PenTest/sqlmap
1
0
Fork 0
mirror of https://github.com/sqlmapproject/sqlmap.git synced 2025-12-06 20:51:31 +00:00
Code Issues Projects Releases Wiki Activity

Implementing option '--where' (Issue #605)

Browse Source
This commit is contained in:
Miroslav Stampar
2014-02-11 16:20:45 +01:00
parent be6767b3b0
commit d05bfdd7dd
5 changed files with 33 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

7
plugins/generic/entries.py
View File

@@ -42,6 +42,7 @@ from lib.core.settings import NULL
from lib.request import inject
from lib.utils.hash import attackDumpedTable
from lib.utils.pivotdumptable import pivotDumpTable
from lib.utils.pivotdumptable import whereQuery
class Entries:
"""
@@ -175,6 +176,8 @@ class Entries:
else:
query = rootQuery.inband.query % (colString, conf.db, tbl)
query = whereQuery(query)
if not entries and query:
entries = inject.getValue(query, blind=False, time=False, dump=True)
@@ -226,6 +229,8 @@ class Entries:
else:
query = rootQuery.blind.count % (conf.db, tbl)
query = whereQuery(query)
count = inject.getValue(query, union=False, error=False, expected=EXPECTED.INT, charsetType=CHARSET_TYPE.DIGITS)
lengths = {}
@@ -300,6 +305,8 @@ class Entries:
elif Backend.isDbms(DBMS.FIREBIRD):
query = rootQuery.blind.query % (index, agent.preprocessField(tbl, column), tbl)
query = whereQuery(query)
value = NULL if column in emptyColumns else inject.getValue(query, union=False, error=False, dump=True)
value = '' if value is None else value