PenTest/sqlmap
1
0
Fork 0
mirror of https://github.com/sqlmapproject/sqlmap.git synced 2025-12-06 12:41:30 +00:00
Code Issues Projects Releases Wiki Activity

Fixed store and resume of brute-forced tables/columns for MSSQL/Sybase

Browse Source
This commit is contained in:
Bernardo Damele
2011-02-10 11:14:05 +00:00
parent aa0fb276ba
commit 864eade744
3 changed files with 12 additions and 9 deletions
Download Patch File Download Diff File Expand all files Collapse all files

11
lib/core/session.py
View File

@@ -20,6 +20,7 @@ from lib.core.data import conf
from lib.core.data import kb
from lib.core.data import logger
from lib.core.datatype import injectionDict
from lib.core.enums import DBMS
from lib.core.enums import PAYLOAD
from lib.core.enums import PLACE
from lib.core.settings import METADB_SUFFIX
@@ -237,9 +238,10 @@ def resumeConfKb(expression, url, value):
elif expression == "TABLE_EXISTS" and url == conf.url:
table = unSafeFormatString(value[:-1])
split = '..' if Backend.getIdentifiedDbms() in (DBMS.MSSQL, DBMS.SYBASE) else '.'
if '.' in table:
db, table = table.split('.')
if split in table:
db, table = table.split(split)
else:
db = "%s%s" % (Backend.getIdentifiedDbms(), METADB_SUFFIX)
@@ -252,9 +254,10 @@ def resumeConfKb(expression, url, value):
elif expression == "COLUMN_EXISTS" and url == conf.url:
table, column = unSafeFormatString(value[:-1]).split('|')
colName, colType = column.split(' ')
split = '..' if Backend.getIdentifiedDbms() in (DBMS.MSSQL, DBMS.SYBASE) else '.'
if '.' in table:
db, table = table.split('.')
if split in table:
db, table = table.split(split)
else:
db = "%s%s" % (Backend.getIdentifiedDbms(), METADB_SUFFIX)