Skip to content

Commit dc1f2de

Browse files
bdamelebdamele
committed
Minor bug fix to correctly enumerate columns on Microsoft SQL Server.
Minor adjustments to XML signatures. Updated documentation.
1 parent f2737ad commit dc1f2de

9 files changed

Lines changed: 36 additions & 16 deletions

File tree

doc/ChangeLog

Lines changed: 2 additions & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -18,13 +18,14 @@ sqlmap (0.6.3-1) stable; urgency=low
1818
* Minor improvement to set by default in all HTTP requests the standard
1919
HTTP headers (Accept, Accept-Encoding, etc);
2020
* Minor improvements to sqlmap Debian package files: sqlmap uploaded
21-
to official Debian project repository;
21+
to official Debian project repository, on queue at the moment;
2222
* Major bug fix to correctly handle httplib.BadStatusLine exception;
2323
* Minor bug fix to handle session.error and session.timeout in HTTP
2424
requests;
2525
* Minor bug fix so that when the user provide a SELECT statement to be
2626
processed with an asterisk as columns, now it also work if in the FROM
2727
there is no database name specified;
28+
* Minor bug fix to correctly enumerate columns on Microsoft SQL Server;
2829
* Minor bug fix to correctly dump table entries when the column is
2930
provided;
3031

doc/THANKS

Lines changed: 3 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -105,6 +105,9 @@ Sven Schluter <sschlueter@netzwerk.cc>
105105
M Simkin <mlsimkin@cox.net>
106106
for suggesting a feature
107107

108+
Jason Swan <jasoneswan@gmail.com>
109+
for reporting a bug when enumerating columns on Microsoft SQL Server
110+
108111
Alessandro Tanasi <alessandro@tanasi.it>
109112
for extensively beta-testing sqlmap
110113
for suggesting many features and reporting some bugs

lib/core/common.py

Lines changed: 2 additions & 3 deletions
Original file line numberDiff line numberDiff line change
@@ -599,7 +599,7 @@ def expandAsteriskForColumns(expression):
599599
return expression
600600

601601

602-
def getRange(count, dump=False):
602+
def getRange(count, dump=False, plusOne=False):
603603
count = int(count)
604604
indexRange = None
605605
limitStart = 1
@@ -612,8 +612,7 @@ def getRange(count, dump=False):
612612
if isinstance(conf.limitStart, int) and conf.limitStart > 0 and conf.limitStart <= limitStop:
613613
limitStart = conf.limitStart
614614

615-
# TODO: also for Microsoft SQL Server in getColumns method?
616-
if kb.dbms == "Oracle":
615+
if kb.dbms == "Oracle" or plusOne == True:
617616
indexRange = range(limitStart, limitStop + 1)
618617
else:
619618
indexRange = range(limitStart - 1, limitStop)

lib/core/settings.py

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -30,7 +30,7 @@
3030

3131

3232
# sqlmap version and site
33-
VERSION = "0.6.3-rc1"
33+
VERSION = "0.6.3-rc2"
3434
VERSION_STRING = "sqlmap/%s" % VERSION
3535
SITE = "http://sqlmap.sourceforge.net"
3636

plugins/generic/enumeration.py

Lines changed: 6 additions & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -772,9 +772,14 @@ def getColumns(self, onlyColNames=False):
772772
errMsg += "on database '%s'" % conf.db
773773
raise sqlmapNoneDataException, errMsg
774774

775+
if kb.dbms == "Microsoft SQL Server":
776+
plusOne = True
777+
else:
778+
plusOne = False
779+
775780
table = {}
776781
columns = {}
777-
indexRange = getRange(count)
782+
indexRange = getRange(count, plusOne=plusOne)
778783

779784
for index in indexRange:
780785
if kb.dbms in ( "MySQL", "PostgreSQL" ):

sqlmap.conf

Lines changed: 2 additions & 2 deletions
Original file line numberDiff line numberDiff line change
@@ -3,13 +3,13 @@
33
# Target URL.
44
# Example: http://192.168.1.121/sqlmap/mysql/get_int.php?id=1&cat=2
55
# PHP and MySQL (local)
6-
url = http://127.0.0.1/sqlmap/mysql/get_int.php?id=1
6+
#url = http://127.0.0.1/sqlmap/mysql/get_int.php?id=1
77
# PHP and Oracle (local)
88
#url = http://127.0.0.1/sqlmap/oracle/get_int.php?id=1
99
# PHP and PostgreSQL (local)
1010
#url = http://127.0.0.1/sqlmap/pgsql/get_int.php?id=1
1111
# PHP and Microsoft SQL Server (remote)
12-
#url = http://127.0.0.1/sqlmap/mssql/get_int.php?id=1
12+
url = http://127.0.0.1/sqlmap/mssql/get_int.php?id=1
1313
# PHP and MySQL (remote on Windows)
1414
#url = http://127.0.0.1/sqlmap/mysql/win_get_int.php?id=1
1515
# ASP and Microsoft SQL Server (local)

xml/banner/generic.xml

Lines changed: 15 additions & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -73,14 +73,22 @@
7373
<info type="Linux" distrib="Knoppix"/>
7474
</regexp>
7575

76-
<regexp value="(Mandrake|Mandriva)">
76+
<regexp value="Mandrake">
7777
<info type="Linux" distrib="Mandrake"/>
7878
</regexp>
7979

