Thanks to visit codestin.com
Credit goes to github.com

Skip to content

Commit dc1f2de

Browse files
bdamelebdamele
committed
Minor bug fix to correctly enumerate columns on Microsoft SQL Server.
Minor adjustments to XML signatures. Updated documentation.
1 parent f2737ad commit dc1f2de

9 files changed

Lines changed: 36 additions & 16 deletions

File tree

doc/ChangeLog

Lines changed: 2 additions & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -18,13 +18,14 @@ sqlmap (0.6.3-1) stable; urgency=low
1818
* Minor improvement to set by default in all HTTP requests the standard
1919
HTTP headers (Accept, Accept-Encoding, etc);
2020
* Minor improvements to sqlmap Debian package files: sqlmap uploaded
21-
to official Debian project repository;
21+
to official Debian project repository, on queue at the moment;
2222
* Major bug fix to correctly handle httplib.BadStatusLine exception;
2323
* Minor bug fix to handle session.error and session.timeout in HTTP
2424
requests;
2525
* Minor bug fix so that when the user provide a SELECT statement to be
2626
processed with an asterisk as columns, now it also work if in the FROM
2727
there is no database name specified;
28+
* Minor bug fix to correctly enumerate columns on Microsoft SQL Server;
2829
* Minor bug fix to correctly dump table entries when the column is
2930
provided;
3031

doc/THANKS

Lines changed: 3 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -105,6 +105,9 @@ Sven Schluter <[email protected]>
105105
M Simkin <[email protected]>
106106
for suggesting a feature
107107

108+
Jason Swan <[email protected]>
109+
for reporting a bug when enumerating columns on Microsoft SQL Server
110+
108111
Alessandro Tanasi <[email protected]>
109112
for extensively beta-testing sqlmap
110113
for suggesting many features and reporting some bugs

lib/core/common.py

Lines changed: 2 additions & 3 deletions
Original file line numberDiff line numberDiff line change
@@ -599,7 +599,7 @@ def expandAsteriskForColumns(expression):
599599
return expression
600600

601601

602-
def getRange(count, dump=False):
602+
def getRange(count, dump=False, plusOne=False):
603603
count = int(count)
604604
indexRange = None
605605
limitStart = 1
@@ -612,8 +612,7 @@ def getRange(count, dump=False):
612612
if isinstance(conf.limitStart, int) and conf.limitStart > 0 and conf.limitStart <= limitStop:
613613
limitStart = conf.limitStart
614614

615-
# TODO: also for Microsoft SQL Server in getColumns method?
616-
if kb.dbms == "Oracle":
615+
if kb.dbms == "Oracle" or plusOne == True:
617616
indexRange = range(limitStart, limitStop + 1)
618617
else:
619618
indexRange = range(limitStart - 1, limitStop)

lib/core/settings.py

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -30,7 +30,7 @@
3030

3131

3232
# sqlmap version and site
33-
VERSION = "0.6.3-rc1"
33+
VERSION = "0.6.3-rc2"
3434
VERSION_STRING = "sqlmap/%s" % VERSION
3535
SITE = "http://sqlmap.sourceforge.net"
3636

plugins/generic/enumeration.py

Lines changed: 6 additions & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -772,9 +772,14 @@ def getColumns(self, onlyColNames=False):
772772
errMsg += "on database '%s'" % conf.db
773773
raise sqlmapNoneDataException, errMsg
774774

775+
if kb.dbms == "Microsoft SQL Server":
776+
plusOne = True
777+
else:
778+
plusOne = False
779+
775780
table = {}
776781
columns = {}
777-
indexRange = getRange(count)
782+
indexRange = getRange(count, plusOne=plusOne)
778783

779784
for index in indexRange:
780785
if kb.dbms in ( "MySQL", "PostgreSQL" ):

sqlmap.conf

Lines changed: 2 additions & 2 deletions
Original file line numberDiff line numberDiff line change
@@ -3,13 +3,13 @@
33
# Target URL.
44
# Example: http://192.168.1.121/sqlmap/mysql/get_int.php?id=1&cat=2
55
# PHP and MySQL (local)
6-
url = http://127.0.0.1/sqlmap/mysql/get_int.php?id=1
6+
#url = http://127.0.0.1/sqlmap/mysql/get_int.php?id=1
77
# PHP and Oracle (local)
88
#url = http://127.0.0.1/sqlmap/oracle/get_int.php?id=1
99
# PHP and PostgreSQL (local)
1010
#url = http://127.0.0.1/sqlmap/pgsql/get_int.php?id=1
1111
# PHP and Microsoft SQL Server (remote)
12-
#url = http://127.0.0.1/sqlmap/mssql/get_int.php?id=1
12+
url = http://127.0.0.1/sqlmap/mssql/get_int.php?id=1
1313
# PHP and MySQL (remote on Windows)
1414
#url = http://127.0.0.1/sqlmap/mysql/win_get_int.php?id=1
1515
# ASP and Microsoft SQL Server (local)

xml/banner/generic.xml

Lines changed: 15 additions & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -73,14 +73,22 @@
7373
<info type="Linux" distrib="Knoppix"/>
7474
</regexp>
7575

76-
<regexp value="(Mandrake|Mandriva)">
76+
<regexp value="Mandrake">
7777
<info type="Linux" distrib="Mandrake"/>
7878
</regexp>
7979

