MCPcopy Index your code
hub / github.com/sqlmapproject/sqlmap / tableExists

Function tableExists

lib/utils/brute.py:64–186  ·  view source on GitHub ↗
(tableFile, regex=None)

Source from the content-addressed store, hash-verified

62
63@stackedmethod
64def tableExists(tableFile, regex=None):
65 if kb.choices.tableExists is None and not any(_ for _ in kb.injection.data if _ not in (PAYLOAD.TECHNIQUE.TIME, PAYLOAD.TECHNIQUE.STACKED)) and not conf.direct:
66 warnMsg = "it's not recommended to use '%s' and/or '%s' " % (PAYLOAD.SQLINJECTION[PAYLOAD.TECHNIQUE.TIME], PAYLOAD.SQLINJECTION[PAYLOAD.TECHNIQUE.STACKED])
67 warnMsg += "for common table existence check"
68 logger.warning(warnMsg)
69
70 message = "are you sure you want to continue? [y/N] "
71 kb.choices.tableExists = readInput(message, default='N', boolean=True)
72
73 if not kb.choices.tableExists:
74 return None
75
76 result = inject.checkBooleanExpression("%s" % safeStringFormat(BRUTE_TABLE_EXISTS_TEMPLATE, (randomInt(1), randomStr())))
77
78 if result:
79 errMsg = "can't use table existence check because of detected invalid results "
80 errMsg += "(most likely caused by inability of the used injection "
81 errMsg += "to distinguish erroneous results)"
82 raise SqlmapDataException(errMsg)
83
84 pushValue(conf.db)
85
86 if conf.db and Backend.getIdentifiedDbms() in UPPER_CASE_DBMSES:
87 conf.db = conf.db.upper()
88
89 message = "which common tables (wordlist) file do you want to use?\n"
90 message += "[1] default '%s' (press Enter)\n" % tableFile
91 message += "[2] custom"
92 choice = readInput(message, default='1')
93
94 if choice == '2':
95 message = "what's the custom common tables file location?\n"
96 tableFile = readInput(message) or tableFile
97
98 infoMsg = "performing table existence using items from '%s'" % tableFile
99 logger.info(infoMsg)
100
101 tables = getFileItems(tableFile, lowercase=Backend.getIdentifiedDbms() in (DBMS.ACCESS,), unique=True)
102 tables.extend(_addPageTextWords())
103 tables = filterListValue(tables, regex)
104
105 for conf.db in (conf.db.split(',') if conf.db else [conf.db]):
106 if conf.db and METADB_SUFFIX not in conf.db:
107 infoMsg = "checking database '%s'" % conf.db
108 logger.info(infoMsg)
109
110 threadData = getCurrentThreadData()
111 threadData.shared.count = 0
112 threadData.shared.limit = len(tables)
113 threadData.shared.files = []
114 threadData.shared.unique = set()
115
116 def tableExistsThread():
117 threadData = getCurrentThreadData()
118
119 while kb.threadContinue:
120 kb.locks.count.acquire()
121 if threadData.shared.count < threadData.shared.limit:

Callers 3

actionFunction · 0.90
getTablesMethod · 0.90
searchTableMethod · 0.90

Calls 15

readInputFunction · 0.90
safeStringFormatFunction · 0.90
randomIntFunction · 0.90
randomStrFunction · 0.90
SqlmapDataExceptionClass · 0.90
pushValueFunction · 0.90
getFileItemsFunction · 0.90
filterListValueFunction · 0.90
getCurrentThreadDataFunction · 0.90
runThreadsFunction · 0.90
clearConsoleLineFunction · 0.90
dataToStdoutFunction · 0.90

Tested by

no test coverage detected

Used in the wild real call sites across dependent graphs

searching dependent graphs…