PenTest/sqlmap
1
0
Fork 0
mirror of https://github.com/sqlmapproject/sqlmap.git synced 2025-12-07 13:11:29 +00:00
Code Issues Projects Releases Wiki Activity

Implementation for an Issue #2891

Browse Source
This commit is contained in:
Miroslav Stampar
2018-02-13 15:53:50 +01:00
parent 365fa5a52a
commit e2cc9569e5
12 changed files with 74 additions and 38 deletions
Download Patch File Download Diff File Expand all files Collapse all files

4
plugins/dbms/maxdb/enumeration.py
View File

@@ -120,8 +120,8 @@ class Enumeration(GenericEnumeration):
else:
colList = []
if conf.excludeCol:
colList = [_ for _ in colList if _ not in conf.excludeCol.split(',')]
if conf.exclude:
colList = [_ for _ in colList if _ not in conf.exclude.split(',')]
for col in colList:
colList[colList.index(col)] = safeSQLIdentificatorNaming(col)

29
plugins/dbms/mssqlserver/enumeration.py
View File

@@ -14,6 +14,7 @@ from lib.core.common import isNumPosStrValue
from lib.core.common import isTechniqueAvailable
from lib.core.common import safeSQLIdentificatorNaming
from lib.core.common import safeStringFormat
from lib.core.common import singleTimeLogMessage
from lib.core.common import unArrayizeValue
from lib.core.common import unsafeSQLIdentificatorNaming
from lib.core.data import conf
@@ -94,8 +95,12 @@ class Enumeration(GenericEnumeration):
for db in dbs:
if conf.excludeSysDbs and db in self.excludeDbsList:
infoMsg = "skipping system database '%s'" % db
logger.info(infoMsg)
singleTimeLogMessage(infoMsg)
continue
if conf.exclude and db in conf.exclude.split(','):
infoMsg = "skipping database '%s'" % db
singleTimeLogMessage(infoMsg)
continue
for query in (rootQuery.inband.query, rootQuery.inband.query2, rootQuery.inband.query3):
@@ -113,8 +118,12 @@ class Enumeration(GenericEnumeration):
for db in dbs:
if conf.excludeSysDbs and db in self.excludeDbsList:
infoMsg = "skipping system database '%s'" % db
logger.info(infoMsg)
singleTimeLogMessage(infoMsg)
continue
if conf.exclude and db in conf.exclude.split(','):
infoMsg = "skipping database '%s'" % db
singleTimeLogMessage(infoMsg)
continue
infoMsg = "fetching number of tables for "
@@ -199,8 +208,12 @@ class Enumeration(GenericEnumeration):
if conf.excludeSysDbs and db in self.excludeDbsList:
infoMsg = "skipping system database '%s'" % db
logger.info(infoMsg)
singleTimeLogMessage(infoMsg)
continue
if conf.exclude and db in conf.exclude.split(','):
infoMsg = "skipping database '%s'" % db
singleTimeLogMessage(infoMsg)
continue
if any(isTechniqueAvailable(_) for _ in (PAYLOAD.TECHNIQUE.UNION, PAYLOAD.TECHNIQUE.ERROR, PAYLOAD.TECHNIQUE.QUERY)) or conf.direct:
@@ -271,8 +284,8 @@ class Enumeration(GenericEnumeration):
infoMsgDb = ""
colList = conf.col.split(',')
if conf.excludeCol:
colList = [_ for _ in colList if _ not in conf.excludeCol.split(',')]
if conf.exclude:
colList = [_ for _ in colList if _ not in conf.exclude.split(',')]
origTbl = conf.tbl
origDb = conf.db
@@ -318,8 +331,7 @@ class Enumeration(GenericEnumeration):
_ = conf.db.split(',')
infoMsgDb = " in database%s '%s'" % ("s" if len(_) > 1 else "", ", ".join(db for db in _))
elif conf.excludeSysDbs:
msg = "skipping system database%s '%s'" % ("s" if len(self.excludeDbsList) > 1 else "", ", ".join(db for db in self.excludeDbsList))
logger.info(msg)
infoMsgDb = " not in system database%s '%s'" % ("s" if len(self.excludeDbsList) > 1 else "", ", ".join(db for db in self.excludeDbsList))
else:
infoMsgDb = " across all databases"
@@ -334,6 +346,9 @@ class Enumeration(GenericEnumeration):
if conf.excludeSysDbs and db in self.excludeDbsList:
continue
if conf.exclude and db in conf.exclude.split(','):
continue
if any(isTechniqueAvailable(_) for _ in (PAYLOAD.TECHNIQUE.UNION, PAYLOAD.TECHNIQUE.ERROR, PAYLOAD.TECHNIQUE.QUERY)) or conf.direct:
query = rootQuery.inband.query % (db, db, db, db, db, db)
query += " AND %s" % colQuery.replace("[DB]", db)

