mirror of
				https://github.com/sqlmapproject/sqlmap.git
				synced 2025-10-25 21:21:03 +03:00 
			
		
		
		
	fix for --search on Oracle
This commit is contained in:
		
							parent
							
								
									b9ae28dd5e
								
							
						
					
					
						commit
						39b406c5c1
					
				|  | @ -168,118 +168,3 @@ class Enumeration(GenericEnumeration): | |||
|             raise sqlmapNoneDataException, errMsg | ||||
| 
 | ||||
|         return ( kb.data.cachedUsersRoles, areAdmins ) | ||||
| 
 | ||||
|     def searchColumn(self): | ||||
|         rootQuery = queries[Backend.getIdentifiedDbms()].search_column | ||||
|         foundCols = {} | ||||
|         dbs = { "USERS": {} } | ||||
|         colList = conf.col.split(",") | ||||
|         colCond = rootQuery.inband.condition | ||||
| 
 | ||||
|         colConsider, colCondParam = self.likeOrExact("column") | ||||
| 
 | ||||
|         for column in colList: | ||||
|             column = safeSQLIdentificatorNaming(column) | ||||
|             column = column.upper()             | ||||
| 
 | ||||
|             infoMsg = "searching column" | ||||
|             if colConsider == "1": | ||||
|                 infoMsg += "s like" | ||||
|             infoMsg += " '%s'" % unsafeSQLIdentificatorNaming(column) | ||||
|             logger.info(infoMsg) | ||||
| 
 | ||||
|             foundCols[column] = {} | ||||
| 
 | ||||
|             colQuery = "%s%s" % (colCond, colCondParam) | ||||
|             colQuery = colQuery % unsafeSQLIdentificatorNaming(column) | ||||
| 
 | ||||
|             for db in dbs.keys(): | ||||
|                 db = safeSQLIdentificatorNaming(db) | ||||
| 
 | ||||
|                 if isTechniqueAvailable(PAYLOAD.TECHNIQUE.UNION) or isTechniqueAvailable(PAYLOAD.TECHNIQUE.ERROR) or conf.direct: | ||||
|                     query = rootQuery.inband.query | ||||
|                     query += colQuery | ||||
|                     values = inject.getValue(query, blind=False) | ||||
| 
 | ||||
|                     if not isNoneValue(values): | ||||
|                         if isinstance(values, basestring): | ||||
|                             values = [ values ] | ||||
| 
 | ||||
|                         for foundTbl in values: | ||||
|                             foundTbl = safeSQLIdentificatorNaming(foundTbl, True) | ||||
| 
 | ||||
|                             if foundTbl is None: | ||||
|                                 continue | ||||
| 
 | ||||
|                             if foundTbl not in dbs[db]: | ||||
|                                 dbs[db][foundTbl] = {} | ||||
| 
 | ||||
|                             if colConsider == "1": | ||||
|                                 conf.db = db | ||||
|                                 conf.tbl = foundTbl | ||||
|                                 conf.col = column | ||||
| 
 | ||||
|                                 self.getColumns(onlyColNames=True, colTuple=(colConsider, colCondParam)) | ||||
| 
 | ||||
|                                 dbs[db][foundTbl].update(kb.data.cachedColumns[db][foundTbl]) | ||||
|                                 kb.data.cachedColumns = {} | ||||
|                             else: | ||||
|                                 dbs[db][foundTbl][column] = None | ||||
| 
 | ||||
|                             if db in foundCols[column]: | ||||
|                                 foundCols[column][db].append(foundTbl) | ||||
|                             else: | ||||
|                                 foundCols[column][db] = [ foundTbl ] | ||||
|                 else: | ||||
|                     foundCols[column][db] = [] | ||||
| 
 | ||||
|                     infoMsg = "fetching number of tables containing column" | ||||
|                     if colConsider == "1": | ||||
|                         infoMsg += "s like" | ||||
|                     infoMsg += " '%s' in database '%s'" % (column, db) | ||||
|                     logger.info(infoMsg) | ||||
| 
 | ||||
|                     query = rootQuery.blind.count2 | ||||
|                     query += " WHERE %s" % colQuery | ||||
|                     count = inject.getValue(query, inband=False, error=False, expected=EXPECTED.INT, charsetType=2) | ||||
| 
 | ||||
|                     if not isNumPosStrValue(count): | ||||
