mclemens
/
nmap-sqlite-output
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

added string escaping

This commit is contained in:
Michael Clemens 2014-05-01 11:42:10 +02:00
parent 169df66357
commit 8cc991f6f5
1 changed files with 3 additions and 2 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

5
sqlite-output.nse
View File

@ -44,7 +44,7 @@ end
env = luasql.sqlite3()
con = env:connect(dbname)
res = con:execute (string.format("CREATE TABLE '%s' (hostname varchar(100), ip varchar(16), port integer(5), protocol varchar(3), service varchar(100), version varchar(100))", dbtable))
res = con:execute (string.format("CREATE TABLE '%s' (hostname varchar(100), ip varchar(16), port integer(5), protocol varchar(3), service varchar(100), version varchar(100))", con:escape(dbtable)))
function portaction (host, port)
local version = ""
@ -54,7 +54,8 @@ function portaction (host, port)
if (port.version.version~=nil) then
version = version .. port.version.version
end
res = con:execute(string.format("INSERT INTO '%s' VALUES ('%s', '%s', '%s', '%s', '%s', '%s')" , dbtable, host.name, host.ip, port.number, port.protocol, port.service, version))
res = con:execute(string.format("INSERT INTO '%s' VALUES ('%s', '%s', '%s', '%s', '%s', '%s')" , con:escape(dbtable), con:escape(host.name), con:escape(host.ip), con:escape(port.number), con:escape(port.protocol), con:escape(port.service), con:escape(version)))
end
function postaction ()