Thanks to visit codestin.com
Credit goes to github.com

Skip to content

Commit 97c0685

Browse files
stamparmstamparm
committed
Minor fixes
1 parent 0e7f771 commit 97c0685

4 files changed

Lines changed: 13 additions & 13 deletions

File tree

lib/core/dump.py

Lines changed: 2 additions & 2 deletions
Original file line numberDiff line numberDiff line change
@@ -579,9 +579,9 @@ def dbColumns(self, dbColumnsDict, colConsider, dbs):
579579

580580
for column in dbColumnsDict.keys():
581581
if colConsider == "1":
582-
colConsiderStr = "s like '" + column + "' were"
582+
colConsiderStr = "s like '%s' were" % unsafeSQLIdentificatorNaming(column)
583583
else:
584-
colConsiderStr = " '%s' was" % column
584+
colConsiderStr = " '%s' was" % unsafeSQLIdentificatorNaming(column)
585585

586586
msg = "Column%s found in the " % colConsiderStr
587587
msg += "following databases:"

plugins/generic/databases.py

Lines changed: 5 additions & 5 deletions
Original file line numberDiff line numberDiff line change
@@ -247,7 +247,7 @@ def getTables(self, bruteForce=None):
247247
return tableExists(paths.COMMON_TABLES)
248248

249249
infoMsg = "fetching tables for database"
250-
infoMsg += "%s: '%s'" % ("s" if len(dbs) > 1 else "", ", ".join(db if isinstance(db, basestring) else db[0] for db in sorted(dbs)))
250+
infoMsg += "%s: '%s'" % ("s" if len(dbs) > 1 else "", ", ".join(unsafeSQLIdentificatorNaming(unArrayizeValue(db)) for db in sorted(dbs)))
251251
logger.info(infoMsg)
252252

253253
rootQuery = queries[Backend.getIdentifiedDbms()].tables
@@ -261,7 +261,7 @@ def getTables(self, bruteForce=None):
261261
query += " WHERE %s" % condition
262262

263263
if conf.excludeSysDbs:
264-
infoMsg = "skipping system database%s '%s'" % ("s" if len(self.excludeDbsList) > 1 else "", ", ".join(db for db in self.excludeDbsList))
264+
infoMsg = "skipping system database%s '%s'" % ("s" if len(self.excludeDbsList) > 1 else "", ", ".join(unsafeSQLIdentificatorNaming(db) for db in self.excludeDbsList))
265265
logger.info(infoMsg)
266266
query += " IN (%s)" % ",".join("'%s'" % unsafeSQLIdentificatorNaming(db) for db in sorted(dbs) if db not in self.excludeDbsList)
267267
else:
@@ -290,7 +290,7 @@ def getTables(self, bruteForce=None):
290290
if not kb.data.cachedTables and isInferenceAvailable() and not conf.direct:
291291
for db in dbs:
292292
if conf.excludeSysDbs and db in self.excludeDbsList:
293-
infoMsg = "skipping system database '%s'" % db
293+
infoMsg = "skipping system database '%s'" % unsafeSQLIdentificatorNaming(db)
294294
logger.info(infoMsg)
295295

296296
continue
@@ -569,7 +569,7 @@ def getColumns(self, onlyColNames=False, colTuple=None, bruteForce=None):
569569
and conf.db in kb.data.cachedColumns and tbl in \
570570
kb.data.cachedColumns[conf.db]:
571571
infoMsg = "fetched tables' columns on "
572-
infoMsg += "database '%s'" % conf.db
572+
infoMsg += "database '%s'" % unsafeSQLIdentificatorNaming(conf.db)
573573
logger.info(infoMsg)
574574

575575
return {conf.db: kb.data.cachedColumns[conf.db]}
@@ -692,7 +692,7 @@ def getColumns(self, onlyColNames=False, colTuple=None, bruteForce=None):
692692

693693
if not kb.data.cachedColumns:
694694
warnMsg = "unable to retrieve column names for "
695-
warnMsg += ("table '%s' " % tblList[0]) if len(tblList) == 1 else "any table "
695+
warnMsg += ("table '%s' " % unsafeSQLIdentificatorNaming(unArrayizeValue(tblList))) if len(tblList) == 1 else "any table "
696696
warnMsg += "in database '%s'" % unsafeSQLIdentificatorNaming(conf.db)
697697
logger.warn(warnMsg)
698698

plugins/generic/entries.py

Lines changed: 5 additions & 5 deletions
Original file line numberDiff line numberDiff line change
@@ -363,7 +363,7 @@ def dumpAll(self):
363363

364364
self.dumpTable()
365365
except SqlmapNoneDataException:
366-
infoMsg = "skipping table '%s'" % table
366+
infoMsg = "skipping table '%s'" % unsafeSQLIdentificatorNaming(table)
367367
logger.info(infoMsg)
368368

369369
def dumpFoundColumn(self, dbs, foundCols, colConsider):
@@ -378,7 +378,7 @@ def dumpFoundColumn(self, dbs, foundCols, colConsider):
378378

379379
for db, tblData in dbs.items():
380380
if tblData:
381-
message += "[%s]\n" % db
381+
message += "[%s]\n" % unsafeSQLIdentificatorNaming(db)
382382

383383
message += "[q]uit"
384384
test = readInput(message, default="a")
@@ -441,7 +441,7 @@ def dumpFoundTables(self, tables):
441441

442442
for db, tablesList in tables.items():
443443
if tablesList:
444-
message += "[%s]\n" % db
444+
message += "[%s]\n" % unsafeSQLIdentificatorNaming(db)
445445

446446
message += "[q]uit"
447447
test = readInput(message, default="a")
@@ -459,11 +459,11 @@ def dumpFoundTables(self, tables):
459459

460460
conf.db = db
461461
dumpFromTbls = []
462-
message = "which table(s) of database '%s'?\n" % db
462+
message = "which table(s) of database '%s'?\n" % unsafeSQLIdentificatorNaming(db)
463463
message += "[a]ll (default)\n"
464464

465465
for tbl in tablesList:
466-
message += "[%s]\n" % tbl
466+
message += "[%s]\n" % unsafeSQLIdentificatorNaming(tbl)
467467

468468
message += "[s]kip\n"
469469
message += "[q]uit"

plugins/generic/search.py

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -519,7 +519,7 @@ def searchColumn(self):
519519
logger.info(infoMsg)
520520

521521
query = rootQuery.blind.count2
522-
query = query % db
522+
query = query % unsafeSQLIdentificatorNaming(db)
523523
query += " AND %s" % colQuery
524524
query += whereTblsQuery
525525

0 commit comments

Comments
 (0)