mirror of
				https://github.com/sqlmapproject/sqlmap.git
				synced 2025-10-26 05:31:04 +03:00 
			
		
		
		
	fix for --search on Oracle
This commit is contained in:
		
							parent
							
								
									b9ae28dd5e
								
							
						
					
					
						commit
						39b406c5c1
					
				|  | @ -168,118 +168,3 @@ class Enumeration(GenericEnumeration): | ||||||
|             raise sqlmapNoneDataException, errMsg |             raise sqlmapNoneDataException, errMsg | ||||||
| 
 | 
 | ||||||
|         return ( kb.data.cachedUsersRoles, areAdmins ) |         return ( kb.data.cachedUsersRoles, areAdmins ) | ||||||
| 
 |  | ||||||
|     def searchColumn(self): |  | ||||||
|         rootQuery = queries[Backend.getIdentifiedDbms()].search_column |  | ||||||
|         foundCols = {} |  | ||||||
|         dbs = { "USERS": {} } |  | ||||||
|         colList = conf.col.split(",") |  | ||||||
|         colCond = rootQuery.inband.condition |  | ||||||
| 
 |  | ||||||
|         colConsider, colCondParam = self.likeOrExact("column") |  | ||||||
| 
 |  | ||||||
|         for column in colList: |  | ||||||
|             column = safeSQLIdentificatorNaming(column) |  | ||||||
|             column = column.upper()             |  | ||||||
| 
 |  | ||||||
|             infoMsg = "searching column" |  | ||||||
|             if colConsider == "1": |  | ||||||
|                 infoMsg += "s like" |  | ||||||
|             infoMsg += " '%s'" % unsafeSQLIdentificatorNaming(column) |  | ||||||
|             logger.info(infoMsg) |  | ||||||
| 
 |  | ||||||
|             foundCols[column] = {} |  | ||||||
| 
 |  | ||||||
|             colQuery = "%s%s" % (colCond, colCondParam) |  | ||||||
|             colQuery = colQuery % unsafeSQLIdentificatorNaming(column) |  | ||||||
| 
 |  | ||||||
|             for db in dbs.keys(): |  | ||||||
|                 db = safeSQLIdentificatorNaming(db) |  | ||||||
| 
 |  | ||||||
|                 if isTechniqueAvailable(PAYLOAD.TECHNIQUE.UNION) or isTechniqueAvailable(PAYLOAD.TECHNIQUE.ERROR) or conf.direct: |  | ||||||
|                     query = rootQuery.inband.query |  | ||||||
|                     query += colQuery |  | ||||||
|                     values = inject.getValue(query, blind=False) |  | ||||||
| 
 |  | ||||||
|                     if not isNoneValue(values): |  | ||||||
|                         if isinstance(values, basestring): |  | ||||||
|                             values = [ values ] |  | ||||||
| 
 |  | ||||||
|                         for foundTbl in values: |  | ||||||
|                             foundTbl = safeSQLIdentificatorNaming(foundTbl, True) |  | ||||||
| 
 |  | ||||||
|                             if foundTbl is None: |  | ||||||
|                                 continue |  | ||||||
| 
 |  | ||||||
|                             if foundTbl not in dbs[db]: |  | ||||||
|                                 dbs[db][foundTbl] = {} |  | ||||||
| 
 |  | ||||||
|                             if colConsider == "1": |  | ||||||
|                                 conf.db = db |  | ||||||
|                                 conf.tbl = foundTbl |  | ||||||
|                                 conf.col = column |  | ||||||
| 
 |  | ||||||
|                                 self.getColumns(onlyColNames=True, colTuple=(colConsider, colCondParam)) |  | ||||||
| 
 |  | ||||||
|                                 dbs[db][foundTbl].update(kb.data.cachedColumns[db][foundTbl]) |  | ||||||
|                                 kb.data.cachedColumns = {} |  | ||||||
|                             else: |  | ||||||
|                                 dbs[db][foundTbl][column] = None |  | ||||||
| 
 |  | ||||||
|                             if db in foundCols[column]: |  | ||||||
