Thanks to visit codestin.com
Credit goes to github.com

Skip to content

Commit e17ac5f

Browse files
stamparmstamparm
committed
update
1 parent 4450474 commit e17ac5f

4 files changed

Lines changed: 17 additions & 11 deletions

File tree

lib/core/agent.py

Lines changed: 7 additions & 6 deletions
Original file line numberDiff line numberDiff line change
@@ -27,6 +27,7 @@
2727
from lib.core.enums import PAYLOAD
2828
from lib.core.enums import PLACE
2929
from lib.core.exception import sqlmapNoneDataException
30+
from lib.core.settings import INBAND_FROM_TABLE
3031
from lib.core.settings import PAYLOAD_DELIMITER
3132

3233
class Agent:
@@ -515,8 +516,8 @@ def forgeInbandQuery(self, query, position, count, comment, prefix, suffix, char
515516
intoRegExp = intoRegExp.group(1)
516517
query = query[:query.index(intoRegExp)]
517518

518-
if getIdentifiedDBMS() == DBMS.ORACLE and inbandQuery.endswith(" FROM DUAL"):
519-
inbandQuery = inbandQuery[:-len(" FROM DUAL")]
519+
if getIdentifiedDBMS() in INBAND_FROM_TABLE and inbandQuery.endswith(INBAND_FROM_TABLE[getIdentifiedDBMS()]):
520+
inbandQuery = inbandQuery[:-len(INBAND_FROM_TABLE[getIdentifiedDBMS()])]
520521

521522
for element in range(count):
522523
if element > 0:
@@ -535,9 +536,9 @@ def forgeInbandQuery(self, query, position, count, comment, prefix, suffix, char
535536
conditionIndex = query.index(" FROM ")
536537
inbandQuery += query[conditionIndex:]
537538

538-
if getIdentifiedDBMS() == DBMS.ORACLE:
539+
if getIdentifiedDBMS() in INBAND_FROM_TABLE:
539540
if " FROM " not in inbandQuery:
540-
inbandQuery += " FROM DUAL"
541+
inbandQuery += INBAND_FROM_TABLE[getIdentifiedDBMS()]
541542

542543
if intoRegExp:
543544
inbandQuery += intoRegExp
@@ -554,8 +555,8 @@ def forgeInbandQuery(self, query, position, count, comment, prefix, suffix, char
554555
else:
555556
inbandQuery += char
556557

557-
if getIdentifiedDBMS() == DBMS.ORACLE:
558-
inbandQuery += " FROM DUAL"
558+
if getIdentifiedDBMS() in INBAND_FROM_TABLE:
559+
inbandQuery += INBAND_FROM_TABLE[getIdentifiedDBMS()]
559560

560561
inbandQuery = self.suffixQuery(inbandQuery, comment, suffix)
561562

lib/core/settings.py

Lines changed: 3 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -12,6 +12,7 @@
1212
import subprocess
1313
import sys
1414

15+
from lib.core.enums import DBMS
1516
from lib.core.revision import getRevisionNumber
1617

1718
# sqlmap version and site
@@ -119,6 +120,8 @@
119120
SUPPORTED_DBMS = MSSQL_ALIASES + MYSQL_ALIASES + PGSQL_ALIASES + ORACLE_ALIASES + SQLITE_ALIASES + ACCESS_ALIASES + FIREBIRD_ALIASES + MAXDB_ALIASES + SYBASE_ALIASES
120121
SUPPORTED_OS = ( "linux", "windows" )
121122

123+
INBAND_FROM_TABLE = {DBMS.ORACLE: " FROM DUAL", DBMS.ACCESS: " FROM MSysObjects", DBMS.FIREBIRD: " FROM RDB$DATABASE", DBMS.MAXDB: " FROM VERSIONS"}
124+
122125
SQL_STATEMENTS = {
123126
"SQL SELECT statement": (
124127
"select ",

lib/techniques/inband/union/test.py

Lines changed: 5 additions & 4 deletions
Original file line numberDiff line numberDiff line change
@@ -22,6 +22,7 @@
2222
from lib.core.data import queries
2323
from lib.core.enums import DBMS
2424
from lib.core.enums import PAYLOAD
25+
from lib.core.settings import INBAND_FROM_TABLE
2526
from lib.core.unescaper import unescaper
2627
from lib.parse.html import htmlParser
2728
from lib.request.connect import Connect as Request
@@ -97,14 +98,14 @@ def __unionTestByCharBruteforce(comment, place, parameter, value, prefix, suffix
9798
query = agent.prefixQuery("UNION ALL SELECT %s" % conf.uChar)
9899

99100
for count in range(conf.uColsStart, conf.uColsStop+1):
100-
if getIdentifiedDBMS() == DBMS.ORACLE and query.endswith(" FROM DUAL"):
101-
query = query[:-len(" FROM DUAL")]
101+
if getIdentifiedDBMS() in INBAND_FROM_TABLE and query.endswith(INBAND_FROM_TABLE[getIdentifiedDBMS()]):
102+
query = query[:-len(INBAND_FROM_TABLE[getIdentifiedDBMS()])]
102103

103104
if count:
104105
query += ", %s" % conf.uChar
105106

106-
if getIdentifiedDBMS() == DBMS.ORACLE:
107-
query += " FROM DUAL"
107+
if getIdentifiedDBMS() in INBAND_FROM_TABLE:
108+
query += INBAND_FROM_TABLE[getIdentifiedDBMS()]
108109

109110
status = '%d/%d (%d%s)' % (count, conf.uColsStop, round(100.0*count/conf.uColsStop), '%')
110111
debugMsg = "testing number of columns: %s" % status

lib/techniques/inband/union/use.py

Lines changed: 2 additions & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -25,6 +25,7 @@
2525
from lib.core.enums import DBMS
2626
from lib.core.enums import PAYLOAD
2727
from lib.core.exception import sqlmapSyntaxException
28+
from lib.core.settings import INBAND_FROM_TABLE
2829
from lib.core.unescaper import unescaper
2930
from lib.request.connect import Connect as Request
3031
from lib.utils.resume import resume
@@ -118,7 +119,7 @@ def unionUse(expression, direct=False, unescape=True, resetCounter=False, unpack
118119
stopLimit = conf.limitStop
119120

120121
if not stopLimit or stopLimit <= 1:
121-
if getIdentifiedDBMS() == DBMS.ORACLE and expression.endswith("FROM DUAL"):
122+
if getIdentifiedDBMS() in INBAND_FROM_TABLE and expression.endswith(INBAND_FROM_TABLE[getIdentifiedDBMS()]):
122123
test = False
123124
else:
124125
test = True

0 commit comments

Comments
 (0)