proper implementation of --dbs on Oracle (we are using now schema names as a counterpart to dbs in other DBMSes)

plugins/dbms/oracle/enumeration.py

@@ -166,12 +166,6 @@ class Enumeration(GenericEnumeration):
 
         return ( kb.data.cachedUsersRoles, areAdmins )
 
-    def getDbs(self):
-        warnMsg = "on Oracle it is not possible to enumerate databases"
-        logger.warn(warnMsg)
-
-        return []
-
     def searchDb(self):
         warnMsg = "on Oracle it is not possible to search databases"
         logger.warn(warnMsg)

plugins/generic/enumeration.py

@@ -656,7 +656,16 @@ class Enumeration:
             warnMsg += "names will be fetched from 'mysql' database"
             logger.warn(warnMsg)
 
+        if Backend.getIdentifiedDbms() == DBMS.ORACLE:
+            warnMsg  = "schema names are going to be used on Oracle "
+            warnMsg += "for enumeration as the counterpart to database "
+            warnMsg += "names on other DBMSes"
+            logger.warn(warnMsg)
+
+            infoMsg = "fetching database (schema) names"
+        else:
             infoMsg = "fetching database names"
+
         logger.info(infoMsg)
 
         rootQuery = queries[Backend.getIdentifiedDbms()].dbs
@@ -685,7 +694,11 @@ class Enumeration:
                 errMsg = "unable to retrieve the number of databases"
                 raise sqlmapNoneDataException, errMsg
 
-            indexRange = getRange(count)
+            if Backend.getIdentifiedDbms() == DBMS.ORACLE:
+                plusOne = True
+            else:
+                plusOne = False
+            indexRange = getRange(count, plusOne=plusOne)
 
             for index in indexRange:
                 if Backend.getIdentifiedDbms() == DBMS.SYBASE:

xml/queries.xml

@@ -259,8 +259,11 @@
             <inband query="SELECT GRANTEE,GRANTED_ROLE FROM DBA_ROLE_PRIVS" query2="SELECT USERNAME,GRANTED_ROLE FROM USER_ROLE_PRIVS" condition="GRANTEE" condition2="USERNAME"/>
             <blind query="SELECT DISTINCT(GRANTED_ROLE) FROM (SELECT DISTINCT(GRANTED_ROLE),ROWNUM AS LIMIT FROM DBA_ROLE_PRIVS WHERE GRANTEE='%s') WHERE LIMIT=%d" query2="SELECT DISTINCT(GRANTED_ROLE) FROM (SELECT DISTINCT(GRANTED_ROLE),ROWNUM AS LIMIT FROM USER_ROLE_PRIVS WHERE USERNAME='%s') WHERE LIMIT=%d" count="SELECT COUNT(DISTINCT(GRANTED_ROLE)) FROM DBA_ROLE_PRIVS WHERE GRANTEE='%s'" count2="SELECT COUNT(DISTINCT(GRANTED_ROLE)) FROM USER_ROLE_PRIVS WHERE USERNAME='%s'"/>
         </roles>
-        <!-- NOTE: in Oracle there is no query to enumerate DBMS databases. It is possible only through a STATUS request to the Oracle TNS Listener negotiating its protocol -->
+        <!-- NOTE: in Oracle schema names are the counterpart to database names on other DBMSes -->
-        <dbs/>
+        <dbs>
+            <inband query="SELECT OWNER FROM (SELECT DISTINCT(OWNER) FROM SYS.ALL_TABLES)"/>
+            <blind query="SELECT OWNER FROM (SELECT OWNER,ROWNUM AS LIMIT FROM (SELECT DISTINCT(OWNER) FROM SYS.ALL_TABLES)) WHERE LIMIT=%d" count="SELECT COUNT(DISTINCT(OWNER)) FROM SYS.ALL_TABLES"/>
+        </dbs>
         <tables>
             <!-- NOTE: in Oracle the TABLESPACE_NAME is the spacename corresponding to SYS,SYSDBA,USERS. It is NOT the database name -->
             <inband query="SELECT TABLESPACE_NAME,TABLE_NAME FROM SYS.ALL_TABLES" condition="TABLESPACE_NAME"/>