Thanks to visit codestin.com
Credit goes to github.com

Skip to content

Commit e609bd0

Browse files
stamparmstamparm
committed
Fixes #2678 
1 parent 511f2a6 commit e609bd0

4 files changed

Lines changed: 16 additions & 16 deletions

File tree

lib/core/common.py

Lines changed: 2 additions & 2 deletions
Original file line numberDiff line numberDiff line change
@@ -3586,11 +3586,11 @@ def unsafeSQLIdentificatorNaming(name):
35863586
if isinstance(name, basestring):
35873587
if Backend.getIdentifiedDbms() in (DBMS.MYSQL, DBMS.ACCESS):
35883588
retVal = name.replace("`", "")
3589-
elif Backend.getIdentifiedDbms() in (DBMS.PGSQL, DBMS.DB2):
3589+
elif Backend.getIdentifiedDbms() in (DBMS.PGSQL, DBMS.DB2, DBMS.SQLITE, DBMS.INFORMIX, DBMS.HSQLDB):
35903590
retVal = name.replace("\"", "")
35913591
elif Backend.getIdentifiedDbms() in (DBMS.ORACLE,):
35923592
retVal = name.replace("\"", "").upper()
3593-
elif Backend.getIdentifiedDbms() in (DBMS.MSSQL,):
3593+
elif Backend.getIdentifiedDbms() in (DBMS.MSSQL, DBMS.SYBASE):
35943594
retVal = name.replace("[", "").replace("]", "")
35953595

35963596
if Backend.getIdentifiedDbms() in (DBMS.MSSQL, DBMS.SYBASE):

lib/core/settings.py

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -19,7 +19,7 @@
1919
from lib.core.enums import OS
2020

2121
# sqlmap version (<major>.<minor>.<month>.<monthly commit>)
22-
VERSION = "1.1.9.2"
22+
VERSION = "1.1.9.3"
2323
TYPE = "dev" if VERSION.count('.') > 2 and VERSION.split('.')[-1] != '0' else "stable"
2424
TYPE_COLORS = {"dev": 33, "stable": 90, "pip": 34}
2525
VERSION_STRING = "sqlmap/%s#%s" % ('.'.join(VERSION.split('.')[:-1]) if VERSION.count('.') > 2 and VERSION.split('.')[-1] == '0' else VERSION, TYPE)

plugins/generic/databases.py

Lines changed: 10 additions & 10 deletions
Original file line numberDiff line numberDiff line change
@@ -534,7 +534,7 @@ def getColumns(self, onlyColNames=False, colTuple=None, bruteForce=None, dumpMod
534534
conf.db, conf.db, conf.db, unsafeSQLIdentificatorNaming(tbl).split(".")[-1])
535535
query += condQuery.replace("[DB]", conf.db)
536536
elif Backend.getIdentifiedDbms() in (DBMS.SQLITE, DBMS.FIREBIRD):
537-
query = rootQuery.inband.query % tbl
537+
query = rootQuery.inband.query % unsafeSQLIdentificatorNaming(tbl)
538538

539539
if dumpMode and colList:
540540
values = [(_,) for _ in colList]
@@ -564,7 +564,7 @@ def getColumns(self, onlyColNames=False, colTuple=None, bruteForce=None, dumpMod
564564
index, values = 1, []
565565

566566
while True:
567-
query = rootQuery.inband.query2 % (conf.db, tbl, index)
567+
query = rootQuery.inband.query2 % (conf.db, unsafeSQLIdentificatorNaming(tbl), index)
568568
value = unArrayizeValue(inject.getValue(query, blind=False, time=False))
569569

570570
if isNoneValue(value) or value == " ":
@@ -663,15 +663,15 @@ def getColumns(self, onlyColNames=False, colTuple=None, bruteForce=None, dumpMod
663663
query += condQuery.replace("[DB]", conf.db)
664664

665665
elif Backend.isDbms(DBMS.FIREBIRD):
666-
query = rootQuery.blind.count % (tbl)
666+
query = rootQuery.blind.count % unsafeSQLIdentificatorNaming(tbl)
667667
query += condQuery
668668

669669
elif Backend.isDbms(DBMS.INFORMIX):
670-
query = rootQuery.blind.count % (conf.db, conf.db, conf.db, conf.db, conf.db, tbl)
670+
query = rootQuery.blind.count % (conf.db, conf.db, conf.db, conf.db, conf.db, unsafeSQLIdentificatorNaming(tbl))
671671
query += condQuery
672672

