Thanks to visit codestin.com
Credit goes to github.com

Skip to content

Commit b433341

Browse files
stamparmstamparm
committed
update regarding brute forcing
1 parent a7fa8d4 commit b433341

4 files changed

Lines changed: 9 additions & 2116 deletions

File tree

lib/core/dump.py

Lines changed: 2 additions & 2 deletions
Original file line numberDiff line numberDiff line change
@@ -148,7 +148,7 @@ def dbTables(self, dbTables):
148148

149149
dbTables.sort(key=lambda x: x.lower())
150150

151-
self.__write("Brute-forced table names:")
151+
self.__write("Database: %s" % conf.db)
152152

153153
if len(dbTables) == 1:
154154
self.__write("[1 table]")
@@ -209,7 +209,7 @@ def dbTableColumns(self, tableColumns):
209209

210210
tableColumns.sort(key=lambda x: x.lower())
211211

212-
self.__write("Brute-forced column names for table '%s':" % conf.tbl)
212+
self.__write("Database: %s\nTable: %s" % (conf.db if conf.db else 'All', conf.tbl))
213213

214214
if len(tableColumns) == 1:
215215
self.__write("[1 column]")

lib/techniques/brute/use.py

Lines changed: 7 additions & 6 deletions
Original file line numberDiff line numberDiff line change
@@ -23,9 +23,9 @@
2323
from lib.request.connect import Connect as Request
2424

2525
def tableExists(tableFile):
26-
tables = getFileItems(tableFile, None)
26+
tables = getFileItems(tableFile)
2727
retVal = []
28-
infoMsg = "checking tables existence using items from '%s'" % tableFile
28+
infoMsg = "checking table existence using items from '%s'" % tableFile
2929
logger.info(infoMsg)
3030

3131
pushValue(conf.verbose)
@@ -34,7 +34,7 @@ def tableExists(tableFile):
3434
length = len(tables)
3535

3636
for table in tables:
37-
query = agent.prefixQuery("%s" % safeStringFormat("AND EXISTS(SELECT %d FROM %s)", (randomInt(1), table)))
37+
query = agent.prefixQuery("%s" % safeStringFormat("AND EXISTS(SELECT %d FROM %s)", (randomInt(1), table if not conf.db else "%s.%s" % (conf.db, table))))
3838
query = agent.postfixQuery(query)
3939
result = Request.queryPage(agent.payload(newValue=query))
4040

@@ -63,9 +63,10 @@ def columnExists(columnFile):
6363
errMsg = "missing table parameter"
6464
raise sqlmapMissingMandatoryOptionException, errMsg
6565

66-
columns = getFileItems(columnFile, None)
66+
columns = getFileItems(columnFile)
67+
table = conf.tbl if not conf.db else ("%s.%s" % (conf.db, conf.tbl))
6768
retVal = []
68-
infoMsg = "checking column existence for table '%s' using items from '%s'" % (conf.tbl, columnFile)
69+
infoMsg = "checking column existence using items from '%s'" % columnFile
6970
logger.info(infoMsg)
7071

7172
pushValue(conf.verbose)
@@ -74,7 +75,7 @@ def columnExists(columnFile):
7475
length = len(columns)
7576

7677
for column in columns:
77-
query = agent.prefixQuery("%s" % safeStringFormat("AND EXISTS(SELECT %s FROM %s)", (column, conf.tbl)))
78+
query = agent.prefixQuery("%s" % safeStringFormat("AND EXISTS(SELECT %s FROM %s)", (column, table)))
7879
query = agent.postfixQuery(query)
7980
result = Request.queryPage(agent.payload(newValue=query))
8081