|                                 foundCols[column][db].append(foundTbl) |  | ||||||
|                             else: |  | ||||||
|                                 foundCols[column][db] = [ foundTbl ] |  | ||||||
|                 else: |  | ||||||
|                     foundCols[column][db] = [] |  | ||||||
| 
 |  | ||||||
|                     infoMsg = "fetching number of tables containing column" |  | ||||||
|                     if colConsider == "1": |  | ||||||
|                         infoMsg += "s like" |  | ||||||
|                     infoMsg += " '%s' in database '%s'" % (column, db) |  | ||||||
|                     logger.info(infoMsg) |  | ||||||
| 
 |  | ||||||
|                     query = rootQuery.blind.count2 |  | ||||||
|                     query += " WHERE %s" % colQuery |  | ||||||
|                     count = inject.getValue(query, inband=False, error=False, expected=EXPECTED.INT, charsetType=2) |  | ||||||
| 
 |  | ||||||
|                     if not isNumPosStrValue(count): |  | ||||||
|                         warnMsg = "no tables contain column" |  | ||||||
|                         if colConsider == "1": |  | ||||||
|                             warnMsg += "s like" |  | ||||||
|                         warnMsg += " '%s' " % column |  | ||||||
|                         warnMsg += "in database '%s'" % db |  | ||||||
|                         logger.warn(warnMsg) |  | ||||||
| 
 |  | ||||||
|                         continue |  | ||||||
| 
 |  | ||||||
|                     indexRange = getRange(count) |  | ||||||
| 
 |  | ||||||
|                     for index in indexRange: |  | ||||||
|                         query = rootQuery.blind.query2 |  | ||||||
|                         query += " WHERE %s" % colQuery |  | ||||||
|                         query = agent.limitQuery(index, query) |  | ||||||
|                         tbl = inject.getValue(query, inband=False, error=False) |  | ||||||
|                         kb.hintValue = tbl |  | ||||||
| 
 |  | ||||||
|                         tbl = safeSQLIdentificatorNaming(tbl, True) |  | ||||||
| 
 |  | ||||||
|                         if tbl not in dbs[db]: |  | ||||||
|                             dbs[db][tbl] = {} |  | ||||||
| 
 |  | ||||||
|                         if colConsider == "1": |  | ||||||
|                             conf.db = db |  | ||||||
|                             conf.tbl = tbl |  | ||||||
|                             conf.col = column |  | ||||||
| 
 |  | ||||||
|                             self.getColumns(onlyColNames=True, colTuple=(colConsider, colCondParam)) |  | ||||||
| 
 |  | ||||||
|                             if db in kb.data.cachedColumns and tbl in kb.data.cachedColumns[db]: |  | ||||||
|                                 dbs[db][tbl].update(kb.data.cachedColumns[db][tbl]) |  | ||||||
|                             kb.data.cachedColumns = {} |  | ||||||
|                         else: |  | ||||||
|                             dbs[db][tbl][column] = None |  | ||||||
| 
 |  | ||||||
|                         foundCols[column][db].append(tbl) |  | ||||||
| 
 |  | ||||||
|         self.dumpFoundColumn(dbs, foundCols, colConsider) |  | ||||||
|  |  | ||||||
|  | @ -2193,7 +2193,7 @@ class Enumeration: | ||||||
|         for column in colList: |         for column in colList: | ||||||
|             column = safeSQLIdentificatorNaming(column) |             column = safeSQLIdentificatorNaming(column) | ||||||
| 
 | 
 | ||||||
|             if Backend.isDbms(DBMS.DB2): |             if Backend.getIdentifiedDbms() in (DBMS.ORACLE, DBMS.DB2): | ||||||
|                 column = column.upper() |                 column = column.upper() | ||||||
| 
 | 
 | ||||||
