mirror of
https://github.com/sqlmapproject/sqlmap.git
synced 2024-11-25 11:03:47 +03:00
fix for --search on Oracle
This commit is contained in:
parent
b9ae28dd5e
commit
39b406c5c1
|
@ -168,118 +168,3 @@ class Enumeration(GenericEnumeration):
|
|||
raise sqlmapNoneDataException, errMsg
|
||||
|
||||
return ( kb.data.cachedUsersRoles, areAdmins )
|
||||
|
||||
def searchColumn(self):
|
||||
rootQuery = queries[Backend.getIdentifiedDbms()].search_column
|
||||
foundCols = {}
|
||||
dbs = { "USERS": {} }
|
||||
colList = conf.col.split(",")
|
||||
colCond = rootQuery.inband.condition
|
||||
|
||||
colConsider, colCondParam = self.likeOrExact("column")
|
||||
|
||||
for column in colList:
|
||||
column = safeSQLIdentificatorNaming(column)
|
||||
column = column.upper()
|
||||
|
||||
infoMsg = "searching column"
|
||||
if colConsider == "1":
|
||||
infoMsg += "s like"
|
||||
infoMsg += " '%s'" % unsafeSQLIdentificatorNaming(column)
|
||||
logger.info(infoMsg)
|
||||
|
||||
foundCols[column] = {}
|
||||
|
||||
colQuery = "%s%s" % (colCond, colCondParam)
|
||||
colQuery = colQuery % unsafeSQLIdentificatorNaming(column)
|
||||
|
||||
for db in dbs.keys():
|
||||
db = safeSQLIdentificatorNaming(db)
|
||||
|
||||
if isTechniqueAvailable(PAYLOAD.TECHNIQUE.UNION) or isTechniqueAvailable(PAYLOAD.TECHNIQUE.ERROR) or conf.direct:
|
||||
query = rootQuery.inband.query
|
||||
query += colQuery
|
||||
values = inject.getValue(query, blind=False)
|
||||
|
||||
if not isNoneValue(values):
|
||||
if isinstance(values, basestring):
|
||||
values = [ values ]
|
||||
|
||||
for foundTbl in values:
|
||||
foundTbl = safeSQLIdentificatorNaming(foundTbl, True)
|
||||
|
||||
if foundTbl is None:
|
||||
continue
|
||||
|
||||
if foundTbl not in dbs[db]:
|
||||
dbs[db][foundTbl] = {}
|
||||
|
||||
if colConsider == "1":
|
||||
conf.db = db
|
||||
conf.tbl = foundTbl
|
||||
conf.col = column
|
||||
|
||||
self.getColumns(onlyColNames=True, colTuple=(colConsider, colCondParam))
|
||||
|
||||
dbs[db][foundTbl].update(kb.data.cachedColumns[db][foundTbl])
|
||||
kb.data.cachedColumns = {}
|
||||
else:
|
||||
dbs[db][foundTbl][column] = None
|
||||
|
||||
if db in foundCols[column]:
|
||||
foundCols[column][db].append(foundTbl)
|
||||
else:
|
||||
foundCols[column][db] = [ foundTbl ]
|
||||
else:
|
||||
foundCols[column][db] = []
|
||||
|
||||
infoMsg = "fetching number of tables containing column"
|
||||
if colConsider == "1":
|
||||
infoMsg += "s like"
|
||||
infoMsg += " '%s' in database '%s'" % (column, db)
|
||||
logger.info(infoMsg)
|
||||
|
||||
query = rootQuery.blind.count2
|
||||
query += " WHERE %s" % colQuery
|
||||
count = inject.getValue(query, inband=False, error=False, expected=EXPECTED.INT, charsetType=2)
|
||||
|
||||
if not isNumPosStrValue(count):
|
||||
warnMsg = "no tables contain column"
|
||||
if colConsider == "1":
|
||||
warnMsg += "s like"
|
||||
warnMsg += " '%s' " % column
|
||||
warnMsg += "in database '%s'" % db
|
||||
logger.warn(warnMsg)
|
||||
|
||||
continue
|
||||
|
||||
indexRange = getRange(count)
|
||||
|
||||
for index in indexRange:
|
||||
query = rootQuery.blind.query2
|
||||
query += " WHERE %s" % colQuery
|
||||
query = agent.limitQuery(index, query)
|
||||
tbl = inject.getValue(query, inband=False, error=False)
|
||||
kb.hintValue = tbl
