mirror of
https://github.com/sqlmapproject/sqlmap.git
synced 2026-07-03 23:11:29 +00:00
Fixes #1545
This commit is contained in:
parent
c2209d9326
commit
a3bff54cc5
3 changed files with 29 additions and 3 deletions
|
|
@ -189,7 +189,7 @@ b14628a6c9327d110afe50b01f3171f64f61823343b8de89596e854b00b74928 lib/core/dump.
|
|||
9bf174058f15d14e24e94f9aaf42df045119d3617c6c54bd2f3af79b462f331d lib/core/replication.py
|
||||
0b8c38a01bb01f843d94a6c5f2075ee47520d0c4aa799cecea9c3e2c5a4a23a6 lib/core/revision.py
|
||||
888daba83fd4a34e9503fe21f01fef4cc730e5cde871b1d40e15d4cbc847d56c lib/core/session.py
|
||||
dba5c2fcdd18d70021f56236551c697587bdc885b5693e5b36c191098980e8fb lib/core/settings.py
|
||||
db578cf03ccdb67a0930ebaba6bc8aa1b777e0a09e3cc7d14fef47c5e47f3f5f lib/core/settings.py
|
||||
c7804223319e18eb0b8e2cbf0a8b6896d1cefb7b0b1a2e9f1cf826a8a3b56750 lib/core/shell.py
|
||||
a2e98a94b231432736d6b304fc75525c8b5fdb4768c418387c5b4c1a610dad64 lib/core/subprocessng.py
|
||||
15d36cdac9389d0a54a6c33fbb89f32bb65e303f50de573773dcb6d4618bca64 lib/core/target.py
|
||||
|
|
@ -266,7 +266,7 @@ bd9267d94390ba87d6c5a35c90f2406d6a4135a7c8ea01db76dd9e6519eee2ed lib/utils/dial
|
|||
71a66ff766a2921106770b26acff380de469222dc893816a7b970b384c927666 lib/utils/hash.py
|
||||
1966ca704961fb987ab757f0a4afddbf841d1a880631b701487c75cef63d60c3 lib/utils/__init__.py
|
||||
1bbf57e43f921d4132e6e5a336ff39454a9506b36de94ebcc45879d0abcac56a lib/utils/keysetdump.py
|
||||
04b28ad98340a589eb9b21d014c435e8193c2bea3a21af9875b6f23c9b270f1f lib/utils/pivotdumptable.py
|
||||
dd30ef67da30b666c53013ee32253cd9396ed0e5d0a44d509680742e06ebcd23 lib/utils/pivotdumptable.py
|
||||
c1dfc3bed0fed9b181f612d1d747955dd2b506dbe99bc9fd481495602371473a lib/utils/progress.py
|
||||
c442e9ef8324fd6fdf7bc334d765f0a6ce4037397eb3d79d59b5ce3e9a043855 lib/utils/prove.py
|
||||
2cd84db16edef8c9948e197a51d870cf1c338f4a89037b4d422de990f4a45237 lib/utils/purge.py
|
||||
|
|
|
|||
|
|
@ -20,7 +20,7 @@ from lib.core.enums import OS
|
|||
from thirdparty import six
|
||||
|
||||
# sqlmap version (<major>.<minor>.<month>.<monthly commit>)
|
||||
VERSION = "1.10.7.10"
|
||||
VERSION = "1.10.7.11"
|
||||
TYPE = "dev" if VERSION.count('.') > 2 and VERSION.split('.')[-1] != '0' else "stable"
|
||||
TYPE_COLORS = {"dev": 33, "stable": 90, "pip": 34}
|
||||
VERSION_STRING = "sqlmap/%s#%s" % ('.'.join(VERSION.split('.')[:-1]) if VERSION.count('.') > 2 and VERSION.split('.')[-1] == '0' else VERSION, TYPE)
|
||||
|
|
|
|||
|
|
@ -45,6 +45,7 @@ def pivotDumpTable(table, colList, count=None, blind=True, alias=None):
|
|||
|
||||
validColumnList = False
|
||||
validPivotValue = False
|
||||
compositePivot = None
|
||||
|
||||
if count is None:
|
||||
query = dumpNode.count % table
|
||||
|
|
@ -118,6 +119,26 @@ def pivotDumpTable(table, colList, count=None, blind=True, alias=None):
|
|||
errMsg = "all provided column name(s) are non-existent"
|
||||
raise SqlmapNoneDataException(errMsg)
|
||||
|
||||
if not validPivotValue:
|
||||
# No single column holds all-distinct values. Fall back to a COMPOSITE pivot (a
|
||||
# concatenation of every column) whose combined value is unique per row, so rows sharing
|
||||
# a value in every individual column are no longer silently dropped (ref: #1545).
|
||||
_composite = agent.concatQuery(','.join(colList))
|
||||
query = dumpNode.count2 % (_composite, table)
|
||||
query = agent.whereQuery(query)
|
||||
value = inject.getValue(query, blind=blind, union=not blind, error=not blind, expected=EXPECTED.INT, charsetType=CHARSET_TYPE.DIGITS)
|
||||
|
||||
if isNumPosStrValue(value) and int(value) == count:
|
||||
infoMsg = "using a concatenation of all columns as a "
|
||||
infoMsg += "composite pivot for retrieving row data"
|
||||
logger.info(infoMsg)
|
||||
|
||||
compositePivot = _composite
|
||||
lengths[compositePivot] = 0
|
||||
entries[compositePivot] = BigArray()
|
||||
colList.insert(0, compositePivot)
|
||||
validPivotValue = True
|
||||
|
||||
if not validPivotValue:
|
||||
warnMsg = "no proper pivot column provided (with unique values)."
|
||||
warnMsg += " It won't be possible to retrieve all rows"
|
||||
|
|
@ -186,4 +207,9 @@ def pivotDumpTable(table, colList, count=None, blind=True, alias=None):
|
|||
|
||||
logger.critical(errMsg)
|
||||
|
||||
# The composite pivot is a synthetic paging key, not a real column - drop it from the output
|
||||
if compositePivot is not None:
|
||||
entries.pop(compositePivot, None)
|
||||
lengths.pop(compositePivot, None)
|
||||
|
||||
return entries, lengths
|
||||
|
|
|
|||
Loading…
Add table
Add a link
Reference in a new issue