txt/common-columns.txt

Lines changed: 0 additions & 333 deletions
Original file line numberDiff line numberDiff line change
@@ -10,336 +10,3 @@ owner
1010
table_name
1111
type
1212
type_id
13-
Name
14-
term_id
15-
column_name
16-
tablespace_name
17-
address
18-
object_id
19-
user_name
20-
version
21-
description
22-
person_id
23-
parent
24-
uid
25-
userid
26-
item_id
27-
category_id
28-
cid
29-
dbid
30-
password
31-
customer_id
32-
pid
33-
pixSize
34-
customer_name
35-
object_name
36-
ProductID
37-
privilege
38-
aid
39-
GroupID
40-
segment_name
41-
tid
42-
event_id
43-
pno
44-
title
45-
cat_id
46-
granted_role
47-
log_id
48-
imageinfo_id
49-
md5sum
50-
The
51-
branch_name
52-
author_id
53-
userInfo_id
54-
index_name
55-
imageInfo_id
56-
vendor_id
57-
group_id
58-
attributeCategory_id
59-
sid
60-
cname
61-
EmployeeID
62-
Version
63-
CustomerID
64-
constraint_name
65-
alias
66-
idThumb
67-
fname
68-
email_id
69-
gid
70-
text_id
71-
areaCode
72-
permission_id
73-
nextval
74-
data
75-
menu_id
76-
request_id
77-
city
78-
comment_id
79-
role_id
80-
USER_ID
81-
message_id
82-
aID
83-
session_id
84-
status_id
85-
account_number
86-
token
87-
pname
88-
idGallery
89-
country_id
90-
database
91-
FieldName
92-
language_id
93-
idKeyword
94-
TRIGGER_NAME
95-
book_id
96-
object_type
97-
zip
98-
USERNAME
99-
card_no
100-
JOB_NAME
101-
instance_name
102-
location_id
103-
uri
104-
OBJECT_NAME
105-
email
106-
key
107-
version_id
108-
payment_id
109-
assets
110-
Host
111-
cmd
112-
second
113-
Deleted
114-
dno
115-
acl_id
116-
auth_id
117-
ConditionValue1
118-
table_id
119-
ps_suppkey
120-
tax_id
121-
db_name
122-
Control
123-
segment_type
124-
next_extent
125-
categoryid
126-
post_id
127-
set_id
128-
idFacture
129-
SourceTypeOrReferenceId
130-
db_link
131-
LastName
132-
sessionID
133-
base_id
134-
ElseGroup
135-
column_value
136-
itemID
137-
reference
138-
JobID
139-
s_suppkey
140-
COLUMN_NAME
141-
guid
142-
type_name
143-
spid
144-
child
145-
NAME
146-
runalone_flag
147-
default_role
148-
profile_id
149-
cond_2_val_2
150-
cond_2_val_1
151-
indirect
152-
cno
153-
statements
154-
segment
155-
tag_id
156-
idType
157-
score_id
158-
idCommande
159-
item
160-
Accounts
161-
customer_forname
162-
TableName
163-
lang_name
164-
lootcondition
165-
customer_phone'
166-
ROLE_ID
167-
c_sec_id
168-
CourseNo
169-
Numbers
170-
ext_id
171-
product
172-
Average
173-
idVol
174-
serviceID
175-
to_run_application_id
176-
emp_id
177-
U_ID
178-
page_nr
179-
member_id
180-
row_id
181-
first
182-
ono
183-
categoryId
184-
Location
185-
region_id
186-
SCR_ID
187-
idList
188-
loc_id
189-
itemid
190-
TO_CHAR
191-
Test
192-
condition_value1
193-
define
194-
ssn
195-
owner_id
196-
Loan
197-
c_custkey
198-
credit_id
199-
weight_id
200-
address_id
201-
course_id
202-
idPath
203-
program_application_id
204-
queue_control_flag
205-
ordno
206-
ref_value
207-
calendar_id
208-
Classic
209-
user_type_link_id
210-
DNAME
211-
SourceEntry
212-
staff_id
213-
pnumber
214-
dnumber
215-
USA
216-
page_log_exclusion_id
217-
An
218-
publisher_name
219-
TRIGGER_GROUP
220-
ps_partkey
221-
project_id
222-
FacNo
223-
productid
224-
Guid
225-
ref_id
226-
what
227-
fk_id
228-
publisher
229-
end_date
230-
company
231-
day_id
232-
news_id
233-
cond_1_val_1
234-
postedByUserId
235-
CHANNEL_ID
236-
admin_option
237-
trigger_name
238-
weight_name
239-
APP_ID
240-
paper
241-
job_id
242-
CUR_ID
243-
operationID
244-
value_id
245-
entryId
246-
statement
247-
l_orderkey
248-
StdNo
249-
ALERT_ID
250-
topic_id
251-
FacFirstName
252-
authority_id
253-
node_id
254-
essn
255-
master_table
256-
idFournisseur
257-
run_num
258-
s_id
259-
targetEntry
260-
cond_3_val_2
261-
UserID
262-
eID
263-
pdf_page_number
264-
OfferNo
265-
employee_id
266-
lang_id
267-
species_id
268-
entry
269-
dnum
270-
source
271-
UG_ID
272-
CT_ID
273-
sql_text
274-
snap_id
275-
CategoryID
276-
external_id
277-
running_processes
278-
CustomerName
279-
User
280-
InvoiceID
281-
line
282-
condition_value2
283-
osvdb_id
284-
CustID
285-
master_db
286-
CF_ID
287-
dname
288-
ssno
289-
cond_3
290-
cond_2
291-
cond_1
292-
branch_id
293-
host
294-
ReturnCode
295-
agentID
296-
p_partkey
297-
TOP
298-
entry_id
299-
f_id
300-
profile
301-
SERVER_ID
302-
badge_number
303-
banner
304-
StdFirstName
305-
GROUP_ID
306-
day
307-
ROWNUM
308-
master_field
309-
Redo
310-
instance
311-
url
312-
ConditionTypeOrReference
313-
JOB_GROUP
314-
ConditionValue3
315-
ConditionValue2
316-
datarow
317-
version_name
318-
orderid
319-
job
320-
UserName
321-
Number
322-
value
323-
SourceGroup
324-
loan_number
325-
resource_id
326-
rule_id
327-
base_name
328-
customerName
329-
eno
330-
cond_3_val_1
331-
C_ID
332-
Tablespaces
333-
cond_1_val_2
334-
OperationID
335-
order_id
336-
SEQUENCE_ID
337-
COM_NAME
338-
corr_id
339-
cart_id
340-
cID
341-
ticket_id
342-
transcript_id
343-
FIF_ID
344-
book
345-
vendor_name

0 commit comments

Comments
 (0)