Re: [sqlmap-users] App outputs only column #0
Brought to you by:
inquisb
Menu
▾
▴
Re: [sqlmap-users] App outputs only column #0
|
From: Bernardo D. A. G. <ber...@gm...> - 2010-10-25 23:39:32
|
Fixed and committed.
Thanks for reporting.
Bernardo
On Tue, Oct 19, 2010 at 13:53, Anton Mogilin <aza...@ya...> wrote:
>> Can you please provide us with your patch against the root of the svn working copy? 'svn diff . > union.patch will work.
> Hi, of course, here it is:
>
> (though I don't know if this is a proper solution. There were
> "if isinstance(kb.unionPosition, int):" checks in
> lib/techniques/inband/union/test.py)
>
> Index: plugins/dbms/oracle/enumeration.py
> ===================================================================
> --- plugins/dbms/oracle/enumeration.py (revision 2074)
> +++ plugins/dbms/oracle/enumeration.py (working copy)
> @@ -36,7 +36,7 @@
> # Set containing the list of DBMS administrators
> areAdmins = set()
>
> - if kb.unionPosition or conf.direct:
> + if kb.unionPosition != None or conf.direct:
> if query2:
> query = rootQuery["inband"]["query2"]
> condition = rootQuery["inband"]["condition2"]
> @@ -196,7 +196,7 @@
> colQuery = colQuery % column
>
> for db in dbs.keys():
> - if kb.unionPosition or conf.direct:
> + if kb.unionPosition != None or conf.direct:
> query = rootQuery["inband"]["query"]
> query += colQuery
> values = inject.getValue(query, blind=False)
> Index: plugins/dbms/mssqlserver/filesystem.py
> ===================================================================
> --- plugins/dbms/mssqlserver/filesystem.py (revision 2074)
> +++ plugins/dbms/mssqlserver/filesystem.py (working copy)
> @@ -92,7 +92,7 @@
> binToHexQuery = urlencode(binToHexQuery, convall=True)
> inject.goStacked(binToHexQuery)
>
> - if kb.unionPosition:
> + if kb.unionPosition != None:
> result = inject.getValue("SELECT %s FROM %s ORDER BY id ASC" % (self.tblField, hexTbl), sort=False, resumeValue=False, blind=False)
>
> if not result:
> Index: plugins/dbms/mssqlserver/enumeration.py
> ===================================================================
> --- plugins/dbms/mssqlserver/enumeration.py (revision 2074)
> +++ plugins/dbms/mssqlserver/enumeration.py (working copy)
> @@ -48,7 +48,7 @@
> else:
> dbs = [conf.db]
>
> - if kb.unionPosition or conf.direct:
> + if kb.unionPosition != None or conf.direct:
> for db in dbs:
> if conf.excludeSysDbs and db in self.excludeDbsList:
> infoMsg = "skipping system database '%s'" % db
> @@ -138,7 +138,7 @@
>
> continue
>
> - if kb.unionPosition or conf.direct:
> + if kb.unionPosition != None or conf.direct:
> query = rootQuery["inband"]["query"] % db
> query += tblQuery
> values = inject.getValue(query, blind=False)
> @@ -223,7 +223,7 @@
>
> continue
>
> - if kb.unionPosition or conf.direct:
> + if kb.unionPosition != None or conf.direct:
> query = rootQuery["inband"]["query"] % (db, db, db, db, db)
> query += " AND %s" % colQuery.replace("[DB]", db)
> values = inject.getValue(query, blind=False)
> Index: plugins/generic/enumeration.py
> ===================================================================
> --- plugins/generic/enumeration.py (revision 2082)
> +++ plugins/generic/enumeration.py (working copy)
> @@ -138,7 +138,7 @@
> condition = ( kb.dbms == "Microsoft SQL Server" and kb.dbmsVersion[0] in ( "2005", "2008" ) )
> condition |= ( kb.dbms == "MySQL" and not kb.data.has_information_schema )
>
> - if kb.unionPosition or conf.direct:
> + if kb.unionPosition != None or conf.direct:
> if condition:
> query = rootQuery["inband"]["query2"]
> else:
> @@ -195,7 +195,7 @@
>
> logger.info(infoMsg)
>
> - if kb.unionPosition or conf.direct:
> + if kb.unionPosition != None or conf.direct:
> if kb.dbms == "Microsoft SQL Server" and kb.dbmsVersion[0] in ( "2005", "2008" ):
> query = rootQuery["inband"]["query2"]
> else:
> @@ -392,7 +392,7 @@
> "E": "EXECUTE"
> }
>
> - if kb.unionPosition or conf.direct:
> + if kb.unionPosition != None or conf.direct:
> if kb.dbms == "MySQL" and not kb.data.has_information_schema:
> query = rootQuery["inband"]["query2"]
> condition = rootQuery["inband"]["condition2"]
> @@ -638,7 +638,7 @@
>
> rootQuery = queries[kb.dbms].dbs
>
> - if kb.unionPosition or conf.direct:
> + if kb.unionPosition != None or conf.direct:
> if kb.dbms == "MySQL" and not kb.data.has_information_schema:
> query = rootQuery["inband"]["query2"]
> else:
> @@ -705,7 +705,7 @@
>
> rootQuery = queries[kb.dbms].tables
>
> - if kb.unionPosition or conf.direct:
> + if kb.unionPosition != None or conf.direct:
> query = rootQuery["inband"]["query"]
> condition = rootQuery["inband"]["condition"]
>
> @@ -901,7 +901,7 @@
> infoMsg += "on database '%s'" % conf.db
> logger.info(infoMsg)
>
> - if kb.unionPosition or conf.direct:
> + if kb.unionPosition != None or conf.direct:
> if kb.dbms in ( "MySQL", "PostgreSQL" ):
> query = rootQuery["inband"]["query"] % (conf.tbl, conf.db)
> query += condQuery
> @@ -1080,7 +1080,7 @@
>
> entriesCount = 0
>
> - if kb.unionPosition or conf.direct:
> + if kb.unionPosition != None or conf.direct:
> if kb.dbms == "Oracle":
> query = rootQuery["inband"]["query"] % (colString, conf.tbl.upper())
> elif kb.dbms == "SQLite":
> @@ -1338,7 +1338,7 @@
> dbQuery = "%s%s" % (dbCond, dbCondParam)
> dbQuery = dbQuery % db
>
> - if kb.unionPosition or conf.direct:
> + if kb.unionPosition != None or conf.direct:
> if kb.dbms == "MySQL" and not kb.data.has_information_schema:
> query = rootQuery["inband"]["query2"]
> else:
> @@ -1426,7 +1426,7 @@
> tblQuery = "%s%s" % (tblCond, tblCondParam)
> tblQuery = tblQuery % tbl
>
> - if kb.unionPosition or conf.direct:
> + if kb.unionPosition != None or conf.direct:
> query = rootQuery["inband"]["query"]
> query += tblQuery
> query += exclDbsQuery
> @@ -1547,7 +1547,7 @@
> colQuery = "%s%s" % (colCond, colCondParam)
> colQuery = colQuery % column
>
> - if kb.unionPosition or conf.direct:
> + if kb.unionPosition != None or conf.direct:
> query = rootQuery["inband"]["query"]
> query += colQuery
> query += exclDbsQuery
> Index: lib/controller/action.py
> ===================================================================
> --- lib/controller/action.py (revision 2074)
> +++ lib/controller/action.py (working copy)
> @@ -60,7 +60,7 @@
> if conf.timeTest:
> conf.dumper.technic("time based blind sql injection payload", timeTest())
>
> - if ( conf.unionUse or conf.unionTest ) and not kb.unionPosition:
> + if ( conf.unionUse or conf.unionTest ) and kb.unionPosition == None:
> conf.dumper.technic("valid union", unionTest())
>
> # Enumeration options
> Index: lib/core/agent.py
> ===================================================================
> --- lib/core/agent.py (revision 2074)
> +++ lib/core/agent.py (working copy)
> @@ -452,7 +452,7 @@
> query = query[len("TOP %s " % topNum):]
> inbandQuery += "TOP %s " % topNum
>
> - if not exprPosition:
> + if exprPosition == None:
> exprPosition = kb.unionPosition
>
> intoRegExp = re.search("(\s+INTO (DUMP|OUT)FILE\s+\'(.+?)\')", query, re.I)
> Index: lib/core/session.py
> ===================================================================
> --- lib/core/session.py (revision 2074)
> +++ lib/core/session.py (working copy)
> @@ -223,7 +223,7 @@
> kb.unionComment = comment
> kb.unionCount = count
>
> - if position:
> + if position != None:
> condition = (
> not kb.resumedQueries or ( kb.resumedQueries.has_key(conf.url) and
> ( not kb.resumedQueries[conf.url].has_key("Union position")
> Index: lib/request/inject.py
> ===================================================================
> --- lib/request/inject.py (revision 2074)
> +++ lib/request/inject.py (working copy)
> @@ -347,7 +347,7 @@
>
> expression = expression.replace("DISTINCT ", "")
>
> - if inband and kb.unionPosition:
> + if inband and kb.unionPosition != None:
> value = __goInband(expression, expected, sort, resumeValue, unpack, dump)
>
> if not value:
>
>
>
>
--
Bernardo Damele A. G.
E-mail / Jabber: bernardo.damele (at) gmail.com
Mobile: +447788962949 (UK 07788962949)
PGP Key ID: 0x05F5A30F
|
