Skip to content

A
antSword
Commit 166c6004 authored by yzddmr6's avatar yzddmr6
Browse files
Options

(Enhance: Core/ASPXCSHARP) 兼容内存马,动态获取类名,修复数据库获取列名的BUG

parent d2d848c8
Expand all Hide whitespace changes
Inline Side-by-side
Showing with 46 additions and 31 deletions
source/core/aspxcsharp/template/base.js
View file @ 166c6004
This diff is collapsed.
source/core/aspxcsharp/template/command.js
View file @ 166c6004
This diff is collapsed.
source/core/aspxcsharp/template/filemanager.js
View file @ 166c6004
This source diff could not be displayed because it is too large. You can view the blob instead.
source/modules/database/asp/index.js
View file @ 166c6004
...@@ -650,7 +650,6 @@ class ASP { ...@@ -650,7 +650,6 @@ class ASP {
let sql = ""; let sql = "";
switch (conf['type']) { switch (conf['type']) {
case "oracle": case "oracle":
// sql = `SELECT * FROM ${db}.${table} WHERE ROWNUM=0`;
sql = `SELECT COLUMN_NAME,DATA_TYPE,DATA_LENGTH FROM ALL_TAB_COLUMNS WHERE OWNER='${db}' AND TABLE_NAME='${table}' ORDER BY COLUMN_ID`; sql = `SELECT COLUMN_NAME,DATA_TYPE,DATA_LENGTH FROM ALL_TAB_COLUMNS WHERE OWNER='${db}' AND TABLE_NAME='${table}' ORDER BY COLUMN_ID`;
break; break;
case 'sqlserver': case 'sqlserver':
......
source/modules/database/aspxcsharp/index.js
View file @ 166c6004
...@@ -92,7 +92,7 @@ class ASPXCSHARP { ...@@ -92,7 +92,7 @@ class ASPXCSHARP {
case 'sqlserver': case 'sqlserver':
case 'mssql': case 'mssql':
case 'sqlsrv': case 'sqlsrv':
sql = `SELECT TOP 20 [${column}] FROM [${table}] ORDER BY 1 DESC;`; sql = `SELECT TOP 20 [${column}] FROM [${db}].dbo.[${table}] ORDER BY 1 DESC;`;
break; break;
case 'oracle': case 'oracle':
case 'oracle_oci8': case 'oracle_oci8':
...@@ -670,21 +670,37 @@ class ASPXCSHARP { ...@@ -670,21 +670,37 @@ class ASPXCSHARP {
}; };
_ = antSword.unxss(_); _ = antSword.unxss(_);
const _column = Buffer const _column = Buffer
.from(_.substr(0, _.lastIndexOf(' '))) .from(_)
.toString('base64'); .toString('base64');
this this
.tree .tree
.insertNewItem(`table::${id}:${_db}:${_table}`, `column::${id}:${_db}:${_table}:${_column}`, antSword.noxss(_), null, this.manager.list.imgs[3], this.manager.list.imgs[3], this.manager.list.imgs[3]); .insertNewItem(`table::${id}:${_db}:${_table}`, `column::${id}:${_db}:${_table}:${_column}`, antSword.noxss(_), null, this.manager.list.imgs[3], this.manager.list.imgs[3], this.manager.list.imgs[3]);
}); });
let sql = "";
switch (conf['type']) {
case "oracle":
sql = `SELECT COLUMN_NAME,DATA_TYPE,DATA_LENGTH FROM ALL_TAB_COLUMNS WHERE OWNER='${db}' AND TABLE_NAME='${table}' ORDER BY COLUMN_ID`;
break;
case 'sqlserver':
case 'sqloledb_1':
case 'sqloledb_1_sspi':
sql = `USE [${this.dbconf['database']}];SELECT TOP 0 * FROM ${table}`;
break;
case 'mysql':
sql = `SELECT * FROM ${table} LIMIT 0,0;`;
break;
default:
sql = `SELECT TOP 1 * FROM ${table} ORDER BY 1 DESC`;
break;
}
// 更新编辑器SQL语句 // 更新编辑器SQL语句
this this
.manager .manager
.query .query
.editor .editor
.session .session
.setValue(conf['type'] === 'oracle' ? .setValue(sql);
`SELECT * FROM (SELECT A.*,ROWNUM N FROM ${db}.${table} A ORDER BY 1 DESC) WHERE N>0 AND N<=20` :
`SELECT * FROM ${db}.${table} ORDER BY 1 DESC LIMIT 0,20;`);
this this
.manager .manager
.list .list
......
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment