@@ -162,7 +162,6 @@ def searchTable(self):
162162 tblList = conf .tbl .split ("," )
163163 rootQuery = queries [Backend .getIdentifiedDbms ()].search_table
164164 tblCond = rootQuery .inband .condition
165- #dbCond = rootQuery.inband.condition2
166165 tblConsider , tblCondParam = self .likeOrExact ("table" )
167166
168167 if conf .db and conf .db != CURRENT_DB :
@@ -260,11 +259,16 @@ def searchColumn(self):
260259 rootQuery = queries [Backend .getIdentifiedDbms ()].search_column
261260 foundCols = {}
262261 dbs = {}
262+ whereTblsQuery = ""
263+ infoMsgTbl = ""
263264 colList = conf .col .split ("," )
265+ origTbl = conf .tbl
266+ origDb = conf .db
264267 colCond = rootQuery .inband .condition
268+ tblCond = rootQuery .inband .condition2
265269 colConsider , colCondParam = self .likeOrExact ("column" )
266270
267- if conf .db is not None :
271+ if conf .db and conf . db != CURRENT_DB :
268272 enumDbs = conf .db .split ("," )
269273 elif not len (kb .data .cachedDbs ):
270274 enumDbs = self .getDbs ()
@@ -277,15 +281,23 @@ def searchColumn(self):
277281
278282 for column in colList :
279283 column = safeSQLIdentificatorNaming (column )
284+ conf .db = origDb
285+ conf .tbl = origTbl
280286
281287 infoMsg = "searching column"
282288 if colConsider == "1" :
283289 infoMsg += "s like"
284290 infoMsg += " '%s'" % unsafeSQLIdentificatorNaming (column )
285- logger .info (infoMsg )
286291
287292 foundCols [column ] = {}
288293
294+ if conf .tbl :
295+ _ = conf .tbl .split ("," )
296+ whereTblsQuery = " AND (" + " OR " .join ("%s = '%s'" % (tblCond , unsafeSQLIdentificatorNaming (tbl )) for tbl in _ ) + ")"
297+ infoMsgTbl = " for table%s '%s'" % ("s" if len (_ ) > 1 else "" , ", " .join (tbl for tbl in _ ))
298+
299+ logger .info ("%s%s" % (infoMsg , infoMsgTbl ))
300+
289301 colQuery = "%s%s" % (colCond , colCondParam )
290302 colQuery = colQuery % unsafeSQLIdentificatorNaming (column )
291303
@@ -301,6 +313,7 @@ def searchColumn(self):
301313 if any (isTechniqueAvailable (_ ) for _ in (PAYLOAD .TECHNIQUE .UNION , PAYLOAD .TECHNIQUE .ERROR )) or conf .direct :
302314 query = rootQuery .inband .query % (db , db , db , db , db , db )
303315 query += " AND %s" % colQuery .replace ("[DB]" , db )
316+ query += whereTblsQuery .replace ("[DB]" , db )
304317 values = inject .getValue (query , blind = False )
305318
306319 if not isNoneValue (values ):
@@ -388,4 +401,5 @@ def searchColumn(self):
388401
389402 foundCols [column ][db ].append (tbl )
390403
404+ conf .dumper .dbColumns (foundCols , colConsider , dbs )
391405 self .dumpFoundColumn (dbs , foundCols , colConsider )
0 commit comments