4
plugins/dbms/sybase/enumeration.py
View File

@@ -188,8 +188,8 @@ class Enumeration(GenericEnumeration):
else:
colList = []
if conf.excludeCol:
colList = [_ for _ in colList if _ not in conf.excludeCol.split(',')]
if conf.exclude:
colList = [_ for _ in colList if _ not in conf.exclude.split(',')]
for col in colList:
colList[colList.index(col)] = safeSQLIdentificatorNaming(col)

9
plugins/generic/databases.py
View File

@@ -23,6 +23,7 @@ from lib.core.common import pushValue
from lib.core.common import randomStr
from lib.core.common import readInput
from lib.core.common import safeSQLIdentificatorNaming
from lib.core.common import singleTimeLogMessage
from lib.core.common import singleTimeWarnMessage
from lib.core.common import unArrayizeValue
from lib.core.common import unsafeSQLIdentificatorNaming
@@ -298,7 +299,11 @@ class Databases:
if conf.excludeSysDbs and db in self.excludeDbsList:
infoMsg = "skipping system database '%s'" % unsafeSQLIdentificatorNaming(db)
logger.info(infoMsg)
continue
if conf.exclude and db in conf.exclude.split(','):
infoMsg = "skipping database '%s'" % unsafeSQLIdentificatorNaming(db)
singleTimeLogMessage(infoMsg)
continue
infoMsg = "fetching number of tables for "
@@ -410,8 +415,8 @@ class Databases:
else:
colList = []
if conf.excludeCol:
colList = [_ for _ in colList if _ not in conf.excludeCol.split(',')]
if conf.exclude:
colList = [_ for _ in colList if _ not in conf.exclude.split(',')]
for col in colList:
colList[colList.index(col)] = safeSQLIdentificatorNaming(col)

26
plugins/generic/entries.py
View File

@@ -22,6 +22,7 @@ from lib.core.common import isTechniqueAvailable
from lib.core.common import prioritySortColumns
from lib.core.common import readInput
from lib.core.common import safeSQLIdentificatorNaming
from lib.core.common import singleTimeLogMessage
from lib.core.common import unArrayizeValue
from lib.core.common import unsafeSQLIdentificatorNaming
from lib.core.data import conf
@@ -68,11 +69,16 @@ class Entries:
if Backend.getIdentifiedDbms() in (DBMS.ORACLE, DBMS.DB2, DBMS.HSQLDB):
conf.db = conf.db.upper()
if ',' in conf.db:
if ',' in conf.db:
errMsg = "only one database name is allowed when enumerating "
errMsg += "the tables' columns"
raise SqlmapMissingMandatoryOptionException(errMsg)
if conf.exclude and conf.db in conf.exclude.split(','):
infoMsg = "skipping database '%s'" % unsafeSQLIdentificatorNaming(conf.db)
singleTimeLogMessage(infoMsg)
return
conf.db = safeSQLIdentificatorNaming(conf.db)
if conf.tbl:
@@ -99,6 +105,11 @@ class Entries:
tblList[tblList.index(tbl)] = safeSQLIdentificatorNaming(tbl, True)
for tbl in tblList:
if conf.exclude and tbl in conf.exclude.split(','):
infoMsg = "skipping table '%s'" % unsafeSQLIdentificatorNaming(tbl)
singleTimeLogMessage(infoMsg)
continue
conf.tbl = tbl
kb.data.dumpedTable = {}
@@ -129,8 +140,8 @@ class Entries:
columns = kb.data.cachedColumns[safeSQLIdentificatorNaming(conf.db)][safeSQLIdentificatorNaming(tbl, True)]
colList = sorted(filter(None, columns.keys()))
if conf.excludeCol:
colList = [_ for _ in colList if _ not in conf.excludeCol.split(',')]
if conf.exclude:
colList = [_ for _ in colList if _ not in conf.exclude.split(',')]
if not colList:
warnMsg = "skipping table '%s'" % unsafeSQLIdentificatorNaming(tbl)
@@ -465,6 +476,11 @@ class Entries:
conf.db = db
for table in tables:
if conf.exclude and table in conf.exclude.split(','):
infoMsg = "skipping table '%s'" % unsafeSQLIdentificatorNaming(table)
logger.info(infoMsg)
continue
try:
conf.tbl = table
kb.data.cachedColumns = {}
@@ -530,8 +546,8 @@ class Entries:
conf.tbl = table
colList = filter(None, sorted(columns))
if conf.excludeCol:
colList = [_ for _ in colList if _ not in conf.excludeCol.split(',')]
if conf.exclude:
colList = [_ for _ in colList if _ not in conf.exclude.split(',')]
conf.col = ','.join(colList)
kb.data.cachedColumns = {}

4
plugins/generic/search.py
View File

@@ -371,8 +371,8 @@ class Search:
infoMsgDb = ""
colList = conf.col.split(',')
if conf.excludeCol:
colList = [_ for _ in colList if _ not in conf.excludeCol.split(',')]
if conf.exclude:
colList = [_ for _ in colList if _ not in conf.exclude.split(',')]
origTbl = conf.tbl
origDb = conf.db