuery
query = agent.limitQuery(index, query)
foundTbl = inject.getValue(query, inband=False, error=False)
kb.hintValue = foundTbl
foundTbl = safeSQLIdentificatorNaming(foundTbl, True)

6
plugins/generic/users.py
View File

@@ -97,7 +97,7 @@ class Users:
query = rootQuery.inband.query2
else:
query = rootQuery.inband.query
value = inject.getValue(query, blind=False)
value = unArrayizeValue(inject.getValue(query, blind=False))
if not isNoneValue(value):
kb.data.cachedUsers = arrayizeValue(value)
@@ -110,6 +110,7 @@ class Users:
query = rootQuery.blind.count2
else:
query = rootQuery.blind.count
count = inject.getValue(query, inband=False, error=False, expected=EXPECTED.INT, charsetType=CHARSET_TYPE.DIGITS)
if not isNumPosStrValue(count):
@@ -250,6 +251,7 @@ class Users:
query = rootQuery.blind.count2 % user
else:
query = rootQuery.blind.count % user
count = inject.getValue(query, inband=False, error=False, expected=EXPECTED.INT, charsetType=CHARSET_TYPE.DIGITS)
if not isNumPosStrValue(count):
@@ -274,6 +276,7 @@ class Users:
query = rootQuery.blind.query % (user, index, user)
else:
query = rootQuery.blind.query % (user, index)
password = inject.getValue(query, inband=False, error=False)
password = parsePasswordHash(password)
passwords.append(password)
@@ -463,6 +466,7 @@ class Users:
query = rootQuery.blind.count2 % user
else:
query = rootQuery.blind.count % user
count = inject.getValue(query, inband=False, error=False, expected=EXPECTED.INT, charsetType=CHARSET_TYPE.DIGITS)
if not isNumPosStrValue(count):