PenTest/sqlmap
1
0
Fork 0
mirror of https://github.com/sqlmapproject/sqlmap.git synced 2025-12-06 12:41:30 +00:00
Code Issues Projects Releases Wiki Activity

blind dumping of tables in sqlite implemented

Browse Source
This commit is contained in:
Miroslav Stampar
2010-12-11 22:13:19 +00:00
parent b1babeefe5
commit c93634b6c7
7 changed files with 20 additions and 12 deletions
Download Patch File Download Diff File Expand all files Collapse all files

5
lib/techniques/brute/use.py
View File

@@ -20,6 +20,7 @@ from lib.core.data import conf
from lib.core.data import kb
from lib.core.data import logger
from lib.core.exception import sqlmapMissingMandatoryOptionException
from lib.core.settings import METADB_SUFFIX
from lib.request import inject
def tableExists(tableFile):
@@ -34,7 +35,7 @@ def tableExists(tableFile):
length = len(tables)
for table in tables:
if conf.db and '(*)' not in conf.db:
if conf.db and not conf.db.endswith(METADB_SUFFIX):
table = "%s.%s" % (conf.db, table)
result = inject.checkBooleanExpression("%s" % safeStringFormat("EXISTS(SELECT %d FROM %s)", (randomInt(1), table)), expectingNone=True)
@@ -70,7 +71,7 @@ def columnExists(columnFile):
raise sqlmapMissingMandatoryOptionException, errMsg
columns = getFileItems(columnFile)
if conf.db and '(*)' not in conf.db:
if conf.db and not conf.db.endswith(METADB_SUFFIX):
table = "%s.%s" % (conf.db, conf.tbl)
else:
table = conf.tbl