diff --git a/plugins/generic/databases.py b/plugins/generic/databases.py index a969ad3bd..21500b1bd 100644 --- a/plugins/generic/databases.py +++ b/plugins/generic/databases.py @@ -103,10 +103,10 @@ class Databases: query = rootQuery.inband.query2 else: query = rootQuery.inband.query - value = inject.getValue(query, blind=False, time=False) + values = inject.getValue(query, blind=False, time=False) - if not isNoneValue(value): - kb.data.cachedDbs = arrayizeValue(value) + if not isNoneValue(values): + kb.data.cachedDbs = arrayizeValue(values) if not kb.data.cachedDbs and isInferenceAvailable() and not conf.direct: infoMsg = "fetching number of databases" @@ -132,7 +132,7 @@ class Databases: query = rootQuery.blind.query2 % index else: query = rootQuery.blind.query % index - db = inject.getValue(query, union=False, error=False) + db = unArrayizeValue(inject.getValue(query, union=False, error=False)) if db: kb.data.cachedDbs.append(safeSQLIdentificatorNaming(db)) @@ -269,15 +269,15 @@ class Databases: if len(dbs) < 2 and ("%s," % condition) in query: query = query.replace("%s," % condition, "", 1) - value = inject.getValue(query, blind=False, time=False) + values = inject.getValue(query, blind=False, time=False) - if not isNoneValue(value): - value = filter(None, arrayizeValue(value)) + if not isNoneValue(values): + values = filter(None, arrayizeValue(values)) - if len(value) > 0 and not isListLike(value[0]): - value = map(lambda x: (dbs[0], x), value) + if len(values) > 0 and not isListLike(values[0]): + values = map(lambda x: (dbs[0], x), values) - for db, table in filterPairValues(value): + for db, table in filterPairValues(values): db = safeSQLIdentificatorNaming(db) table = safeSQLIdentificatorNaming(table, True) @@ -332,7 +332,7 @@ class Databases: else: query = rootQuery.blind.query % (unsafeSQLIdentificatorNaming(db), index) - table = inject.getValue(query, union=False, error=False) + table = unArrayizeValue(inject.getValue(query, union=False, error=False)) if not isNoneValue(table): kb.hintValue = table table = safeSQLIdentificatorNaming(table, True) @@ -522,15 +522,15 @@ class Databases: elif Backend.isDbms(DBMS.SQLITE): query = rootQuery.inband.query % tbl - value = inject.getValue(query, blind=False, time=False) + values = inject.getValue(query, blind=False, time=False) if Backend.isDbms(DBMS.SQLITE): - parseSqliteTableSchema(unArrayizeValue(value)) - elif not isNoneValue(value): + parseSqliteTableSchema(unArrayizeValue(values)) + elif not isNoneValue(values): table = {} columns = {} - for columnData in value: + for columnData in values: if not isNoneValue(columnData): name = safeSQLIdentificatorNaming(columnData[0]) @@ -584,6 +584,8 @@ class Databases: query += condQuery elif Backend.isDbms(DBMS.MSSQL): + import pdb + pdb.set_trace() query = rootQuery.blind.count % (conf.db, conf.db, \ unsafeSQLIdentificatorNaming(tbl).split(".")[-1]) query += condQuery.replace("[DB]", conf.db) @@ -594,7 +596,7 @@ class Databases: elif Backend.isDbms(DBMS.SQLITE): query = rootQuery.blind.query % tbl - value = inject.getValue(query, union=False, error=False) + value = unArrayizeValue(inject.getValue(query, union=False, error=False)) parseSqliteTableSchema(value) return kb.data.cachedColumns @@ -630,7 +632,7 @@ class Databases: field = None query = agent.limitQuery(index, query, field, field) - column = inject.getValue(query, union=False, error=False) + column = unArrayizeValue(inject.getValue(query, union=False, error=False)) if not isNoneValue(column): if not onlyColNames: @@ -644,7 +646,7 @@ class Databases: elif Backend.isDbms(DBMS.FIREBIRD): query = rootQuery.blind.query2 % (tbl, column) - colType = inject.getValue(query, union=False, error=False) + colType = unArrayizeValue(inject.getValue(query, union=False, error=False)) if Backend.isDbms(DBMS.FIREBIRD): colType = FIREBIRD_TYPES.get(colType, colType) diff --git a/plugins/generic/search.py b/plugins/generic/search.py index