673673
elif Backend.isDbms(DBMS.SQLITE):
674-
query = rootQuery.blind.query % tbl
674+
query = rootQuery.blind.query % unsafeSQLIdentificatorNaming(tbl)
675675
value = unArrayizeValue(inject.getValue(query, union=False, error=False))
676676
parseSqliteTableSchema(value)
677677
return kb.data.cachedColumns
@@ -694,7 +694,7 @@ def getColumns(self, onlyColNames=False, colTuple=None, bruteForce=None, dumpMod
694694
if Backend.isDbms(DBMS.MSSQL):
695695
count, index, values = 0, 1, []
696696
while True:
697-
query = rootQuery.blind.query3 % (conf.db, tbl, index)
697+
query = rootQuery.blind.query3 % (conf.db, unsafeSQLIdentificatorNaming(tbl), index)
698698
value = unArrayizeValue(inject.getValue(query, union=False, error=False))
699699
if isNoneValue(value) or value == " ":
700700
break
@@ -723,11 +723,11 @@ def getColumns(self, onlyColNames=False, colTuple=None, bruteForce=None, dumpMod
723723
query += condQuery.replace("[DB]", conf.db)
724724
field = condition.replace("[DB]", conf.db)
725725
elif Backend.isDbms(DBMS.FIREBIRD):
726-
query = rootQuery.blind.query % (tbl)
726+
query = rootQuery.blind.query % unsafeSQLIdentificatorNaming(tbl)
727727
query += condQuery
728728
field = None
729729
elif Backend.isDbms(DBMS.INFORMIX):
730-
query = rootQuery.blind.query % (index, conf.db, conf.db, conf.db, conf.db, conf.db, tbl)
730+
query = rootQuery.blind.query % (index, conf.db, conf.db, conf.db, conf.db, conf.db, unsafeSQLIdentificatorNaming(tbl))
731731
query += condQuery
732732
field = condition
733733

@@ -761,9 +761,9 @@ def getColumns(self, onlyColNames=False, colTuple=None, bruteForce=None, dumpMod
761761
query = rootQuery.blind.query2 % (conf.db, conf.db, conf.db, conf.db, column, conf.db,
762762
conf.db, conf.db, unsafeSQLIdentificatorNaming(tbl).split(".")[-1])
763763
elif Backend.isDbms(DBMS.FIREBIRD):
764-
query = rootQuery.blind.query2 % (tbl, column)
764+
query = rootQuery.blind.query2 % (unsafeSQLIdentificatorNaming(tbl), column)
765765
elif Backend.isDbms(DBMS.INFORMIX):
766-
query = rootQuery.blind.query2 % (conf.db, conf.db, conf.db, conf.db, conf.db, tbl, column)
766+
query = rootQuery.blind.query2 % (conf.db, conf.db, conf.db, conf.db, conf.db, unsafeSQLIdentificatorNaming(tbl), column)
767767

768768
colType = unArrayizeValue(inject.getValue(query, union=False, error=False))
769769

txt/checksum.md5

Lines changed: 3 additions & 3 deletions
Original file line numberDiff line numberDiff line change
@@ -27,7 +27,7 @@ a66093c734c7f94ecdf94d882c2d8b89 lib/controller/controller.py
2727
310efc965c862cfbd7b0da5150a5ad36 lib/controller/__init__.py
2828
9f1adb993f66da030a4168571978e6fa lib/core/agent.py
2929
6cc95a117fbd34ef31b9aa25520f0e31 lib/core/bigarray.py
30-
fc1f0a8732386fd502612fb4094fbcec lib/core/common.py
30+
55e0317b8bacce94bd6edb1a644e6b4d lib/core/common.py
3131
5065a4242a8cccf72f91e22e1007ae63 lib/core/convert.py
3232
a8143dab9d3a27490f7d49b6b29ea530 lib/core/data.py
3333
7936d78b1a7f1f008ff92bf2f88574ba lib/core/datatype.py
@@ -46,7 +46,7 @@ c5f09788ee8ff9c9d12a052986875bc6 lib/core/option.py
4646
d8e9250f3775119df07e9070eddccd16 lib/core/replication.py
4747
785f86e3f963fa3798f84286a4e83ff2 lib/core/revision.py
4848
40c80b28b3a5819b737a5a17d4565ae9 lib/core/session.py
49-
5c4f3ca6d7e34e0c004c45cef1019e4a lib/core/settings.py
49+
b57b58b96088042397ce57b93a6be153 lib/core/settings.py
5050
d91291997d2bd2f6028aaf371bf1d3b6 lib/core/shell.py
5151
2ad85c130cc5f2b3701ea85c2f6bbf20 lib/core/subprocessng.py
5252
4a6ecdd8a6e44bb4737bd9bc7f9b5743 lib/core/target.py
@@ -203,7 +203,7 @@ deed74334b637767fc9de8f74b37647a plugins/dbms/sybase/fingerprint.py
203203
654cd5e69cf5e5c644bfa5d284e61206 plugins/dbms/sybase/takeover.py
204204
f700954549ad8ebf77f5187262fb9af0 plugins/generic/connector.py
205205
5390591ca955036d492de11355b52e8f plugins/generic/custom.py
206-
4ad4bccc03256b8f3d21ba4f8f759404 plugins/generic/databases.py
206+
9fc0c45c314e597fd6ae3b0068daafc0 plugins/generic/databases.py
207207
106f19c1d895963e2efa8ee193a537ec plugins/generic/entries.py
208208
55802d1d5d65938414c77ccc27731cab plugins/generic/enumeration.py
209209
0d10a0410c416fece51c26a935e68568 plugins/generic/filesystem.py

0 commit comments

Comments
 (0)