mirror of
https://github.com/sqlmapproject/sqlmap.git
synced 2024-11-25 19:13:48 +03:00
Fix for an Issue #216
This commit is contained in:
parent
056be32ac1
commit
5477c9f7ba
|
@ -3005,6 +3005,34 @@ def asciifyUrl(url, forceQuote=False):
|
||||||
|
|
||||||
return urlparse.urlunsplit([parts.scheme, netloc, path, query, parts.fragment])
|
return urlparse.urlunsplit([parts.scheme, netloc, path, query, parts.fragment])
|
||||||
|
|
||||||
|
def isAdminFromPrivileges(privileges):
|
||||||
|
"""
|
||||||
|
Inspects privileges to see if those are comming from an admin user
|
||||||
|
"""
|
||||||
|
|
||||||
|
# In PostgreSQL the usesuper privilege means that the
|
||||||
|
# user is DBA
|
||||||
|
retVal = (Backend.isDbms(DBMS.PGSQL) and "super" in privileges)
|
||||||
|
|
||||||
|
# In Oracle the DBA privilege means that the
|
||||||
|
# user is DBA
|
||||||
|
retVal |= (Backend.isDbms(DBMS.ORACLE) and "DBA" in privileges)
|
||||||
|
|
||||||
|
# In MySQL >= 5.0 the SUPER privilege means
|
||||||
|
# that the user is DBA
|
||||||
|
retVal |= (Backend.isDbms(DBMS.MYSQL) and kb.data.has_information_schema and "SUPER" in privileges)
|
||||||
|
|
||||||
|
# In MySQL < 5.0 the super_priv privilege means
|
||||||
|
# that the user is DBA
|
||||||
|
retVal |= (Backend.isDbms(DBMS.MYSQL) and not kb.data.has_information_schema and "super_priv" in privileges)
|
||||||
|
|
||||||
|
# In Firebird there is no specific privilege that means
|
||||||
|
# that the user is DBA
|
||||||
|
# TODO: confirm
|
||||||
|
retVal |= (Backend.isDbms(DBMS.FIREBIRD) and "SELECT" in privileges and "INSERT" in privileges and "UPDATE" in privileges and "DELETE" in privileges and "REFERENCES" in privileges and "EXECUTE" in privileges)
|
||||||
|
|
||||||
|
return retVal
|
||||||
|
|
||||||
def findPageForms(content, url, raise_=False, addToTargets=False):
|
def findPageForms(content, url, raise_=False, addToTargets=False):
|
||||||
"""
|
"""
|
||||||
Parses given page content for possible forms
|
Parses given page content for possible forms
|
||||||
|
|
|
@ -7,6 +7,7 @@ See the file 'doc/COPYING' for copying permission
|
||||||
|
|
||||||
from lib.core.common import Backend
|
from lib.core.common import Backend
|
||||||
from lib.core.common import getLimitRange
|
from lib.core.common import getLimitRange
|
||||||
|
from lib.core.common import isAdminFromPrivileges
|
||||||
from lib.core.common import isInferenceAvailable
|
from lib.core.common import isInferenceAvailable
|
||||||
from lib.core.common import isNoneValue
|
from lib.core.common import isNoneValue
|
||||||
from lib.core.common import isNumPosStrValue
|
from lib.core.common import isNumPosStrValue
|
||||||
|
@ -78,7 +79,7 @@ class Enumeration(GenericEnumeration):
|
||||||
# In Oracle we get the list of roles as string
|
# In Oracle we get the list of roles as string
|
||||||
roles.add(role)
|
roles.add(role)
|
||||||
|
|
||||||
if self.__isAdminFromPrivileges(roles):
|
if isAdminFromPrivileges(roles):
|
||||||
areAdmins.add(user)
|
areAdmins.add(user)
|
||||||
|
|
||||||
if kb.data.cachedUsersRoles.has_key(user):
|
if kb.data.cachedUsersRoles.has_key(user):
|
||||||
|
|
|
