[sqlmap-users] Major improvements to --tables and --columns
Brought to you by:
inquisb
Menu
▾
▴
[sqlmap-users] Major improvements to --tables and --columns
|
From: Bernardo D. A. G. <ber...@gm...> - 2011-04-30 23:58:48
|
Hi,
During the last two days we have worked extensively on these three
switches as well as needed adjustments to the brand new --schema
switch (thanks David for suggesting it!) and --dbs.
The outcome is:
* Redesign of the plugins' methods that deal with these switches.
* Homogeneous code and behaviour across the different DBMS.
* More user-friendly logging messages.
* Standardized new functionalities.
The new functionalities consists in:
* --tables now properly accept either no -D or a list of comma
separated databases (e.g. --tables -D testdb1,testdb2) and
--exclude-sysdbs is considered always.
* --columns:
* You can provide no extra parameters (as in -D, -T, -C) leading
to a call to --schema to enumerate the full DBMS schema (read, all
databases' tables' columns).
* You can provide -D only (one database name is allowed) and no
extra parameters (as in -T, -C) leading to an enumeration of all
tables' columns for the provided database.
* You can provide -T only (comma separated tables are allowed)
leading to retrieval of current database and subsequent enumeration of
all columns for the provided table(s) on the current database.
* You can provide -D (one database name is allowed) and -T (comma
separated tables are allowed) leading to retrieval of all columns of
the provided table(s) on the provided database.
* You can provide -C only (comma separated columns are allowed)
leading to retrieval of current database, enumeration of all tables in
the current database and subsequent enumeration of all the columns
"LIKE" the one(s) provided within the current database's tables.
* You can provide -C (comma separated columns are allowed) and -T
(comma separated tables are allowed) leading to retrieval of current
database and subsequent enumeration of all the columns "LIKE" the
one(s) provided within the provided tables in the current database.
* You can provide -C (comma separated columns are allowed) and -D
(one database name is allowed) leading to enumeration of all tables in
the provided database and subsequent enumeration of all the columns
"LIKE" the one(s) provided within all tables in the provided database.
* You can provide -D, -T and -C to be very specify in which
database's table(s) column(s) you want to enumerate.
In all cases, --exclude-sysdbs is supported (of course, when -T is not
provided) and the relevant datatype for the enumerated columns is
shown also.
I tested throughly these new implementation and it seems to work
pretty well on my test environment, however I would be very grateful
if you report any bug or unexpected behaviour, as usual.
Thank you,
Bernardo
--
Bernardo Damele A. G.
E-mail / Jabber: bernardo.damele (at) gmail.com
Mobile: +447788962949 (UK 07788962949)
PGP Key ID: 0x05F5A30F
|