80+
<regexp value="Mandriva">
81+
<info type="Linux" distrib="Mandriva"/>
82+
</regexp>
83+
8084
<regexp value="Red[\-\_\ ]*Hat">
8185
<info type="Linux" distrib="Red Hat"/>
8286
</regexp>
8387

88+
<regexp value="Slackware">
89+
<info type="Linux" distrib="Slackware"/>
90+
</regexp>
91+
8492
<regexp value="SuSE">
8593
<info type="Linux" distrib="SuSE"/>
8694
</regexp>
@@ -103,6 +111,12 @@
103111
<info type="OpenBSD"/>
104112
</regexp>
105113

114+
<!-- Mac OSX -->
115+
116+
<regexp value="Mac[\-\_\ ]*OSX">
117+
<info type="Mac OSX"/>
118+
</regexp>
119+
106120
<regexp value="Darwin">
107121
<info type="Mac OSX"/>
108122
</regexp>

xml/banner/server.xml

Lines changed: 2 additions & 2 deletions
Original file line numberDiff line numberDiff line change
@@ -236,11 +236,11 @@
236236
</regexp>
237237

238238
<regexp value="Apache-AdvancedExtranetServer/2.0.54 \(Mandriva Linux/">
239-
<info type="Linux" distrib="Mandrive" release="2006.0"/>
239+
<info type="Linux" distrib="Mandriva" release="2006.0"/>
240240
</regexp>
241241

242242
<regexp value="Apache/2.2.3 \(Mandriva Linux/">
243-
<info type="Linux" distrib="Mandrive" release="2007"/>
243+
<info type="Linux" distrib="Mandriva" release="2007"/>
244244
</regexp>
245245

246246
<!-- Apache: Red Hat -->

xml/queries.xml

Lines changed: 3 additions & 5 deletions
Original file line numberDiff line numberDiff line change
@@ -193,17 +193,15 @@
193193
<privileges/>
194194
<dbs>
195195
<inband query="SELECT name FROM master..sysdatabases"/>
196-
<blind query="SELECT TOP 1 name FROM master..sysdatabases WHERE name NOT IN (SELECT TOP %d name FROM master..sysdatabases)" count="SELECT LTRIM(STR(COUNT(name))) FROM master..sysdatabases"/>
196+
<blind query="SELECT TOP 1 name FROM master..sysdatabases WHERE name NOT IN (SELECT TOP %d name FROM master..sysdatabases ORDER BY name) ORDER BY name" count="SELECT LTRIM(STR(COUNT(name))) FROM master..sysdatabases"/>
197197
</dbs>
198-
<!-- TODO: condition? -->
199198
<tables>
200199
<inband query="SELECT name FROM %s..sysobjects WHERE xtype IN ('u', 'v')"/>
201-
<blind query="SELECT TOP 1 name FROM %s..sysobjects WHERE xtype IN ('u', 'v') AND name NOT IN (SELECT TOP %d name FROM %s..sysobjects WHERE xtype IN ('u', 'v'))" count="SELECT LTRIM(STR(COUNT(name))) FROM %s..sysobjects WHERE xtype IN ('u', 'v')"/>
200+
<blind query="SELECT TOP 1 name FROM %s..sysobjects WHERE xtype IN ('u', 'v') AND name NOT IN (SELECT TOP %d name FROM %s..sysobjects WHERE xtype IN ('u', 'v') ORDER BY name ASC) ORDER BY name ASC" count="SELECT LTRIM(STR(COUNT(name))) FROM %s..sysobjects WHERE xtype IN ('u', 'v')"/>
202201
</tables>
203-
<!-- TODO: getRange like Oracle? -->
204202
<columns>
205203
<inband query="SELECT %s..syscolumns.name, TYPE_NAME(%s..syscolumns.xtype) FROM %s..syscolumns, %s..sysobjects WHERE %s..syscolumns.id=%s..sysobjects.id AND %s..sysobjects.name='%s'"/>
206-
<blind query="SELECT TOP 1 name FROM (SELECT TOP %s name FROM %s..syscolumns WHERE id=(SELECT id FROM %s..sysobjects WHERE name='%s')) CTABLE" query2="SELECT TYPE_NAME(%s..syscolumns.xtype) FROM %s..syscolumns, %s..sysobjects WHERE %s..syscolumns.name='%s' AND %s..syscolumns.id=%s..sysobjects.id AND %s..sysobjects.name='%s'" count="SELECT LTRIM(STR(COUNT(name))) FROM %s..syscolumns WHERE id=(SELECT id FROM %s..sysobjects WHERE name='%s')"/>
204+
<blind query="SELECT TOP 1 name FROM (SELECT TOP %s name FROM %s..syscolumns WHERE id=(SELECT id FROM %s..sysobjects WHERE name='%s') ORDER BY name ASC) CTABLE ORDER BY name DESC" query2="SELECT TYPE_NAME(%s..syscolumns.xtype) FROM %s..syscolumns, %s..sysobjects WHERE %s..syscolumns.name='%s' AND %s..syscolumns.id=%s..sysobjects.id AND %s..sysobjects.name='%s'" count="SELECT LTRIM(STR(COUNT(name))) FROM %s..syscolumns WHERE id=(SELECT id FROM %s..sysobjects WHERE name='%s')"/>
207205
</columns>
208206
<dump_table>
209207
<inband query="SELECT %s FROM %s..%s"/>

0 commit comments

Comments
 (0)