|             infoMsg = "searching column" |             infoMsg = "searching column" | ||||||
|  | @ -2259,43 +2259,49 @@ class Enumeration: | ||||||
|                     else: |                     else: | ||||||
|                         foundCols[column][foundDb] = [ foundTbl ] |                         foundCols[column][foundDb] = [ foundTbl ] | ||||||
|             else: |             else: | ||||||
|                 infoMsg = "fetching number of databases with tables containing column" |                 if not conf.db: | ||||||
|                 if colConsider == "1": |                     infoMsg = "fetching number of databases with tables containing column" | ||||||
|                     infoMsg += "s like" |  | ||||||
|                 infoMsg += " '%s'" % column |  | ||||||
|                 logger.info(infoMsg) |  | ||||||
| 
 |  | ||||||
|                 query = rootQuery.blind.count |  | ||||||
|                 query += colQuery |  | ||||||
|                 query += whereDbsQuery |  | ||||||
|                 count = inject.getValue(query, inband=False, error=False, expected=EXPECTED.INT, charsetType=2) |  | ||||||
| 
 |  | ||||||
|                 if not isNumPosStrValue(count): |  | ||||||
|                     warnMsg = "no databases have tables containing column" |  | ||||||
|                     if colConsider == "1": |                     if colConsider == "1": | ||||||
|                         warnMsg += "s like" |                         infoMsg += "s like" | ||||||
|                     warnMsg += " '%s'" % column |                     infoMsg += " '%s'" % column | ||||||
|                     logger.warn(warnMsg) |                     logger.info(infoMsg) | ||||||
| 
 | 
 | ||||||
|                     continue |                     query = rootQuery.blind.count | ||||||
| 
 |  | ||||||
|                 indexRange = getRange(count) |  | ||||||
| 
 |  | ||||||
|                 for index in indexRange: |  | ||||||
|                     query = rootQuery.blind.query |  | ||||||
|                     query += colQuery |                     query += colQuery | ||||||
|                     query += whereDbsQuery |                     query += whereDbsQuery | ||||||
|                     if Backend.isDbms(DBMS.DB2): |                     count = inject.getValue(query, inband=False, error=False, expected=EXPECTED.INT, charsetType=2) | ||||||
|                         query += ") AS foobar" |  | ||||||
|                     query = agent.limitQuery(index, query) |  | ||||||
|                     db = inject.getValue(query, inband=False, error=False) |  | ||||||
|                     db = safeSQLIdentificatorNaming(db) |  | ||||||
| 
 | 
 | ||||||
|                     if db not in dbs: |                     if not isNumPosStrValue(count): | ||||||
|  |                         warnMsg = "no databases have tables containing column" | ||||||
|  |                         if colConsider == "1": | ||||||
|  |                             warnMsg += "s like" | ||||||
|  |                         warnMsg += " '%s'" % column | ||||||
|  |                         logger.warn(warnMsg) | ||||||
|  | 
 | ||||||
|  |                         continue | ||||||
|  | 
 | ||||||
|  |                     indexRange = getRange(count) | ||||||
|  | 
 | ||||||
|  |                     for index in indexRange: | ||||||
|  |                         query = rootQuery.blind.query | ||||||
|  |                         query += colQuery | ||||||
|  |                         query += whereDbsQuery | ||||||
|  |                         if Backend.isDbms(DBMS.DB2): | ||||||
|  |                             query += ") AS foobar" | ||||||
|  |                         query = agent.limitQuery(index, query) | ||||||
