Update for Issue #55 (falling back to SELECT DB_NAME(N))

This commit is contained in:
Miroslav Stampar 2012-07-03 20:15:17 +02:00
parent bbf41f6658
commit 27fdccc858
3 changed files with 23 additions and 3 deletions

View File

@ -36,9 +36,9 @@ class Enumeration(GenericEnumeration):
query = rootQuery.inband.query query = rootQuery.inband.query
if any(isTechniqueAvailable(_) for _ in (PAYLOAD.TECHNIQUE.UNION, PAYLOAD.TECHNIQUE.ERROR)) or conf.direct: if any(isTechniqueAvailable(_) for _ in (PAYLOAD.TECHNIQUE.UNION, PAYLOAD.TECHNIQUE.ERROR)) or conf.direct:
blinds = [False, True] blinds = (False, True)
else: else:
blinds = [True] blinds = (True,)
for blind in blinds: for blind in blinds:
retVal = self.__pivotDumpTable("(%s) AS %s" % (query, randStr), ['%s.name' % randStr], blind=blind) retVal = self.__pivotDumpTable("(%s) AS %s" % (query, randStr), ['%s.name' % randStr], blind=blind)

View File

@ -764,6 +764,26 @@ class Enumeration:
if db: if db:
kb.data.cachedDbs.append(safeSQLIdentificatorNaming(db)) kb.data.cachedDbs.append(safeSQLIdentificatorNaming(db))
if not kb.data.cachedDbs and Backend.isDbms(DBMS.MSSQL):
if any(isTechniqueAvailable(_) for _ in (PAYLOAD.TECHNIQUE.UNION, PAYLOAD.TECHNIQUE.ERROR)) or conf.direct:
blinds = (False, True)
else:
blinds = (True,)
for blind in blinds:
count = 0
kb.data.cachedDbs = []
while True:
query = rootQuery.inband.query2 % count
value = inject.getValue(query, blind=blind)
if not value:
break
else:
kb.data.cachedDbs.append(unArrayizeValue(value))
count += 1
if kb.data.cachedDbs:
break
if not kb.data.cachedDbs: if not kb.data.cachedDbs:
infoMsg = "falling back to current database" infoMsg = "falling back to current database"
logger.info(infoMsg) logger.info(infoMsg)

View File

@ -183,7 +183,7 @@
<privileges/> <privileges/>
<roles/> <roles/>
<dbs> <dbs>
<inband query="SELECT name FROM master..sysdatabases"/> <inband query="SELECT name FROM master..sysdatabases" query2="SELECT DB_NAME(%d)"/>
<blind query="SELECT TOP 1 name FROM master..sysdatabases WHERE name NOT IN (SELECT TOP %d name FROM master..sysdatabases ORDER BY name) ORDER BY name" count="SELECT LTRIM(STR(COUNT(name))) FROM master..sysdatabases"/> <blind query="SELECT TOP 1 name FROM master..sysdatabases WHERE name NOT IN (SELECT TOP %d name FROM master..sysdatabases ORDER BY name) ORDER BY name" count="SELECT LTRIM(STR(COUNT(name))) FROM master..sysdatabases"/>
</dbs> </dbs>
<tables> <tables>