(tableFile, regex=None)
| 62 | |
| 63 | @stackedmethod |
| 64 | def tableExists(tableFile, regex=None): |
| 65 | if kb.choices.tableExists is None and not any(_ for _ in kb.injection.data if _ not in (PAYLOAD.TECHNIQUE.TIME, PAYLOAD.TECHNIQUE.STACKED)) and not conf.direct: |
| 66 | warnMsg = "it's not recommended to use '%s' and/or '%s' " % (PAYLOAD.SQLINJECTION[PAYLOAD.TECHNIQUE.TIME], PAYLOAD.SQLINJECTION[PAYLOAD.TECHNIQUE.STACKED]) |
| 67 | warnMsg += "for common table existence check" |
| 68 | logger.warning(warnMsg) |
| 69 | |
| 70 | message = "are you sure you want to continue? [y/N] " |
| 71 | kb.choices.tableExists = readInput(message, default='N', boolean=True) |
| 72 | |
| 73 | if not kb.choices.tableExists: |
| 74 | return None |
| 75 | |
| 76 | result = inject.checkBooleanExpression("%s" % safeStringFormat(BRUTE_TABLE_EXISTS_TEMPLATE, (randomInt(1), randomStr()))) |
| 77 | |
| 78 | if result: |
| 79 | errMsg = "can't use table existence check because of detected invalid results " |
| 80 | errMsg += "(most likely caused by inability of the used injection " |
| 81 | errMsg += "to distinguish erroneous results)" |
| 82 | raise SqlmapDataException(errMsg) |
| 83 | |
| 84 | pushValue(conf.db) |
| 85 | |
| 86 | if conf.db and Backend.getIdentifiedDbms() in UPPER_CASE_DBMSES: |
| 87 | conf.db = conf.db.upper() |
| 88 | |
| 89 | message = "which common tables (wordlist) file do you want to use?\n" |
| 90 | message += "[1] default '%s' (press Enter)\n" % tableFile |
| 91 | message += "[2] custom" |
| 92 | choice = readInput(message, default='1') |
| 93 | |
| 94 | if choice == '2': |
| 95 | message = "what's the custom common tables file location?\n" |
| 96 | tableFile = readInput(message) or tableFile |
| 97 | |
| 98 | infoMsg = "performing table existence using items from '%s'" % tableFile |
| 99 | logger.info(infoMsg) |
| 100 | |
| 101 | tables = getFileItems(tableFile, lowercase=Backend.getIdentifiedDbms() in (DBMS.ACCESS,), unique=True) |
| 102 | tables.extend(_addPageTextWords()) |
| 103 | tables = filterListValue(tables, regex) |
| 104 | |
| 105 | for conf.db in (conf.db.split(',') if conf.db else [conf.db]): |
| 106 | if conf.db and METADB_SUFFIX not in conf.db: |
| 107 | infoMsg = "checking database '%s'" % conf.db |
| 108 | logger.info(infoMsg) |
| 109 | |
| 110 | threadData = getCurrentThreadData() |
| 111 | threadData.shared.count = 0 |
| 112 | threadData.shared.limit = len(tables) |
| 113 | threadData.shared.files = [] |
| 114 | threadData.shared.unique = set() |
| 115 | |
| 116 | def tableExistsThread(): |
| 117 | threadData = getCurrentThreadData() |
| 118 | |
| 119 | while kb.threadContinue: |
| 120 | kb.locks.count.acquire() |
| 121 | if threadData.shared.count < threadData.shared.limit: |
no test coverage detected
searching dependent graphs…