Thanks to visit codestin.com
Credit goes to github.com

Skip to content

Commit c4040ab

Browse files
stamparmstamparm
committed
fix for Feature #136 
1 parent e810fe7 commit c4040ab

3 files changed

Lines changed: 12 additions & 14 deletions

File tree

plugins/dbms/sqlite/enumeration.py

Lines changed: 0 additions & 10 deletions
Original file line numberDiff line numberDiff line change
@@ -68,16 +68,6 @@ def getDbs(self):
6868

6969
return []
7070

71-
def getColumns(self, onlyColNames=False):
72-
errMsg = "on SQLite it is not possible to enumerate database "
73-
errMsg += "table columns"
74-
75-
if conf.dumpTable or conf.dumpAll:
76-
errMsg += ", provide them with -C option"
77-
raise sqlmapUnsupportedFeatureException, errMsg
78-
79-
logger.warn(errMsg)
80-
8171
def dumpAll(self):
8272
errMsg = "on SQLite you must specify the table and columns to dump"
8373
raise sqlmapUnsupportedFeatureException, errMsg

plugins/generic/enumeration.py

Lines changed: 9 additions & 3 deletions
Original file line numberDiff line numberDiff line change
@@ -871,15 +871,21 @@ def getColumns(self, onlyColNames=False):
871871
conf.db, conf.db,
872872
conf.db, conf.tbl)
873873
query += condQuery.replace("[DB]", conf.db)
874+
elif kb.dbms == "SQLite":
875+
query = rootQuery["inband"]["query"] % conf.tbl
874876

875877
value = inject.getValue(query, blind=False)
876878

877879
if value:
878880
table = {}
879881
columns = {}
880-
881-
for column, colType in value:
882-
columns[column] = colType
882+
883+
if kb.dbms == "SQLite":
884+
for match in re.finditer(r"(\w+) ([A-Z]+)[,\r\n]", value):
885+
columns[match.group(1)] = match.group(2)
886+
else:
887+
for column, colType in value:
888+
columns[column] = colType
883889

884890
table[conf.tbl] = columns
885891
kb.data.cachedColumns[conf.db] = table

xml/queries.xml

Lines changed: 3 additions & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -320,7 +320,9 @@
320320
<inband query="SELECT tbl_name FROM sqlite_master WHERE type='table' ORDER BY 1"/>
321321
<blind query="SELECT tbl_name FROM sqlite_master WHERE type='table' LIMIT %d, 1" count="SELECT COUNT(tbl_name) FROM sqlite_master WHERE type='table'"/>
322322
</tables>
323-
<columns/>
323+
<columns>
324+
<inband query="SELECT sql FROM sqlite_master WHERE tbl_name='%s'"/>
325+
</columns>
324326
<dump_table>
325327
<inband query="SELECT %s FROM %s"/>
326328
<blind query="SELECT %s FROM %s LIMIT %d, 1" count="SELECT COUNT(*) FROM %s"/>

0 commit comments

Comments
 (0)