80+
<regexp value="Mandriva">
81+
<info type="Linux" distrib="Mandriva"/>
82+
</regexp>
83+
8084
<regexp value="Red[\-\_\ ]*Hat">
8185
<info type="Linux" distrib="Red Hat"/>
8286
</regexp>
8387

88+
<regexp value="Slackware">
89+
<info type="Linux" distrib="Slackware"/>
90+
</regexp>
91+
8492
<regexp value="SuSE">
8593
<info type="Linux" distrib="SuSE"/>
8694
</regexp>
@@ -103,6 +111,12 @@
103111
<info type="OpenBSD"/>
104112
</regexp>
105113

114+
<!-- Mac OSX -->
115+
116+
<regexp value="Mac[\-\_\ ]*OSX">
117+
<info type="Mac OSX"/>
118+
</regexp>
119+
106120
<regexp value="Darwin">
107121
<info type="Mac OSX"/>
108122
</regexp>

xml/banner/server.xml

Lines changed: 2 additions & 2 deletions
Original file line numberDiff line numberDiff line change
@@ -236,11 +236,11 @@
236236
</regexp>
237237

238238
<regexp value="Apache-AdvancedExtranetServer/2.0.54 \(Mandriva Linux/">
239-
<info type="Linux" distrib="Mandrive" release="2006.0"/>
239+
<info type="Linux" distrib="Mandriva" release="2006.0"/>
240240
</regexp>
241241

242242
<regexp value="Apache/2.2.3 \(Mandriva Linux/">
243-
<info type="Linux" distrib="Mandrive" release="2007"/>
243+
<info type="Linux" distrib="Mandriva" release="2007"/>
244244
</regexp>
245245

246246
<!-- Apache: Red Hat -->

xml/queries.xml

Lines changed: 3 additions & 5 deletions
Original file line numberDiff line numberDiff line change
@@ -193,17 +193,15 @@
193193
<privileges/>
194194
<dbs>
195195
<inband query="SELECT name FROM master..sysdatabases"/>
196-
<blind query="SELECT TOP 1 name FROM master..sysdatabases WHERE name NOT IN (SELECT TOP %d name FROM master..sysdatabases)" count="SELECT LTRIM(STR(COUNT(name))) FROM master..sysdatabases"/>
196+
<blind query="SELECT TOP 1 name FROM master..sysdatabases WHERE name NOT IN (SELECT TOP %d name FROM master..sysdatabases ORDER BY name) ORDER BY name" count="SELECT LTRIM(STR(COUNT(name))) FROM master..sysdatabases"/>
197197
</dbs>
198-
<!-- TODO: condition? -->
199198
<tables>
200199
<inband query="SELECT name FROM %s..sysobjects WHERE xtype IN ('u', 'v')"/>
201-
<blind query="SELECT TOP 1 name FROM %s..sysobjects WHERE xtype IN ('u', 'v') AND name NOT IN (SELECT TOP %d name FROM %s..sysobjects WHERE xtype IN ('u', 'v'))" count="SELECT LTRIM(STR(COUNT(name))) FROM %s..sysobjects WHERE xtype IN ('u', 'v')"/>
200+
<blind query="SELECT TOP 1 name FROM %s..sysobjects WHERE xtype IN ('u', 'v') AND name NOT IN (SELECT TOP %d name FROM %s..sysobjects WHERE xtype IN ('u', 'v') ORDER BY name ASC) ORDER BY name ASC" count="SELECT LTRIM(STR(COUNT(name))) FROM %s..sysobjects WHERE xtype IN ('u', 'v')"/>
202201
</tables>
203-
<!-- TODO: getRange like Oracle? -->
204202
<columns>
205203
<inband query="SELECT %s..syscolumns.name, TYPE_NAME(%s..syscolumns.xtype) FROM %s..syscolumns, %s..sysobjects WHERE %s..syscolumns.id=%s..sysobjects.id AND %s..sysobjects.name='%s'"/>
206-
<blind query="SELECT TOP 1 name FROM (SELECT TOP %s name FROM %s..syscolumns WHERE id=(SELECT id FROM %s..sysobjects WHERE name='%s')) CTABLE" query2="SELECT TYPE_NAME(%s..syscolumns.xtype) FROM %s..syscolumns, %s..sysobjects WHERE %s..syscolumns.name='%s' AND %s..syscolumns.id=%s..sysobjects.id AND %s..sysobjects.name='%s'" count="SELECT LTRIM(STR(COUNT(name))) FROM %s..syscolumns WHERE id=(SELECT id FROM %s..sysobjects WHERE name='%s')"/>
204+
<blind query="SELECT TOP 1 name FROM (SELECT TOP %s name FROM %s..syscolumns WHERE id=(SELECT id FROM %s..sysobjects WHERE name='%s') ORDER BY name ASC) CTABLE ORDER BY name DESC" query2="SELECT TYPE_NAME(%s..syscolumns.xtype) FROM %s..syscolumns, %s..sysobjects WHERE %s..syscolumns.name='%s' AND %s..syscolumns.id=%s..sysobjects.id AND %s..sysobjects.name='%s'" count="SELECT LTRIM(STR(COUNT(name))) FROM %s..syscolumns WHERE id=(SELECT id FROM %s..sysobjects WHERE name='%s')"/>
207205
</columns>
208206
<dump_table>
209207
<inband query="SELECT %s FROM %s..%s"/>

0 commit comments

Comments
 (0)