e083d243c..f25836764 100644 --- a/plugins/generic/search.py +++ b/plugins/generic/search.py @@ -15,6 +15,7 @@ from lib.core.common import isNumPosStrValue from lib.core.common import isTechniqueAvailable from lib.core.common import readInput from lib.core.common import safeSQLIdentificatorNaming +from lib.core.common import unArrayizeValue from lib.core.common import unsafeSQLIdentificatorNaming from lib.core.data import conf from lib.core.data import kb @@ -127,7 +128,7 @@ class Search: query += ") AS foobar" query = agent.limitQuery(index, query, dbCond) - value = inject.getValue(query, union=False, error=False) + value = unArrayizeValue(inject.getValue(query, union=False, error=False)) value = safeSQLIdentificatorNaming(value) foundDbs.append(value) @@ -234,7 +235,7 @@ class Search: query += ") AS foobar" query = agent.limitQuery(index, query) - foundDb = inject.getValue(query, union=False, error=False) + foundDb = unArrayizeValue(inject.getValue(query, union=False, error=False)) foundDb = safeSQLIdentificatorNaming(foundDb) if foundDb not in foundTbls: @@ -278,7 +279,7 @@ class Search: query += " AND %s" % tblQuery query = agent.limitQuery(index, query) - foundTbl = inject.getValue(query, union=False, error=False) + foundTbl = unArrayizeValue(inject.getValue(query, union=False, error=False)) kb.hintValue = foundTbl foundTbl = safeSQLIdentificatorNaming(foundTbl, True) foundTbls[db].append(foundTbl) @@ -452,7 +453,7 @@ class Search: if Backend.isDbms(DBMS.DB2): query += ") AS foobar" query = agent.limitQuery(index, query) - db = inject.getValue(query, union=False, error=False) + db = unArrayizeValue(inject.getValue(query, union=False, error=False)) db = safeSQLIdentificatorNaming(db) if db not in dbs: @@ -507,7 +508,7 @@ class Search: query += " AND %s" % colQuery query += whereTblsQuery query = agent.limitQuery(index, query) - tbl = inject.getValue(query, union=False, error=False) + tbl = unArrayizeValue(inject.getValue(query, union=False, error=False)) kb.hintValue = tbl tbl = safeSQLIdentificatorNaming(tbl, True) diff --git a/plugins/generic/users.py b/plugins/generic/users.py index 7e87e23fe..2edeba796 100644 --- a/plugins/generic/users.py +++ b/plugins/generic/users.py @@ -98,10 +98,10 @@ class Users: query = rootQuery.inband.query2 else: query = rootQuery.inband.query - value = inject.getValue(query, blind=False, time=False) + values = inject.getValue(query, blind=False, time=False) - if not isNoneValue(value): - kb.data.cachedUsers = arrayizeValue(value) + if not isNoneValue(values): + kb.data.cachedUsers = arrayizeValue(values) if not kb.data.cachedUsers and isInferenceAvailable() and not conf.direct: infoMsg = "fetching number of database users" @@ -128,7 +128,7 @@ class Users: query = rootQuery.blind.query2 % index else: query = rootQuery.blind.query % index - user = inject.getValue(query, union=False, error=False) + user = unArrayizeValue(inject.getValue(query, union=False, error=False)) if user: kb.data.cachedUsers.append(user) @@ -195,9 +195,9 @@ class Users: getCurrentThreadData().disableStdOut = False else: - value = inject.getValue(query, blind=False, time=False) + values = inject.getValue(query, blind=False, time=False) - for user, password in filterPairValues(value): + for user, password in filterPairValues(values): if not user or user == " ": continue @@ -278,7 +278,7 @@ class Users: else: query = rootQuery.blind.query % (user, index) - password = inject.getValue(query, union=False, error=False) + password = unArrayizeValue(inject.getValue(query, union=False, error=False)) password = parsePasswordHash(password) passwords.append(password) @@ -504,7 +504,7 @@ class Users: query = rootQuery.blind.query % (index, user) else: query = rootQuery.blind.query % (user, index) - privilege = inject.getValue(query, union=False, error=False) + privilege = unArrayizeValue(inject.getValue(query, union=False, error=False)) # In PostgreSQL we get 1 if the privilege is True, # 0 otherwise