PenTest/sqlmap
1
0
Fork 0
mirror of https://github.com/sqlmapproject/sqlmap.git synced 2026-01-08 15:49:01 +00:00
Code Issues Projects Releases Wiki Activity

update regarding brute forcing

Browse Source
This commit is contained in:
Miroslav Stampar
2010-11-09 16:53:33 +00:00
parent a7fa8d4975
commit b43334165d
4 changed files with 9 additions and 2116 deletions
Download Patch File Download Diff File Expand all files Collapse all files

4
lib/core/dump.py
View File

@@ -148,7 +148,7 @@ class Dump:
dbTables.sort(key=lambda x: x.lower())
self.__write("Brute-forced table names:")
self.__write("Database: %s" % conf.db)
if len(dbTables) == 1:
self.__write("[1 table]")
@@ -209,7 +209,7 @@ class Dump:
tableColumns.sort(key=lambda x: x.lower())
self.__write("Brute-forced column names for table '%s':" % conf.tbl)
self.__write("Database: %s\nTable: %s" % (conf.db if conf.db else 'All', conf.tbl))
if len(tableColumns) == 1:
self.__write("[1 column]")

13
lib/techniques/brute/use.py
View File

@@ -23,9 +23,9 @@ from lib.core.exception import sqlmapMissingMandatoryOptionException
from lib.request.connect import Connect as Request
def tableExists(tableFile):
tables = getFileItems(tableFile, None)
tables = getFileItems(tableFile)
retVal = []
infoMsg = "checking tables existence using items from '%s'" % tableFile
infoMsg = "checking table existence using items from '%s'" % tableFile
logger.info(infoMsg)
pushValue(conf.verbose)
@@ -34,7 +34,7 @@ def tableExists(tableFile):
length = len(tables)
for table in tables:
query = agent.prefixQuery("%s" % safeStringFormat("AND EXISTS(SELECT %d FROM %s)", (randomInt(1), table)))
query = agent.prefixQuery("%s" % safeStringFormat("AND EXISTS(SELECT %d FROM %s)", (randomInt(1), table if not conf.db else "%s.%s" % (conf.db, table))))
query = agent.postfixQuery(query)
result = Request.queryPage(agent.payload(newValue=query))
@@ -63,9 +63,10 @@ def columnExists(columnFile):
errMsg = "missing table parameter"
raise sqlmapMissingMandatoryOptionException, errMsg
columns = getFileItems(columnFile, None)
columns = getFileItems(columnFile)
table = conf.tbl if not conf.db else ("%s.%s" % (conf.db, conf.tbl))
retVal = []
infoMsg = "checking column existence for table '%s' using items from '%s'" % (conf.tbl, columnFile)
infoMsg = "checking column existence using items from '%s'" % columnFile
logger.info(infoMsg)
pushValue(conf.verbose)
@@ -74,7 +75,7 @@ def columnExists(columnFile):
length = len(columns)
for column in columns:
query = agent.prefixQuery("%s" % safeStringFormat("AND EXISTS(SELECT %s FROM %s)", (column, conf.tbl)))
query = agent.prefixQuery("%s" % safeStringFormat("AND EXISTS(SELECT %s FROM %s)", (column, table)))
query = agent.postfixQuery(query)
result = Request.queryPage(agent.payload(newValue=query))