Thanks to visit codestin.com
Credit goes to github.com

Skip to content

Commit b6ccc0c

Browse files
stamparmstamparm
committed
minor update
1 parent 597d554 commit b6ccc0c

2 files changed

Lines changed: 7 additions & 7 deletions

File tree

plugins/generic/enumeration.py

Lines changed: 3 additions & 3 deletions
Original file line numberDiff line numberDiff line change
@@ -1615,12 +1615,12 @@ def dumpTable(self, foundData=None):
16151615
entries = zip(*[entries[colName] for colName in colList])
16161616
else:
16171617
query = rootQuery.inband.query % (colString, conf.db, tbl)
1618+
elif Backend.getIdentifiedDbms() in (DBMS.MYSQL, DBMS.PGSQL):
1619+
query = rootQuery.inband.query % (colString, conf.db, tbl, sorted(colList, key=len)[0])
16181620
else:
16191621
query = rootQuery.inband.query % (colString, conf.db, tbl)
16201622

16211623
if not entries and query:
1622-
if Backend.getIdentifiedDbms() in (DBMS.MYSQL, DBMS.PGSQL):
1623-
query = "%s ORDER BY %s" % (query, sorted(colList, key=len)[0])
16241624
entries = inject.getValue(query, blind=False, dump=True)
16251625

16261626
if isNoneValue(entries):
@@ -1730,7 +1730,7 @@ def dumpTable(self, foundData=None):
17301730
entries[column] = BigArray()
17311731

17321732
if Backend.getIdentifiedDbms() in ( DBMS.MYSQL, DBMS.PGSQL ):
1733-
query = rootQuery.blind.query % (column, conf.db, conf.tbl, index)
1733+
query = rootQuery.blind.query % (column, conf.db, conf.tbl, sorted(colList, key=len)[0], index)
17341734
elif Backend.getIdentifiedDbms() in (DBMS.ORACLE, DBMS.DB2):
17351735
query = rootQuery.blind.query % (column, column,
17361736
tbl.upper() if not conf.db else ("%s.%s" % (conf.db.upper(), tbl.upper())),

xml/queries.xml

Lines changed: 4 additions & 4 deletions
Original file line numberDiff line numberDiff line change
@@ -56,8 +56,8 @@
5656
<blind query="SELECT column_name FROM information_schema.COLUMNS WHERE table_name='%s' AND table_schema='%s'" query2="SELECT column_type FROM information_schema.COLUMNS WHERE table_name='%s' AND column_name='%s' AND table_schema='%s'" count="SELECT COUNT(column_name) FROM information_schema.COLUMNS WHERE table_name='%s' AND table_schema='%s'" condition="column_name"/>
5757
</columns>
5858
<dump_table>
59-
<inband query="SELECT %s FROM %s.%s"/>
60-
<blind query="SELECT %s FROM %s.%s LIMIT %d,1" count="SELECT COUNT(*) FROM %s.%s"/>
59+
<inband query="SELECT %s FROM %s.%s ORDER BY %s"/>
60+
<blind query="SELECT %s FROM %s.%s ORDER BY %s LIMIT %d,1" count="SELECT COUNT(*) FROM %s.%s"/>
6161
</dump_table>
6262
<search_db>
6363
<inband query="SELECT schema_name FROM information_schema.SCHEMATA WHERE " query2="SELECT db FROM mysql.db WHERE " condition="schema_name" condition2="db"/>
@@ -128,8 +128,8 @@
128128
<blind query="SELECT attname FROM pg_namespace,pg_type,pg_attribute b JOIN pg_class a ON a.oid=b.attrelid WHERE a.relnamespace=pg_namespace.oid AND pg_type.oid=b.atttypid AND attnum>0 AND a.relname='%s' AND nspname='%s'" query2="SELECT typname FROM pg_namespace,pg_type,pg_attribute b JOIN pg_class a ON a.oid=b.attrelid WHERE a.relname='%s' AND a.relnamespace=pg_namespace.oid AND pg_type.oid=b.atttypid AND attnum>0 AND attname='%s' AND nspname='%s'" count="SELECT COUNT(attname) FROM pg_namespace,pg_type,pg_attribute b JOIN pg_class a ON a.oid=b.attrelid WHERE a.relnamespace=pg_namespace.oid AND pg_type.oid=b.atttypid AND attnum>0 AND a.relname='%s' AND nspname='%s'" condition="attname"/>
129129
</columns>
130130
<dump_table>
131-
<inband query="SELECT %s FROM %s.%s"/>
132-
<blind query="SELECT %s FROM %s.%s OFFSET %d LIMIT 1" count="SELECT COUNT(*) FROM %s.%s"/>
131+
<inband query="SELECT %s FROM %s.%s ORDER BY %s"/>
132+
<blind query="SELECT %s FROM %s.%s ORDER BY %s OFFSET %d LIMIT 1" count="SELECT COUNT(*) FROM %s.%s"/>
133133
</dump_table>
134134
<search_db>
135135
<inband query="SELECT datname FROM pg_database WHERE " query2="" condition="datname" condition2=""/>

0 commit comments

Comments
 (0)