diff --git a/plugins/dbms/sybase/enumeration.py b/plugins/dbms/sybase/enumeration.py
index 38dbfea25..607416e69 100644
--- a/plugins/dbms/sybase/enumeration.py
+++ b/plugins/dbms/sybase/enumeration.py
@@ -36,9 +36,9 @@ class Enumeration(GenericEnumeration):
query = rootQuery.inband.query
if any(isTechniqueAvailable(_) for _ in (PAYLOAD.TECHNIQUE.UNION, PAYLOAD.TECHNIQUE.ERROR)) or conf.direct:
- blinds = [False, True]
+ blinds = (False, True)
else:
- blinds = [True]
+ blinds = (True,)
for blind in blinds:
retVal = self.__pivotDumpTable("(%s) AS %s" % (query, randStr), ['%s.name' % randStr], blind=blind)
diff --git a/plugins/generic/enumeration.py b/plugins/generic/enumeration.py
index 75ac02730..c1cd0a766 100644
--- a/plugins/generic/enumeration.py
+++ b/plugins/generic/enumeration.py
@@ -764,6 +764,26 @@ class Enumeration:
if db:
kb.data.cachedDbs.append(safeSQLIdentificatorNaming(db))
+ if not kb.data.cachedDbs and Backend.isDbms(DBMS.MSSQL):
+ if any(isTechniqueAvailable(_) for _ in (PAYLOAD.TECHNIQUE.UNION, PAYLOAD.TECHNIQUE.ERROR)) or conf.direct:
+ blinds = (False, True)
+ else:
+ blinds = (True,)
+
+ for blind in blinds:
+ count = 0
+ kb.data.cachedDbs = []
+ while True:
+ query = rootQuery.inband.query2 % count
+ value = inject.getValue(query, blind=blind)
+ if not value:
+ break
+ else:
+ kb.data.cachedDbs.append(unArrayizeValue(value))
+ count += 1
+ if kb.data.cachedDbs:
+ break
+
if not kb.data.cachedDbs:
infoMsg = "falling back to current database"
logger.info(infoMsg)
diff --git a/xml/queries.xml b/xml/queries.xml
index 4fb72f59b..878db910e 100644
--- a/xml/queries.xml
+++ b/xml/queries.xml
@@ -183,7 +183,7 @@
-
+