Thanks to visit codestin.com
Credit goes to github.com

Skip to content

Commit 28ef61b

Browse files
bdamelebdamele
committed
Use getPageTextWordsSet() also in --common-columns
1 parent 6b2f44d commit 28ef61b

1 file changed

Lines changed: 17 additions & 11 deletions

File tree

lib/techniques/brute/use.py

Lines changed: 17 additions & 11 deletions
Original file line numberDiff line numberDiff line change
@@ -36,11 +36,8 @@
3636
from lib.core.threads import runThreads
3737
from lib.request import inject
3838

39-
def tableExists(tableFile, regex=None):
40-
tables = getFileItems(tableFile, lowercase=Backend.getIdentifiedDbms() in (DBMS.ACCESS), unique=True)
41-
42-
infoMsg = "checking table existence using items from '%s'" % tableFile
43-
logger.info(infoMsg)
39+
def __addPageTextWords():
40+
wordsList = []
4441

4542
infoMsg = "adding words used on web page to the check list"
4643
logger.info(infoMsg)
@@ -49,9 +46,18 @@ def tableExists(tableFile, regex=None):
4946
for word in pageWords:
5047
word = word.lower()
5148

52-
if len(word) > 2 and not word[0].isdigit() and word not in tables:
53-
tables.append(word)
49+
if len(word) > 2 and not word[0].isdigit() and word not in wordsList:
50+
wordsList.append(word)
5451

52+
return wordsList
53+
54+
def tableExists(tableFile, regex=None):
55+
tables = getFileItems(tableFile, lowercase=Backend.getIdentifiedDbms() in (DBMS.ACCESS), unique=True)
56+
57+
infoMsg = "checking table existence using items from '%s'" % tableFile
58+
logger.info(infoMsg)
59+
60+
tables.extend(__addPageTextWords())
5561
tables = filterListValue(tables, regex)
5662

5763
threadData = getCurrentThreadData()
@@ -84,7 +90,6 @@ def tableExistsThread():
8490

8591
if result and table.lower() not in threadData.shared.unique:
8692
threadData.shared.outputs.append(table)
87-
8893
threadData.shared.unique.add(table.lower())
8994

9095
dataToSessionFile("[%s][%s][%s][TABLE_EXISTS][%s]\n" % (conf.url,\
@@ -130,7 +135,11 @@ def columnExists(columnFile, regex=None):
130135
errMsg = "missing table parameter"
131136
raise sqlmapMissingMandatoryOptionException, errMsg
132137

138+
infoMsg = "checking column existence using items from '%s'" % columnFile
139+
logger.info(infoMsg)
140+
133141
columns = getFileItems(columnFile, unique=True)
142+
columns.extend(__addPageTextWords())
134143
columns = filterListValue(columns, regex)
135144

136145
if conf.db and METADB_SUFFIX not in conf.db:
@@ -139,9 +148,6 @@ def columnExists(columnFile, regex=None):
139148
table = conf.tbl
140149
table = safeSQLIdentificatorNaming(table, True)
141150

142-
infoMsg = "checking column existence using items from '%s'" % columnFile
143-
logger.info(infoMsg)
144-
145151
kb.threadContinue = True
146152
kb.bruteMode = True
147153

0 commit comments

Comments
 (0)