|
||||
|
||||
tbl = safeSQLIdentificatorNaming(tbl, True)
|
||||
|
||||
if tbl not in dbs[db]:
|
||||
dbs[db][tbl] = {}
|
||||
|
||||
if colConsider == "1":
|
||||
conf.db = db
|
||||
conf.tbl = tbl
|
||||
conf.col = column
|
||||
|
||||
self.getColumns(onlyColNames=True, colTuple=(colConsider, colCondParam))
|
||||
|
||||
if db in kb.data.cachedColumns and tbl in kb.data.cachedColumns[db]:
|
||||
dbs[db][tbl].update(kb.data.cachedColumns[db][tbl])
|
||||
kb.data.cachedColumns = {}
|
||||
else:
|
||||
dbs[db][tbl][column] = None
|
||||
|
||||
foundCols[column][db].append(tbl)
|
||||
|
||||
self.dumpFoundColumn(dbs, foundCols, colConsider)
|
||||
|
|
|
@ -2193,7 +2193,7 @@ class Enumeration:
|
|||
for column in colList:
|
||||
column = safeSQLIdentificatorNaming(column)
|
||||
|
||||
if Backend.isDbms(DBMS.DB2):
|
||||
if Backend.getIdentifiedDbms() in (DBMS.ORACLE, DBMS.DB2):
|
||||
column = column.upper()
|
||||
|
||||
infoMsg = "searching column"
|
||||
|
@ -2259,6 +2259,7 @@ class Enumeration:
|
|||
else:
|
||||
foundCols[column][foundDb] = [ foundTbl ]
|
||||
else:
|
||||
if not conf.db:
|
||||
infoMsg = "fetching number of databases with tables containing column"
|
||||
if colConsider == "1":
|
||||
infoMsg += "s like"
|
||||
|
@ -2296,6 +2297,11 @@ class Enumeration:
|
|||
|
||||
if db not in foundCols[column]:
|
||||
foundCols[column][db] = []
|
||||
else:
|
||||
for db in conf.db.split(","):
|
||||
dbs[db] = {}
|
||||
if db not in foundCols[column]:
|
||||
foundCols[column][db] = []
|
||||
|
||||
for column, dbData in foundCols.items():
|
||||
colQuery = "%s%s" % (colCond, colCondParam)
|
||||
|
@ -2358,6 +2364,11 @@ class Enumeration:
|
|||
self.dumpFoundColumn(dbs, foundCols, colConsider)
|
||||
|
||||
def search(self):
|
||||
if conf.db and Backend.getIdentifiedDbms() in (DBMS.ORACLE, DBMS.DB2):
|
||||
for item in ('db', 'tbl', 'col'):
|
||||
if getattr(conf, item, None):
|
||||
setattr(conf, item, getattr(conf, item).upper())
|
||||
|
||||
if conf.col:
|
||||
self.searchColumn()
|
||||
|
||||
|
|
|
@ -290,8 +290,8 @@
|
|||
<blind query="SELECT DISTINCT(OWNER) FROM SYS.ALL_TABLES WHERE " query2="SELECT TABLE_NAME FROM SYS.ALL_TABLES WHERE OWNER='%s'" count="SELECT COUNT(DISTINCT(OWNER)) FROM SYS.ALL_TABLES WHERE " count2="SELECT COUNT(TABLE_NAME) FROM SYS.ALL_TABLES WHERE OWNER='%s'" condition="TABLE_NAME" condition2="OWNER"/>
|
||||
</search_table>
|
||||
<search_column>
|
||||
<inband query="SELECT TABLE_NAME FROM SYS.ALL_TAB_COLUMNS WHERE " condition="COLUMN_NAME"/>
|
||||
<blind query="" query2="SELECT DISTINCT(TABLE_NAME) FROM SYS.ALL_TAB_COLUMNS" count="" count2="SELECT COUNT(DISTINCT(TABLE_NAME)) FROM SYS.ALL_TAB_COLUMNS" condition="COLUMN_NAME"/>
|
||||
<inband query="SELECT OWNER,TABLE_NAME FROM SYS.ALL_TAB_COLUMNS WHERE " condition="COLUMN_NAME" condition2="OWNER"/>
|
||||
<blind query="SELECT DISTINCT(OWNER) FROM SYS.ALL_TAB_COLUMNS WHERE " query2="SELECT DISTINCT(TABLE_NAME) FROM SYS.ALL_TAB_COLUMNS WHERE OWNER='%s'" count="SELECT COUNT(DISTINCT(OWNER)) FROM SYS.ALL_TAB_COLUMNS WHERE " count2="SELECT COUNT(DISTINCT(TABLE_NAME)) FROM SYS.ALL_TAB_COLUMNS WHERE OWNER='%s'" condition="COLUMN_NAME" condition2="OWNER"/>
|
||||
</search_column>
|
||||
</dbms>
|
||||
|
||||
|
|
Loading…
Reference in New Issue
Block a user