From 39b406c5c12d19e79f9682af64e9a9e1a8e78a6e Mon Sep 17 00:00:00 2001 From: Miroslav Stampar Date: Fri, 2 Dec 2011 18:13:27 +0000 Subject: [PATCH] fix for --search on Oracle --- plugins/dbms/oracle/enumeration.py | 115 ----------------------------- plugins/generic/enumeration.py | 75 +++++++++++-------- xml/queries.xml | 4 +- 3 files changed, 45 insertions(+), 149 deletions(-) diff --git a/plugins/dbms/oracle/enumeration.py b/plugins/dbms/oracle/enumeration.py index ce39df1f7..142a36b02 100644 --- a/plugins/dbms/oracle/enumeration.py +++ b/plugins/dbms/oracle/enumeration.py @@ -168,118 +168,3 @@ class Enumeration(GenericEnumeration): raise sqlmapNoneDataException, errMsg return ( kb.data.cachedUsersRoles, areAdmins ) - - def searchColumn(self): - rootQuery = queries[Backend.getIdentifiedDbms()].search_column - foundCols = {} - dbs = { "USERS": {} } - colList = conf.col.split(",") - colCond = rootQuery.inband.condition - - colConsider, colCondParam = self.likeOrExact("column") - - for column in colList: - column = safeSQLIdentificatorNaming(column) - column = column.upper() - - infoMsg = "searching column" - if colConsider == "1": - infoMsg += "s like" - infoMsg += " '%s'" % unsafeSQLIdentificatorNaming(column) - logger.info(infoMsg) - - foundCols[column] = {} - - colQuery = "%s%s" % (colCond, colCondParam) - colQuery = colQuery % unsafeSQLIdentificatorNaming(column) - - for db in dbs.keys(): - db = safeSQLIdentificatorNaming(db) - - if isTechniqueAvailable(PAYLOAD.TECHNIQUE.UNION) or isTechniqueAvailable(PAYLOAD.TECHNIQUE.ERROR) or conf.direct: - query = rootQuery.inband.query - query += colQuery - values = inject.getValue(query, blind=False) - - if not isNoneValue(values): - if isinstance(values, basestring): - values = [ values ] - - for foundTbl in values: - foundTbl = safeSQLIdentificatorNaming(foundTbl, True) - - if foundTbl is None: - continue - - if foundTbl not in dbs[db]: - dbs[db][foundTbl] = {} - - if colConsider == "1": - conf.db = db - conf.tbl = foundTbl - conf.col = column - - self.getColumns(onlyColNames=True, colTuple=(colConsider, colCondParam)) - - dbs[db][foundTbl].update(kb.data.cachedColumns[db][foundTbl]) - kb.data.cachedColumns = {} - else: - dbs[db][foundTbl][column] = None - - if db in foundCols[column]: - foundCols[column][db].append(foundTbl) - else: - foundCols[column][db] = [ foundTbl ] - else: - foundCols[column][db] = [] - - infoMsg = "fetching number of tables containing column" - if colConsider == "1": - infoMsg += "s like" - infoMsg += " '%s' in database '%s'" % (column, db) - logger.info(infoMsg) - - query = rootQuery.blind.count2 - query += " WHERE %s" % colQuery - count = inject.getValue(query, inband=False, error=False, expected=EXPECTED.INT, charsetType=2) - - if not isNumPosStrValue(count): - warnMsg = "no tables contain column" - if colConsider == "1": - warnMsg += "s like" - warnMsg += " '%s' " % column - warnMsg += "in database '%s'" % db - logger.warn(warnMsg) - - continue - - indexRange = getRange(count) - - for index in indexRange: - query = rootQuery.blind.query2 - query += " WHERE %s" % colQuery - query = agent.limitQuery(index, query) - tbl = inject.getValue(query, inband=False, error=False) - kb.hintValue = tbl - - tbl = safeSQLIdentificatorNaming(tbl, True) - - if tbl not in dbs[db]: - dbs[db][tbl] = {} - - if colConsider == "1": - conf.db = db - conf.tbl = tbl - conf.col = column - - self.getColumns(onlyColNames=True, colTuple=(colConsider, colCondParam)) - - if