Thanks to visit codestin.com
Credit goes to github.com

Skip to content

Commit 9fad72f

Browse files
stamparmstamparm
committed
Adding support for MsAccess usage of parsed FROM table names (e.g. in case of ColdFusion)
1 parent 1782bf8 commit 9fad72f

4 files changed

Lines changed: 13 additions & 1 deletion

File tree

lib/core/agent.py

Lines changed: 2 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -721,6 +721,8 @@ def forgeUnionQuery(self, query, position, count, comment, prefix, suffix, char,
721721

722722
if conf.uFrom:
723723
fromTable = " FROM %s" % conf.uFrom
724+
elif kb.tableFrom:
725+
fromTable = " FROM %s" % kb.tableFrom
724726
else:
725727
fromTable = fromTable or FROM_DUMMY_TABLE.get(Backend.getIdentifiedDbms(), "")
726728

lib/core/option.py

Lines changed: 1 addition & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -1930,6 +1930,7 @@ def _setKnowledgeBaseAttributes(flushAll=True):
19301930
kb.storeCrawlingChoice = None
19311931
kb.storeHashesChoice = None
19321932
kb.suppressResumeInfo = False
1933+
kb.tableFrom = None
19331934
kb.technique = None
19341935
kb.tempDir = None
19351936
kb.testMode = False

lib/core/settings.py

Lines changed: 4 additions & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -19,7 +19,7 @@
1919
from lib.core.revision import getRevisionNumber
2020

2121
# sqlmap version (<major>.<minor>.<month>.<monthly commit>)
22-
VERSION = "1.0.5.120"
22+
VERSION = "1.0.5.121"
2323
REVISION = getRevisionNumber()
2424
STABLE = VERSION.count('.') <= 2
2525
VERSION_STRING = "sqlmap/%s#%s" % (VERSION, "stable" if STABLE else "dev")
@@ -69,6 +69,9 @@
6969
CHAR_INFERENCE_MARK = "%c"
7070
PRINTABLE_CHAR_REGEX = r"[^\x00-\x1f\x7f-\xff]"
7171

72+
# Regular expression used for extraction of table names (useful for (e.g.) MsAccess)
73+
SELECT_FROM_TABLE_REGEX = r"\bSELECT .+? FROM (?P<result>[\w.]+)\b"
74+
7275
# Regular expression used for recognition of textual content-type
7376
TEXT_CONTENT_TYPE_REGEX = r"(?i)(text|form|message|xml|javascript|ecmascript|json)"
7477

lib/request/basic.py

Lines changed: 6 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -13,6 +13,7 @@
1313
import struct
1414
import zlib
1515

16+
from lib.core.common import Backend
1617
from lib.core.common import extractErrorMessage
1718
from lib.core.common import extractRegexResult
1819
from lib.core.common import getPublicTypeMembers
@@ -25,6 +26,7 @@
2526
from lib.core.data import conf
2627
from lib.core.data import kb
2728
from lib.core.data import logger
29+
from lib.core.enums import DBMS
2830
from lib.core.enums import HTTP_HEADER
2931
from lib.core.enums import PLACE
3032
from lib.core.exception import SqlmapCompressionException
@@ -34,6 +36,7 @@
3436
from lib.core.settings import MAX_CONNECTION_TOTAL_SIZE
3537
from lib.core.settings import META_CHARSET_REGEX
3638
from lib.core.settings import PARSE_HEADERS_LIMIT
39+
from lib.core.settings import SELECT_FROM_TABLE_REGEX
3740
from lib.core.settings import UNICODE_ENCODING
3841
from lib.core.settings import VIEWSTATE_REGEX
3942
from lib.parse.headers import headersParser
@@ -331,6 +334,9 @@ def processResponse(page, responseHeaders):
331334

332335
parseResponse(page, responseHeaders if kb.processResponseCounter < PARSE_HEADERS_LIMIT else None)
333336

337+
if not kb.tableFrom and Backend.getIdentifiedDbms() in (DBMS.ACCESS,):
338+
kb.tableFrom = extractRegexResult(SELECT_FROM_TABLE_REGEX, page)
339+
334340
if conf.parseErrors:
335341
msg = extractErrorMessage(page)
336342

0 commit comments

Comments
 (0)