mirror of
https://github.com/sqlmapproject/sqlmap.git
synced 2025-12-27 18:09:01 +00:00
Update for an Issue #278
This commit is contained in:
Miroslav Stampar
@@ -86,7 +86,7 @@ class Enumeration(GenericEnumeration):
|
||||
|
||||
rootQuery = queries[Backend.getIdentifiedDbms()].tables
|
||||
|
||||
if any(isTechniqueAvailable(_) for _ in (PAYLOAD.TECHNIQUE.UNION, PAYLOAD.TECHNIQUE.ERROR)) or conf.direct:
|
||||
if any(isTechniqueAvailable(_) for _ in (PAYLOAD.TECHNIQUE.UNION, PAYLOAD.TECHNIQUE.ERROR, PAYLOAD.TECHNIQUE.QUERY)) or conf.direct:
|
||||
for db in dbs:
|
||||
if conf.excludeSysDbs and db in self.excludeDbsList:
|
||||
infoMsg = "skipping system database '%s'" % db
|
||||
@@ -196,7 +196,7 @@ class Enumeration(GenericEnumeration):
|
||||
|
||||
continue
|
||||
|
||||
if any(isTechniqueAvailable(_) for _ in (PAYLOAD.TECHNIQUE.UNION, PAYLOAD.TECHNIQUE.ERROR)) or conf.direct:
|
||||
if any(isTechniqueAvailable(_) for _ in (PAYLOAD.TECHNIQUE.UNION, PAYLOAD.TECHNIQUE.ERROR, PAYLOAD.TECHNIQUE.QUERY)) or conf.direct:
|
||||
query = rootQuery.inband.query.replace("%s", db)
|
||||
query += tblQuery
|
||||
values = inject.getValue(query, blind=False, time=False)
|
||||
@@ -317,7 +317,7 @@ class Enumeration(GenericEnumeration):
|
||||
if conf.excludeSysDbs and db in self.excludeDbsList:
|
||||
continue
|
||||
|
||||
if any(isTechniqueAvailable(_) for _ in (PAYLOAD.TECHNIQUE.UNION, PAYLOAD.TECHNIQUE.ERROR)) or conf.direct:
|
||||
if any(isTechniqueAvailable(_) for _ in (PAYLOAD.TECHNIQUE.UNION, PAYLOAD.TECHNIQUE.ERROR, PAYLOAD.TECHNIQUE.QUERY)) or conf.direct:
|
||||
query = rootQuery.inband.query % (db, db, db, db, db, db)
|
||||
query += " AND %s" % colQuery.replace("[DB]", db)
|
||||
query += whereTblsQuery.replace("[DB]", db)
|
||||
|
||||
@@ -41,7 +41,7 @@ class Enumeration(GenericEnumeration):
|
||||
# Set containing the list of DBMS administrators
|
||||
areAdmins = set()
|
||||
|
||||
if any(isTechniqueAvailable(_) for _ in (PAYLOAD.TECHNIQUE.UNION, PAYLOAD.TECHNIQUE.ERROR)) or conf.direct:
|
||||
if any(isTechniqueAvailable(_) for _ in (PAYLOAD.TECHNIQUE.UNION, PAYLOAD.TECHNIQUE.ERROR, PAYLOAD.TECHNIQUE.QUERY)) or conf.direct:
|
||||
if query2:
|
||||
query = rootQuery.inband.query2
|
||||
condition = rootQuery.inband.condition2
|
||||
|
||||
@@ -36,7 +36,7 @@ class Enumeration(GenericEnumeration):
|
||||
randStr = randomStr()
|
||||
query = rootQuery.inband.query
|
||||
|
||||
if any(isTechniqueAvailable(_) for _ in (PAYLOAD.TECHNIQUE.UNION, PAYLOAD.TECHNIQUE.ERROR)) or conf.direct:
|
||||
if any(isTechniqueAvailable(_) for _ in (PAYLOAD.TECHNIQUE.UNION, PAYLOAD.TECHNIQUE.ERROR, PAYLOAD.TECHNIQUE.QUERY)) or conf.direct:
|
||||
blinds = (False, True)
|
||||
else:
|
||||
blinds = (True,)
|
||||
@@ -90,7 +90,7 @@ class Enumeration(GenericEnumeration):
|
||||
randStr = randomStr()
|
||||
query = rootQuery.inband.query
|
||||
|
||||
if any(isTechniqueAvailable(_) for _ in (PAYLOAD.TECHNIQUE.UNION, PAYLOAD.TECHNIQUE.ERROR)) or conf.direct:
|
||||
if any(isTechniqueAvailable(_) for _ in (PAYLOAD.TECHNIQUE.UNION, PAYLOAD.TECHNIQUE.ERROR, PAYLOAD.TECHNIQUE.QUERY)) or conf.direct:
|
||||
blinds = [False, True]
|
||||
else:
|
||||
blinds = [True]
|
||||
@@ -130,7 +130,7 @@ class Enumeration(GenericEnumeration):
|
||||
infoMsg += "%s: %s" % ("s" if len(dbs) > 1 else "", ", ".join(db if isinstance(db, basestring) else db[0] for db in sorted(dbs)))
|
||||
logger.info(infoMsg)
|
||||
|
||||
if any(isTechniqueAvailable(_) for _ in (PAYLOAD.TECHNIQUE.UNION, PAYLOAD.TECHNIQUE.ERROR)) or conf.direct:
|
||||
if any(isTechniqueAvailable(_) for _ in (PAYLOAD.TECHNIQUE.UNION, PAYLOAD.TECHNIQUE.ERROR, PAYLOAD.TECHNIQUE.QUERY)) or conf.direct:
|
||||
blinds = [False, True]
|
||||
else:
|
||||
blinds = [True]
|
||||
@@ -204,7 +204,7 @@ class Enumeration(GenericEnumeration):
|
||||
|
||||
rootQuery = queries[Backend.getIdentifiedDbms()].columns
|
||||
|
||||
if any(isTechniqueAvailable(_) for _ in (PAYLOAD.TECHNIQUE.UNION, PAYLOAD.TECHNIQUE.ERROR)) or conf.direct:
|
||||
if any(isTechniqueAvailable(_) for _ in (PAYLOAD.TECHNIQUE.UNION, PAYLOAD.TECHNIQUE.ERROR, PAYLOAD.TECHNIQUE.QUERY)) or conf.direct:
|
||||
blinds = [False, True]
|
||||
else:
|
||||
blinds = [True]
|
||||
|
||||
@@ -98,7 +98,7 @@ class Databases:
|
||||
|
||||
rootQuery = queries[Backend.getIdentifiedDbms()].dbs
|
||||
|
||||
if any(isTechniqueAvailable(_) for _ in (PAYLOAD.TECHNIQUE.UNION, PAYLOAD.TECHNIQUE.ERROR)) or conf.direct:
|
||||
if any(isTechniqueAvailable(_) for _ in (PAYLOAD.TECHNIQUE.UNION, PAYLOAD.TECHNIQUE.ERROR, PAYLOAD.TECHNIQUE.QUERY)) or conf.direct:
|
||||
if Backend.isDbms(DBMS.MYSQL) and not kb.data.has_information_schema:
|
||||
query = rootQuery.inband.query2
|
||||
else:
|
||||
@@ -138,7 +138,7 @@ class Databases:
|
||||
kb.data.cachedDbs.append(safeSQLIdentificatorNaming(db))
|
||||
|
||||
if not kb.data.cachedDbs and Backend.isDbms(DBMS.MSSQL):
|
||||
if any(isTechniqueAvailable(_) for _ in (PAYLOAD.TECHNIQUE.UNION, PAYLOAD.TECHNIQUE.ERROR)) or conf.direct:
|
||||
if any(isTechniqueAvailable(_) for _ in (PAYLOAD.TECHNIQUE.UNION, PAYLOAD.TECHNIQUE.ERROR, PAYLOAD.TECHNIQUE.QUERY)) or conf.direct:
|
||||
blinds = (False, True)
|
||||
else:
|
||||
blinds = (True,)
|
||||
@@ -249,7 +249,7 @@ class Databases:
|
||||
|
||||
rootQuery = queries[Backend.getIdentifiedDbms()].tables
|
||||
|
||||
if any(isTechniqueAvailable(_) for _ in (PAYLOAD.TECHNIQUE.UNION, PAYLOAD.TECHNIQUE.ERROR)) or conf.direct:
|
||||
if any(isTechniqueAvailable(_) for _ in (PAYLOAD.TECHNIQUE.UNION, PAYLOAD.TECHNIQUE.ERROR, PAYLOAD.TECHNIQUE.QUERY)) or conf.direct:
|
||||
query = rootQuery.inband.query
|
||||
condition = rootQuery.inband.condition if 'condition' in rootQuery.inband else None
|
||||
|
||||
@@ -473,7 +473,7 @@ class Databases:
|
||||
rootQuery = queries[Backend.getIdentifiedDbms()].columns
|
||||
condition = rootQuery.blind.condition if 'condition' in rootQuery.blind else None
|
||||
|
||||
if any(isTechniqueAvailable(_) for _ in (PAYLOAD.TECHNIQUE.UNION, PAYLOAD.TECHNIQUE.ERROR)) or conf.direct:
|
||||
if any(isTechniqueAvailable(_) for _ in (PAYLOAD.TECHNIQUE.UNION, PAYLOAD.TECHNIQUE.ERROR, PAYLOAD.TECHNIQUE.QUERY)) or conf.direct:
|
||||
for tbl in tblList:
|
||||
if conf.db is not None and len(kb.data.cachedColumns) > 0 \
|
||||
and conf.db in kb.data.cachedColumns and tbl in \
|
||||
|
||||
@@ -134,7 +134,7 @@ class Entries:
|
||||
|
||||
entriesCount = 0
|
||||
|
||||
if any([isTechniqueAvailable(PAYLOAD.TECHNIQUE.UNION), isTechniqueAvailable(PAYLOAD.TECHNIQUE.ERROR), conf.direct]):
|
||||
if any(isTechniqueAvailable(_) for _ in (PAYLOAD.TECHNIQUE.UNION, PAYLOAD.TECHNIQUE.ERROR, PAYLOAD.TECHNIQUE.QUERY)) or conf.direct:
|
||||
entries = []
|
||||
query = None
|
||||
|
||||
|
||||
@@ -74,7 +74,7 @@ class Search:
|
||||
dbQuery = "%s%s" % (dbCond, dbCondParam)
|
||||
dbQuery = dbQuery % unsafeSQLIdentificatorNaming(db)
|
||||
|
||||
if any(isTechniqueAvailable(_) for _ in (PAYLOAD.TECHNIQUE.UNION, PAYLOAD.TECHNIQUE.ERROR)) or conf.direct:
|
||||
if any(isTechniqueAvailable(_) for _ in (PAYLOAD.TECHNIQUE.UNION, PAYLOAD.TECHNIQUE.ERROR, PAYLOAD.TECHNIQUE.QUERY)) or conf.direct:
|
||||
if Backend.isDbms(DBMS.MYSQL) and not kb.data.has_information_schema:
|
||||
query = rootQuery.inband.query2
|
||||
else:
|
||||
@@ -186,7 +186,7 @@ class Search:
|
||||
tblQuery = "%s%s" % (tblCond, tblCondParam)
|
||||
tblQuery = tblQuery % tbl
|
||||
|
||||
if any(isTechniqueAvailable(_) for _ in (PAYLOAD.TECHNIQUE.UNION, PAYLOAD.TECHNIQUE.ERROR)) or conf.direct:
|
||||
if any(isTechniqueAvailable(_) for _ in (PAYLOAD.TECHNIQUE.UNION, PAYLOAD.TECHNIQUE.ERROR, PAYLOAD.TECHNIQUE.QUERY)) or conf.direct:
|
||||
query = rootQuery.inband.query
|
||||
query += tblQuery
|
||||
query += whereDbsQuery
|
||||
@@ -370,7 +370,7 @@ class Search:
|
||||
colQuery = "%s%s" % (colCond, colCondParam)
|
||||
colQuery = colQuery % unsafeSQLIdentificatorNaming(column)
|
||||
|
||||
if any(isTechniqueAvailable(_) for _ in (PAYLOAD.TECHNIQUE.UNION, PAYLOAD.TECHNIQUE.ERROR)) or conf.direct:
|
||||
if any(isTechniqueAvailable(_) for _ in (PAYLOAD.TECHNIQUE.UNION, PAYLOAD.TECHNIQUE.ERROR, PAYLOAD.TECHNIQUE.QUERY)) or conf.direct:
|
||||
if not all((conf.db, conf.tbl)):
|
||||
# Enumerate tables containing the column provided if
|
||||
# either of database(s) or table(s) is not provided
|
||||
|
||||
@@ -93,7 +93,7 @@ class Users:
|
||||
condition = (Backend.isDbms(DBMS.MSSQL) and Backend.isVersionWithin(("2005", "2008")))
|
||||
condition |= (Backend.isDbms(DBMS.MYSQL) and not kb.data.has_information_schema)
|
||||
|
||||
if any(isTechniqueAvailable(_) for _ in (PAYLOAD.TECHNIQUE.UNION, PAYLOAD.TECHNIQUE.ERROR)) or conf.direct:
|
||||
if any(isTechniqueAvailable(_) for _ in (PAYLOAD.TECHNIQUE.UNION, PAYLOAD.TECHNIQUE.ERROR, PAYLOAD.TECHNIQUE.QUERY)) or conf.direct:
|
||||
if condition:
|
||||
query = rootQuery.inband.query2
|
||||
else:
|
||||
@@ -167,7 +167,7 @@ class Users:
|
||||
|
||||
users = filter(None, users)
|
||||
|
||||
if any(isTechniqueAvailable(_) for _ in (PAYLOAD.TECHNIQUE.UNION, PAYLOAD.TECHNIQUE.ERROR)) or conf.direct:
|
||||
if any(isTechniqueAvailable(_) for _ in (PAYLOAD.TECHNIQUE.UNION, PAYLOAD.TECHNIQUE.ERROR, PAYLOAD.TECHNIQUE.QUERY)) or conf.direct:
|
||||
if Backend.isDbms(DBMS.MSSQL) and Backend.isVersionWithin(("2005", "2008")):
|
||||
query = rootQuery.inband.query2
|
||||
else:
|
||||
@@ -347,7 +347,7 @@ class Users:
|
||||
# Set containing the list of DBMS administrators
|
||||
areAdmins = set()
|
||||
|
||||
if any(isTechniqueAvailable(_) for _ in (PAYLOAD.TECHNIQUE.UNION, PAYLOAD.TECHNIQUE.ERROR)) or conf.direct:
|
||||
if any(isTechniqueAvailable(_) for _ in (PAYLOAD.TECHNIQUE.UNION, PAYLOAD.TECHNIQUE.ERROR, PAYLOAD.TECHNIQUE.QUERY)) or conf.direct:
|
||||
if Backend.isDbms(DBMS.MYSQL) and not kb.data.has_information_schema:
|
||||
query = rootQuery.inband.query2
|
||||
condition = rootQuery.inband.condition2
|
||||
|
||||
Reference in New Issue
Block a user