From 012815333c395997ffe40a49e5f6e3afbdad0a80 Mon Sep 17 00:00:00 2001 From: Bernardo Damele Date: Wed, 23 Jan 2013 15:52:03 +0000 Subject: [PATCH] minor bug fix to ignore provided -D when brute-forcing columns/tables names and the DBMS is either Access, Firebird or SQLite --- lib/techniques/brute/use.py | 6 ++++-- 1 file changed, 4 insertions(+), 2 deletions(-) diff --git a/lib/techniques/brute/use.py b/lib/techniques/brute/use.py index 187616749..5fdb1b4a7 100644 --- a/lib/techniques/brute/use.py +++ b/lib/techniques/brute/use.py @@ -49,6 +49,7 @@ def _addPageTextWords(): def tableExists(tableFile, regex=None): result = inject.checkBooleanExpression("%s" % safeStringFormat(BRUTE_TABLE_EXISTS_TEMPLATE, (randomInt(1), randomStr()))) + if result: errMsg = "can't use table existence check because of detected invalid results " errMsg += "(most probably caused by inability of the used injection " @@ -82,7 +83,7 @@ def tableExists(tableFile, regex=None): kb.locks.count.release() break - if conf.db and METADB_SUFFIX not in conf.db: + if conf.db and METADB_SUFFIX not in conf.db and Backend.getIdentifiedDbms() not in (DBMS.SQLITE, DBMS.ACCESS, DBMS.FIREBIRD): fullTableName = "%s%s%s" % (conf.db, '..' if Backend.getIdentifiedDbms() in (DBMS.MSSQL, DBMS.SYBASE) else '.', table) else: fullTableName = table @@ -155,7 +156,8 @@ def columnExists(columnFile, regex=None): columns = filterListValue(columns, regex) table = safeSQLIdentificatorNaming(conf.tbl, True) - if conf.db and METADB_SUFFIX not in conf.db: + + if conf.db and METADB_SUFFIX not in conf.db and Backend.getIdentifiedDbms() not in (DBMS.SQLITE, DBMS.ACCESS, DBMS.FIREBIRD): table = "%s.%s" % (safeSQLIdentificatorNaming(conf.db), table) kb.threadContinue = True