PenTest/sqlmap
1
0
Fork 0
mirror of https://github.com/sqlmapproject/sqlmap.git synced 2025-12-29 02:49:01 +00:00
Code Issues Projects Releases Wiki Activity

changes regarding EXISTS feature

Browse Source
This commit is contained in:
Miroslav Stampar
2010-09-30 12:35:45 +00:00
parent 51beafc32c
commit cf8e92699c
6 changed files with 120 additions and 21 deletions
Download Patch File Download Diff File Expand all files Collapse all files

7
lib/controller/action.py
View File

@@ -27,6 +27,7 @@ from lib.core.common import getHtmlErrorFp
from lib.core.common import dataToStdout
from lib.core.data import conf
from lib.core.data import kb
from lib.core.data import paths
from lib.core.exception import sqlmapUnsupportedDBMSException
from lib.core.settings import SUPPORTED_DBMS
from lib.techniques.blind.timebased import timeTest
@@ -111,6 +112,12 @@ def action():
if conf.getTables:
conf.dumper.dbTables(conf.dbmsHandler.getTables())
if conf.cExists:
conf.dumper.dbTables(conf.dbmsHandler.tableExists(paths.COMMON_TABLES))
if conf.tableFile:
conf.dumper.dbTables(conf.dbmsHandler.tableExists(conf.tableFile))
if conf.getColumns:
conf.dumper.dbTableColumns(conf.dbmsHandler.getColumns())

32
lib/core/common.py
View File

@@ -411,8 +411,8 @@ def filePathToString(filePath):
return strRepl
def dataToStdout(data):
if conf.verbose > 0:
def dataToStdout(data, forceOutput=False):
if conf.verbose > 0 or forceOutput:
try:
sys.stdout.write(data)
sys.stdout.flush()
@@ -657,6 +657,8 @@ def setPaths():
# sqlmap files
paths.SQLMAP_HISTORY = os.path.join(paths.SQLMAP_ROOT_PATH, ".sqlmap_history")
paths.SQLMAP_CONFIG = os.path.join(paths.SQLMAP_ROOT_PATH, "sqlmap-%s.conf" % randomStr())
paths.COMMON_OUTPUTS = os.path.join(paths.SQLMAP_TXT_PATH, 'common-outputs.txt')
paths.COMMON_TABLES = os.path.join(paths.SQLMAP_TXT_PATH, "common-tables.txt")
paths.FUZZ_VECTORS = os.path.join(paths.SQLMAP_TXT_PATH, "fuzz_vectors.txt")
paths.DETECTION_RULES_XML = os.path.join(paths.SQLMAP_XML_PATH, "detection.xml")
paths.ERRORS_XML = os.path.join(paths.SQLMAP_XML_PATH, "errors.xml")
@@ -1233,8 +1235,7 @@ def initCommonOutputs():
kb.commonOutputs = {}
key = None
fileName = os.path.join(paths.SQLMAP_TXT_PATH, 'common-outputs.txt')
cfile = codecs.open(fileName, 'r', conf.dataEncoding)
cfile = codecs.open(paths.COMMON_OUTPUTS, 'r', conf.dataEncoding)
for line in cfile.readlines(): # xreadlines doesn't return unicode strings when codec.open() is used
if line.find('#') != -1:
@@ -1254,6 +1255,21 @@ def initCommonOutputs():
cfile.close()
def getFileItems(filename):
retVal = []
checkFile(filename)
file = codecs.open(filename, 'r', conf.dataEncoding)
for line in file.readlines(): # xreadlines doesn't return unicode strings when codec.open() is used
if line.find('#') != -1:
line = line[:line.find('#')]
line = line.strip()
if line:
retVal.append(line)
return retVal
def goGoodSamaritan(prevValue, originalCharset):
"""
Function for retrieving parameters needed for common prediction (good
@@ -1411,4 +1427,10 @@ def replaceSpaces(query):
if query:
return query if conf.space is None else query.replace(' ', conf.space)
else:
return query
return query
def pushValue(value):
kb.valueStack.append(value)
def popValue():
return kb.valueStack.pop()

53
lib/core/dump.py
View File

@@ -157,37 +157,58 @@ class Dump:
self.lister("available databases", dbs)
def dbTables(self, dbTables):
if not isinstance(dbTables, dict):
self.string("tables", dbTables)
if isinstance(dbTables, list):
maxlength = 0
return
maxlength = 0
for tables in dbTables.values():
for table in tables:
for table in dbTables:
maxlength = max(maxlength, len(table))
lines = "-" * (int(maxlength) + 2)
lines = "-" * (int(maxlength) + 2)
for db, tables in dbTables.items():
tables.sort(key=lambda x: x.lower())
dbTables.sort(key=lambda x: x.lower())
self.__write("Database: %s" % db)
if len(tables) == 1:
if len(dbTables) == 1:
self.__write("[1 table]")
else:
self.__write("[%d tables]" % len(tables))
self.__write("[%d tables]" % len(dbTables))
self.__write("+%s+" % lines)
for table in tables:
for table in dbTables:
blank = " " * (maxlength - len(table))
self.__write("| %s%s |" % (table, blank))
self.__write("+%s+\n" % lines)
elif isinstance(dbTables, dict):
maxlength = 0
for tables in dbTables.values():
for table in tables:
maxlength = max(maxlength, len(table))
lines = "-" * (int(maxlength) + 2)
for db, tables in dbTables.items():
tables.sort(key=lambda x: x.lower())
self.__write("Database: %s" % db)
if len(tables) == 1:
self.__write("[1 table]")
else:
self.__write("[%d tables]" % len(tables))
self.__write("+%s+" % lines)
for table in tables:
blank = " " * (maxlength - len(table))
self.__write("| %s%s |" % (table, blank))
self.__write("+%s+\n" % lines)
else:
self.string("tables", dbTables)
def dbTableColumns(self, tableColumns):
for db, tables in tableColumns.items():
if not db:

1
lib/core/option.py
View File

@@ -1031,6 +1031,7 @@ def __setKnowledgeBaseAttributes():
kb.unionPosition = None
kb.unionNegative = False
kb.unionFalseCond = False
kb.valueStack = []
def __saveCmdline():
"""

6
lib/parse/cmdline.py
View File

@@ -332,6 +332,12 @@ def cmdLineParser():
action="store_true", default=False,
help="Prompt for an interactive SQL shell")
enumeration.add_option("--common-exists", dest="cExists", action="store_true",
default=False, help="Check existence of common tables")
enumeration.add_option("--exists", dest="tableFile",
help="Check existence of user specified tables")
# User-defined function options
udf = OptionGroup(parser, "User-defined function injection", "These "
"options can be used to create custom user-defined "