Skip to content

Commit bce9db1

Browse files
stamparmstamparm
committed
Adding support for --columns too (Issue sqlmapproject#2025)
1 parent ca67456 commit bce9db1

File tree

2 files changed

+20
-2
lines changed

2 files changed

+20
-2
lines changed

lib/core/settings.py

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -19,7 +19,7 @@
1919
from lib.core.revision import getRevisionNumber
2020

2121
# sqlmap version (<major>.<minor>.<month>.<monthly commit>)
22-
VERSION = "1.0.7.20"
22+
VERSION = "1.0.7.21"
2323
REVISION = getRevisionNumber()
2424
STABLE = VERSION.count('.') <= 2
2525
VERSION_STRING = "sqlmap/%s#%s" % (VERSION, "stable" if STABLE else "dev")

plugins/generic/databases.py

Lines changed: 19 additions & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -8,6 +8,7 @@
88
from lib.core.agent import agent
99
from lib.core.common import arrayizeValue
1010
from lib.core.common import Backend
11+
from lib.core.common import extractRegexResult
1112
from lib.core.common import filterPairValues
1213
from lib.core.common import flattenValue
1314
from lib.core.common import getLimitRange
@@ -19,6 +20,7 @@
1920
from lib.core.common import parseSqliteTableSchema
2021
from lib.core.common import popValue
2122
from lib.core.common import pushValue
23+
from lib.core.common import randomStr
2224
from lib.core.common import readInput
2325
from lib.core.common import safeSQLIdentificatorNaming
2426
from lib.core.common import singleTimeWarnMessage
@@ -41,6 +43,7 @@
4143
from lib.request import inject
4244
from lib.techniques.brute.use import columnExists
4345
from lib.techniques.brute.use import tableExists
46+
from lib.techniques.union.use import unionUse
4447

4548
class Databases:
4649
"""
@@ -539,7 +542,22 @@ def getColumns(self, onlyColNames=False, colTuple=None, bruteForce=None, dumpMod
539542
infoMsg += "in database '%s'" % unsafeSQLIdentificatorNaming(conf.db)
540543
logger.info(infoMsg)
541544

542-
values = inject.getValue(query, blind=False, time=False)
545+
values = None
546+
if Backend.isDbms(DBMS.MSSQL) and isTechniqueAvailable(PAYLOAD.TECHNIQUE.UNION):
547+
expression = query
548+
kb.dumpColumns = []
549+
kb.rowXmlMode = True
550+
551+
for column in extractRegexResult(r"SELECT (?P<result>.+?) FROM", query).split(','):
552+
kb.dumpColumns.append(randomStr().lower())
553+
expression = expression.replace(column, "%s AS %s" % (column, kb.dumpColumns[-1]), 1)
554+
555+
values = unionUse(expression)
556+
kb.rowXmlMode = False
557+
kb.dumpColumns = None
558+
559+
if values is None:
560+
values = inject.getValue(query, blind=False, time=False)
543561

544562
if Backend.isDbms(DBMS.MSSQL) and isNoneValue(values):
545563
index, values = 1, []

0 commit comments

Comments
 (0)