|                         warnMsg = "no tables contain column" | ||||
|                         if colConsider == "1": | ||||
|                             warnMsg += "s like" | ||||
|                         warnMsg += " '%s' " % column | ||||
|                         warnMsg += "in database '%s'" % db | ||||
|                         logger.warn(warnMsg) | ||||
| 
 | ||||
|                         continue | ||||
| 
 | ||||
|                     indexRange = getRange(count) | ||||
| 
 | ||||
|                     for index in indexRange: | ||||
|                         query = rootQuery.blind.query2 | ||||
|                         query += " WHERE %s" % colQuery | ||||
|                         query = agent.limitQuery(index, query) | ||||
|                         tbl = inject.getValue(query, inband=False, error=False) | ||||
|                         kb.hintValue = tbl | ||||
| 
 | ||||
|                         tbl = safeSQLIdentificatorNaming(tbl, True) | ||||
| 
 | ||||
|                         if tbl not in dbs[db]: | ||||
|                             dbs[db][tbl] = {} | ||||
| 
 | ||||
|                         if colConsider == "1": | ||||
|                             conf.db = db | ||||
|                             conf.tbl = tbl | ||||
|                             conf.col = column | ||||
| 
 | ||||
|                             self.getColumns(onlyColNames=True, colTuple=(colConsider, colCondParam)) | ||||
| 
 | ||||
|                             if db in kb.data.cachedColumns and tbl in kb.data.cachedColumns[db]: | ||||
|                                 dbs[db][tbl].update(kb.data.cachedColumns[db][tbl]) | ||||
|                             kb.data.cachedColumns = {} | ||||
|                         else: | ||||
|                             dbs[db][tbl][column] = None | ||||
| 
 | ||||
|                         foundCols[column][db].append(tbl) | ||||
| 
 | ||||
|         self.dumpFoundColumn(dbs, foundCols, colConsider) | ||||
|  |  | |||
|  | @ -2193,7 +2193,7 @@ class Enumeration: | |||
|         for column in colList: | ||||
|             column = safeSQLIdentificatorNaming(column) | ||||
| 
 | ||||
|             if Backend.isDbms(DBMS.DB2): | ||||
|             if Backend.getIdentifiedDbms() in (DBMS.ORACLE, DBMS.DB2): | ||||
|                 column = column.upper() | ||||
| 
 | ||||
|             infoMsg = "searching column" | ||||
|  | @ -2259,43 +2259,49 @@ class Enumeration: | |||
|                     else: | ||||
|                         foundCols[column][foundDb] = [ foundTbl ] | ||||
|             else: | ||||
|                 infoMsg = "fetching number of databases with tables containing column" | ||||
|                 if colConsider == "1": | ||||
|                     infoMsg += "s like" | ||||
|                 infoMsg += " '%s'" % column | ||||
|                 logger.info(infoMsg) | ||||
| 
 | ||||
|                 query = rootQuery.blind.count | ||||
|                 query += colQuery | ||||
|                 query += whereDbsQuery | ||||
|                 count = inject.getValue(query, inband=False, error=False, expected=EXPECTED.INT, charsetType=2) | ||||
| 
 | ||||
|                 if not isNumPosStrValue(count): | ||||
|                     warnMsg = "no databases have tables containing column" | ||||
|                 if not conf.db: | ||||
|                     infoMsg = "fetching number of databases with tables containing column" | ||||
|                     if colConsider == "1": | ||||
|                         warnMsg += "s like" | ||||
|                     warnMsg += " '%s'" % column | ||||
|                     logger.warn(warnMsg) | ||||
|                         infoMsg += "s like" | ||||
|                     infoMsg += " '%s'" % column | ||||
|                     logger.info(infoMsg) | ||||
| 
 | ||||
|                     continue | ||||
| 
 | ||||
|                 indexRange = getRange(count) | ||||
| 
 | ||||
|                 for index in indexRange: | ||||
|                     query = rootQuery.blind.query | ||||
|                     query = rootQuery.blind.count | ||||
|                     query += colQuery | ||||
|                     query += whereDbsQuery | ||||
|                     if Backend.isDbms(DBMS.DB2): | ||||