|  |                         db = inject.getValue(query, inband=False, error=False) | ||||||
|  |                         db = safeSQLIdentificatorNaming(db) | ||||||
|  | 
 | ||||||
|  |                         if db not in dbs: | ||||||
|  |                             dbs[db] = {} | ||||||
|  | 
 | ||||||
|  |                         if db not in foundCols[column]: | ||||||
|  |                             foundCols[column][db] = [] | ||||||
|  |                 else: | ||||||
|  |                     for db in conf.db.split(","): | ||||||
|                         dbs[db] = {} |                         dbs[db] = {} | ||||||
| 
 |                         if db not in foundCols[column]: | ||||||
|                     if db not in foundCols[column]: |                             foundCols[column][db] = [] | ||||||
|                         foundCols[column][db] = [] |  | ||||||
| 
 | 
 | ||||||
|                 for column, dbData in foundCols.items(): |                 for column, dbData in foundCols.items(): | ||||||
|                     colQuery = "%s%s" % (colCond, colCondParam) |                     colQuery = "%s%s" % (colCond, colCondParam) | ||||||
|  | @ -2358,6 +2364,11 @@ class Enumeration: | ||||||
|         self.dumpFoundColumn(dbs, foundCols, colConsider) |         self.dumpFoundColumn(dbs, foundCols, colConsider) | ||||||
| 
 | 
 | ||||||
|     def search(self): |     def search(self): | ||||||
|  |         if conf.db and Backend.getIdentifiedDbms() in (DBMS.ORACLE, DBMS.DB2): | ||||||
|  |             for item in ('db', 'tbl', 'col'): | ||||||
|  |                 if getattr(conf, item, None): | ||||||
|  |                     setattr(conf, item, getattr(conf, item).upper()) | ||||||
|  | 
 | ||||||
|         if conf.col: |         if conf.col: | ||||||
|             self.searchColumn() |             self.searchColumn() | ||||||
| 
 | 
 | ||||||
|  |  | ||||||
|  | @ -290,8 +290,8 @@ | ||||||
|             <blind query="SELECT DISTINCT(OWNER) FROM SYS.ALL_TABLES WHERE " query2="SELECT TABLE_NAME FROM SYS.ALL_TABLES WHERE OWNER='%s'" count="SELECT COUNT(DISTINCT(OWNER)) FROM SYS.ALL_TABLES WHERE " count2="SELECT COUNT(TABLE_NAME) FROM SYS.ALL_TABLES WHERE OWNER='%s'" condition="TABLE_NAME" condition2="OWNER"/> |             <blind query="SELECT DISTINCT(OWNER) FROM SYS.ALL_TABLES WHERE " query2="SELECT TABLE_NAME FROM SYS.ALL_TABLES WHERE OWNER='%s'" count="SELECT COUNT(DISTINCT(OWNER)) FROM SYS.ALL_TABLES WHERE " count2="SELECT COUNT(TABLE_NAME) FROM SYS.ALL_TABLES WHERE OWNER='%s'" condition="TABLE_NAME" condition2="OWNER"/> | ||||||
|         </search_table> |         </search_table> | ||||||
|         <search_column> |         <search_column> | ||||||
|             <inband query="SELECT TABLE_NAME FROM SYS.ALL_TAB_COLUMNS WHERE " condition="COLUMN_NAME"/> |             <inband query="SELECT OWNER,TABLE_NAME FROM SYS.ALL_TAB_COLUMNS WHERE " condition="COLUMN_NAME" condition2="OWNER"/> | ||||||
|             <blind query="" query2="SELECT DISTINCT(TABLE_NAME) FROM SYS.ALL_TAB_COLUMNS" count="" count2="SELECT COUNT(DISTINCT(TABLE_NAME)) FROM SYS.ALL_TAB_COLUMNS" condition="COLUMN_NAME"/> |             <blind query="SELECT DISTINCT(OWNER) FROM SYS.ALL_TAB_COLUMNS WHERE " query2="SELECT DISTINCT(TABLE_NAME) FROM SYS.ALL_TAB_COLUMNS WHERE OWNER='%s'" count="SELECT COUNT(DISTINCT(OWNER)) FROM SYS.ALL_TAB_COLUMNS WHERE " count2="SELECT COUNT(DISTINCT(TABLE_NAME)) FROM SYS.ALL_TAB_COLUMNS WHERE OWNER='%s'" condition="COLUMN_NAME" condition2="OWNER"/> | ||||||
|         </search_column> |         </search_column> | ||||||
|     </dbms> |     </dbms> | ||||||
| 
 | 
 | ||||||
|  |  | ||||||
		Loading…
	
		Reference in New Issue
	
	Block a user