db in kb.data.cachedColumns and tbl in kb.data.cachedColumns[db]: - dbs[db][tbl].update(kb.data.cachedColumns[db][tbl]) - kb.data.cachedColumns = {} - else: - dbs[db][tbl][column] = None - - foundCols[column][db].append(tbl) - - self.dumpFoundColumn(dbs, foundCols, colConsider) diff --git a/plugins/generic/enumeration.py b/plugins/generic/enumeration.py index 73c86c5b3..d3f1d4526 100644 --- a/plugins/generic/enumeration.py +++ b/plugins/generic/enumeration.py @@ -2193,7 +2193,7 @@ class Enumeration: for column in colList: column = safeSQLIdentificatorNaming(column) - if Backend.isDbms(DBMS.DB2): + if Backend.getIdentifiedDbms() in (DBMS.ORACLE, DBMS.DB2): column = column.upper() infoMsg = "searching column" @@ -2259,43 +2259,49 @@ class Enumeration: else: foundCols[column][foundDb] = [ foundTbl ] else: - infoMsg = "fetching number of databases with tables containing column" - if colConsider == "1": - infoMsg += "s like" - infoMsg += " '%s'" % column - logger.info(infoMsg) - - query = rootQuery.blind.count - query += colQuery - query += whereDbsQuery - count = inject.getValue(query, inband=False, error=False, expected=EXPECTED.INT, charsetType=2) - - if not isNumPosStrValue(count): - warnMsg = "no databases have tables containing column" + if not conf.db: + infoMsg = "fetching number of databases with tables containing column" if colConsider == "1": - warnMsg += "s like" - warnMsg += " '%s'" % column - logger.warn(warnMsg) + infoMsg += "s like" + infoMsg += " '%s'" % column + logger.info(infoMsg) - continue - - indexRange = getRange(count) - - for index in indexRange: - query = rootQuery.blind.query + query = rootQuery.blind.count query += colQuery query += whereDbsQuery - if Backend.isDbms(DBMS.DB2): - query += ") AS foobar" - query = agent.limitQuery(index, query) - db = inject.getValue(query, inband=False, error=False) - db = safeSQLIdentificatorNaming(db) + count = inject.getValue(query, inband=False, error=False, expected=EXPECTED.INT, charsetType=2) - if db not in dbs: + if not isNumPosStrValue(count): + warnMsg = "no databases have tables containing column" + if colConsider == "1": + warnMsg += "s like" + warnMsg += " '%s'" % column + logger.warn(warnMsg) + + continue + + indexRange = getRange(count) + + for index in indexRange: + query = rootQuery.blind.query + query += colQuery + query += whereDbsQuery + if Backend.isDbms(DBMS.DB2): + query += ") AS foobar" + query = agent.limitQuery(index, query) + db = inject.getValue(query, inband=False, error=False) + db = safeSQLIdentificatorNaming(db) + + if db not in dbs: + dbs[db] = {} + + if db not in foundCols[column]: + foundCols[column][db] = [] + else: + for db in conf.db.split(","): dbs[db] = {} - - if db not in foundCols[column]: - foundCols[column][db] = [] + if db not in foundCols[column]: + foundCols[column][db] = [] for column, dbData in foundCols.items(): colQuery = "%s%s" % (colCond, colCondParam) @@ -2358,6 +2364,11 @@ class Enumeration: self.dumpFoundColumn(dbs, foundCols, colConsider) def search(self): + if conf.db and Backend.getIdentifiedDbms() in (DBMS.ORACLE, DBMS.DB2): + for item in ('db', 'tbl', 'col'): + if getattr(conf, item, None): + setattr(conf, item, getattr(conf, item).upper()) + if conf.col: self.searchColumn() diff --git a/xml/queries.xml b/xml/queries.xml index b0bbe7330..9bb183b31 100644 --- a/xml/queries.xml +++ b/xml/queries.xml @@ -290,8 +290,8 @@ - - + +