@ -13,6 +13,7 @@ from lib.core.common import Backend
|
||||||
from lib.core.common import filterPairValues
|
from lib.core.common import filterPairValues
|
||||||
from lib.core.common import getLimitRange
|
from lib.core.common import getLimitRange
|
||||||
from lib.core.common import getUnicode
|
from lib.core.common import getUnicode
|
||||||
|
from lib.core.common import isAdminFromPrivileges
|
||||||
from lib.core.common import isInferenceAvailable
|
from lib.core.common import isInferenceAvailable
|
||||||
from lib.core.common import isNoneValue
|
from lib.core.common import isNoneValue
|
||||||
from lib.core.common import isNumPosStrValue
|
from lib.core.common import isNumPosStrValue
|
||||||
|
@ -309,30 +310,6 @@ class Users:
|
||||||
|
|
||||||
return kb.data.cachedUsersPasswords
|
return kb.data.cachedUsersPasswords
|
||||||
|
|
||||||
def __isAdminFromPrivileges(self, privileges):
|
|
||||||
# In PostgreSQL the usesuper privilege means that the
|
|
||||||
# user is DBA
|
|
||||||
dbaCondition = (Backend.isDbms(DBMS.PGSQL) and "super" in privileges)
|
|
||||||
|
|
||||||
# In Oracle the DBA privilege means that the
|
|
||||||
# user is DBA
|
|
||||||
dbaCondition |= (Backend.isDbms(DBMS.ORACLE) and "DBA" in privileges)
|
|
||||||
|
|
||||||
# In MySQL >= 5.0 the SUPER privilege means
|
|
||||||
# that the user is DBA
|
|
||||||
dbaCondition |= (Backend.isDbms(DBMS.MYSQL) and kb.data.has_information_schema and "SUPER" in privileges)
|
|
||||||
|
|
||||||
# In MySQL < 5.0 the super_priv privilege means
|
|
||||||
# that the user is DBA
|
|
||||||
dbaCondition |= (Backend.isDbms(DBMS.MYSQL) and not kb.data.has_information_schema and "super_priv" in privileges)
|
|
||||||
|
|
||||||
# In Firebird there is no specific privilege that means
|
|
||||||
# that the user is DBA
|
|
||||||
# TODO: confirm
|
|
||||||
dbaCondition |= (Backend.isDbms(DBMS.FIREBIRD) and "SELECT" in privileges and "INSERT" in privileges and "UPDATE" in privileges and "DELETE" in privileges and "REFERENCES" in privileges and "EXECUTE" in privileges)
|
|
||||||
|
|
||||||
return dbaCondition
|
|
||||||
|
|
||||||
def getPrivileges(self, query2=False):
|
def getPrivileges(self, query2=False):
|
||||||
infoMsg = "fetching database users privileges"
|
infoMsg = "fetching database users privileges"
|
||||||
|
|
||||||
|
@ -441,7 +418,7 @@ class Users:
|
||||||
|
|
||||||
privileges.add(privilege)
|
privileges.add(privilege)
|
||||||
|
|
||||||
if self.__isAdminFromPrivileges(privileges):
|
if isAdminFromPrivileges(privileges):
|
||||||
areAdmins.add(user)
|
areAdmins.add(user)
|
||||||
|
|
||||||
if user in kb.data.cachedUsersPrivileges:
|
if user in kb.data.cachedUsersPrivileges:
|
||||||
|
@ -579,7 +556,7 @@ class Users:
|
||||||
|
|
||||||
privileges.add(privilege)
|
privileges.add(privilege)
|
||||||
|
|
||||||
if self.__isAdminFromPrivileges(privileges):
|
if isAdminFromPrivileges(privileges):
|
||||||
areAdmins.add(user)
|
areAdmins.add(user)
|
||||||
|
|
||||||
# In MySQL < 5.0 we break the cycle after the first
|
# In MySQL < 5.0 we break the cycle after the first
|
||||||
|
|
Loading…
Reference in New Issue
Block a user