Thanks to visit codestin.com
Credit goes to github.com

Skip to content

Commit 54fbb22

Browse files
stamparmstamparm
committed
Minor refactoring
1 parent c2058df commit 54fbb22

4 files changed

Lines changed: 13 additions & 10 deletions

File tree

lib/takeover/udf.py

Lines changed: 2 additions & 7 deletions
Original file line numberDiff line numberDiff line change
@@ -21,6 +21,7 @@
2121
from lib.core.enums import EXPECTED
2222
from lib.core.enums import OS
2323
from lib.core.enums import PAYLOAD
24+
from lib.core.common import unArrayizeValue
2425
from lib.core.exception import sqlmapFilePathException
2526
from lib.core.exception import sqlmapMissingMandatoryOptionException
2627
from lib.core.exception import sqlmapUnsupportedFeatureException
@@ -106,15 +107,9 @@ def udfEvalCmd(self, cmd, first=None, last=None, udfName=None):
106107
cmd = unescaper.unescape(self.udfForgeCmd(cmd))
107108

108109
inject.goStacked("INSERT INTO %s(%s) VALUES (%s(%s))" % (self.cmdTblName, self.tblField, udfName, cmd))
109-
output = inject.getValue("SELECT %s FROM %s" % (self.tblField, self.cmdTblName), resumeValue=False, firstChar=first, lastChar=last, safeCharEncode=False)
110+
output = unArrayizeValue(inject.getValue("SELECT %s FROM %s" % (self.tblField, self.cmdTblName), resumeValue=False, firstChar=first, lastChar=last, safeCharEncode=False))
110111
inject.goStacked("DELETE FROM %s" % self.cmdTblName)
111112

112-
if output and isinstance(output, (list, tuple)):
113-
output = output[0]
114-
115-
if output and isinstance(output, (list, tuple)):
116-
output = output[0]
117-
118113
return output
119114

120115
def udfCheckNeeded(self):

plugins/generic/entries.py

Lines changed: 1 addition & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -210,6 +210,7 @@ def dumpTable(self, foundData=None):
210210
query = rootQuery.blind.count % tbl
211211
else:
212212
query = rootQuery.blind.count % (conf.db, tbl)
213+
213214
count = inject.getValue(query, inband=False, error=False, expected=EXPECTED.INT, charsetType=CHARSET_TYPE.DIGITS)
214215

215216
lengths = {}

plugins/generic/search.py

Lines changed: 5 additions & 2 deletions
Original file line numberDiff line numberDiff line change
@@ -6,6 +6,7 @@
66
"""
77

88
from lib.core.agent import agent
9+
from lib.core.common import arrayizeValue
910
from lib.core.common import Backend
1011
from lib.core.common import filterPairValues
1112
from lib.core.common import getLimitRange
@@ -83,8 +84,7 @@ def searchDb(self):
8384
values = inject.getValue(query, blind=False)
8485

8586
if not isNoneValue(values):
86-
if isinstance(values, basestring):
87-
values = [values]
87+
values = arrayizeValue(values)
8888

8989
for value in values:
9090
value = safeSQLIdentificatorNaming(value)
@@ -100,6 +100,7 @@ def searchDb(self):
100100
query = rootQuery.blind.count2
101101
else:
102102
query = rootQuery.blind.count
103+
103104
query += dbQuery
104105
query += exclDbsQuery
105106
count = inject.getValue(query, inband=False, error=False, expected=EXPECTED.INT, charsetType=CHARSET_TYPE.DIGITS)
@@ -232,6 +233,7 @@ def searchTable(self):
232233
if Backend.isDbms(DBMS.DB2):
233234
query += ") AS foobar"
234235
query = agent.limitQuery(index, query)
236+
235237
foundDb = inject.getValue(query, inband=False, error=False)
236238
foundDb = safeSQLIdentificatorNaming(foundDb)
237239

@@ -275,6 +277,7 @@ def searchTable(self):
275277
query = query % unsafeSQLIdentificatorNaming(db)
276278
query += " AND %s" % tblQuery
277279
query = agent.limitQuery(index, query)
280+
278281
foundTbl = inject.getValue(query, inband=False, error=False)
279282
kb.hintValue = foundTbl
280283
foundTbl = safeSQLIdentificatorNaming(foundTbl, True)

plugins/generic/users.py

Lines changed: 5 additions & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -97,7 +97,7 @@ def getUsers(self):
9797
query = rootQuery.inband.query2
9898
else:
9999
query = rootQuery.inband.query
100-
value = inject.getValue(query, blind=False)
100+
value = unArrayizeValue(inject.getValue(query, blind=False))
101101

102102
if not isNoneValue(value):
103103
kb.data.cachedUsers = arrayizeValue(value)
@@ -110,6 +110,7 @@ def getUsers(self):
110110
query = rootQuery.blind.count2
111111
else:
112112
query = rootQuery.blind.count
113+
113114
count = inject.getValue(query, inband=False, error=False, expected=EXPECTED.INT, charsetType=CHARSET_TYPE.DIGITS)
114115

115116
if not isNumPosStrValue(count):
@@ -250,6 +251,7 @@ def getPasswordHashes(self):
250251
query = rootQuery.blind.count2 % user
251252
else:
252253
query = rootQuery.blind.count % user
254+
253255
count = inject.getValue(query, inband=False, error=False, expected=EXPECTED.INT, charsetType=CHARSET_TYPE.DIGITS)
254256

255257
if not isNumPosStrValue(count):
@@ -274,6 +276,7 @@ def getPasswordHashes(self):
274276
query = rootQuery.blind.query % (user, index, user)
275277
else:
276278
query = rootQuery.blind.query % (user, index)
279+
277280
password = inject.getValue(query, inband=False, error=False)
278281
password = parsePasswordHash(password)
279282
passwords.append(password)
@@ -463,6 +466,7 @@ def getPrivileges(self, query2=False):
463466
query = rootQuery.blind.count2 % user
464467
else:
465468
query = rootQuery.blind.count % user
469+
466470
count = inject.getValue(query, inband=False, error=False, expected=EXPECTED.INT, charsetType=CHARSET_TYPE.DIGITS)
467471

468472
if not isNumPosStrValue(count):

0 commit comments

Comments
 (0)