From 82f44989ceec4ee0cab73bb018d1ba5c1f54bc8b Mon Sep 17 00:00:00 2001
From: Miroslav Stampar <miroslav.stampar@gmail.com>
Date: Wed, 20 Oct 2010 06:40:33 +0000
Subject: [PATCH] update of error based injection and bug fix for --roles on
 MSSQL server

---
 lib/request/inject.py                   | 18 ++++++++++++++----
 plugins/dbms/mssqlserver/enumeration.py |  2 +-
 2 files changed, 15 insertions(+), 5 deletions(-)

diff --git a/lib/request/inject.py b/lib/request/inject.py
index 6bcd67838..0d0a60001 100644
--- a/lib/request/inject.py
+++ b/lib/request/inject.py
@@ -348,8 +348,17 @@ def __goError(expression, resumeValue=True):
 
     if output and ( expected is None or ( expected == "int" and output.isdigit() ) ):
         return output
-
-    expressionUnescaped = unescaper.unescape(expression)
+    
+    if kb.misc.testedDbms != "MySQL":
+        if kb.dbmsDetected:
+            _, _, _, _, _, _, fieldToCastStr = agent.getFields(expression)
+            nulledCastedField                = agent.nullAndCastField(fieldToCastStr)
+            expressionReplaced               = expression.replace(fieldToCastStr, nulledCastedField, 1)
+            expressionUnescaped              = unescaper.unescape(expressionReplaced)
+        else:
+            expressionUnescaped              = unescaper.unescape(expression)    
+    else: #temporary (have to find out what's wrong with that "Subquery with more than 1 row")
+        expressionUnescaped = unescaper.unescape(expression)
 
     debugMsg = "query: %s" % expressionUnescaped
     logger.debug(debugMsg)
@@ -366,8 +375,9 @@ def __goError(expression, resumeValue=True):
             if kb.misc.testedDbms == 'MySQL':
                 output = output[:-1]
 
-            infoMsg = "retrieved: %s" % replaceNewlineTabs(output, stdout=True)
-            logger.info(infoMsg)
+            if conf.verbose > 0:
+                infoMsg = "retrieved: %s" % replaceNewlineTabs(output, stdout=True)
+                logger.info(infoMsg)
 
     return output
 
diff --git a/plugins/dbms/mssqlserver/enumeration.py b/plugins/dbms/mssqlserver/enumeration.py
index b977f15c2..9c4dafb74 100644
--- a/plugins/dbms/mssqlserver/enumeration.py
+++ b/plugins/dbms/mssqlserver/enumeration.py
@@ -22,7 +22,7 @@ class Enumeration(GenericEnumeration):
     def __init__(self):
         GenericEnumeration.__init__(self, "Microsoft SQL Server")
 
-    def getPrivileges(self):
+    def getPrivileges(self, _):
         warnMsg  = "on Microsoft SQL Server it is not possible to fetch "
         warnMsg += "database users privileges"
         logger.warn(warnMsg)