|                         query += ") AS foobar" | ||||
|                     query = agent.limitQuery(index, query) | ||||
|                     db = inject.getValue(query, inband=False, error=False) | ||||
|                     db = safeSQLIdentificatorNaming(db) | ||||
|                     count = inject.getValue(query, inband=False, error=False, expected=EXPECTED.INT, charsetType=2) | ||||
| 
 | ||||
|                     if db not in dbs: | ||||
|                     if not isNumPosStrValue(count): | ||||
|                         warnMsg = "no databases have tables containing column" | ||||
|                         if colConsider == "1": | ||||
|                             warnMsg += "s like" | ||||
|                         warnMsg += " '%s'" % column | ||||
|                         logger.warn(warnMsg) | ||||
| 
 | ||||
|                         continue | ||||
| 
 | ||||
|                     indexRange = getRange(count) | ||||
| 
 | ||||
|                     for index in indexRange: | ||||
|                         query = rootQuery.blind.query | ||||
|                         query += colQuery | ||||
|                         query += whereDbsQuery | ||||
|                         if Backend.isDbms(DBMS.DB2): | ||||
|                             query += ") AS foobar" | ||||
|                         query = agent.limitQuery(index, query) | ||||
|                         db = inject.getValue(query, inband=False, error=False) | ||||
|                         db = safeSQLIdentificatorNaming(db) | ||||
| 
 | ||||
|                         if db not in dbs: | ||||
|                             dbs[db] = {} | ||||
| 
 | ||||
|                         if db not in foundCols[column]: | ||||
|                             foundCols[column][db] = [] | ||||
|                 else: | ||||
|                     for db in conf.db.split(","): | ||||
|                         dbs[db] = {} | ||||
| 
 | ||||
|                     if db not in foundCols[column]: | ||||
|                         foundCols[column][db] = [] | ||||
|                         if db not in foundCols[column]: | ||||
|                             foundCols[column][db] = [] | ||||
| 
 | ||||
|                 for column, dbData in foundCols.items(): | ||||
|                     colQuery = "%s%s" % (colCond, colCondParam) | ||||
|  | @ -2358,6 +2364,11 @@ class Enumeration: | |||
|         self.dumpFoundColumn(dbs, foundCols, colConsider) | ||||
| 
 | ||||
|     def search(self): | ||||
|         if conf.db and Backend.getIdentifiedDbms() in (DBMS.ORACLE, DBMS.DB2): | ||||
|             for item in ('db', 'tbl', 'col'): | ||||
|                 if getattr(conf, item, None): | ||||
|                     setattr(conf, item, getattr(conf, item).upper()) | ||||
| 
 | ||||
|         if conf.col: | ||||
|             self.searchColumn() | ||||
| 
 | ||||
|  |  | |||
|  | @ -290,8 +290,8 @@ | |||
|             <blind query="SELECT DISTINCT(OWNER) FROM SYS.ALL_TABLES WHERE " query2="SELECT TABLE_NAME FROM SYS.ALL_TABLES WHERE OWNER='%s'" count="SELECT COUNT(DISTINCT(OWNER)) FROM SYS.ALL_TABLES WHERE " count2="SELECT COUNT(TABLE_NAME) FROM SYS.ALL_TABLES WHERE OWNER='%s'" condition="TABLE_NAME" condition2="OWNER"/> | ||||
|         </search_table> | ||||
|         <search_column> | ||||
|             <inband query="SELECT TABLE_NAME FROM SYS.ALL_TAB_COLUMNS WHERE " condition="COLUMN_NAME"/> | ||||
|             <blind query="" query2="SELECT DISTINCT(TABLE_NAME) FROM SYS.ALL_TAB_COLUMNS" count="" count2="SELECT COUNT(DISTINCT(TABLE_NAME)) FROM SYS.ALL_TAB_COLUMNS" condition="COLUMN_NAME"/> | ||||
|             <inband query="SELECT OWNER,TABLE_NAME FROM SYS.ALL_TAB_COLUMNS WHERE " condition="COLUMN_NAME" condition2="OWNER"/> | ||||
|             <blind query="SELECT DISTINCT(OWNER) FROM SYS.ALL_TAB_COLUMNS WHERE " query2="SELECT DISTINCT(TABLE_NAME) FROM SYS.ALL_TAB_COLUMNS WHERE OWNER='%s'" count="SELECT COUNT(DISTINCT(OWNER)) FROM SYS.ALL_TAB_COLUMNS WHERE " count2="SELECT COUNT(DISTINCT(TABLE_NAME)) FROM SYS.ALL_TAB_COLUMNS WHERE OWNER='%s'" condition="COLUMN_NAME" condition2="OWNER"/> | ||||
|         </search_column> | ||||
|     </dbms> | ||||
| 
 | ||||
|  |  | |||
		Loading…
	
		Reference in New Issue
	
	Block a user