diff --git a/lib/request/connect.py b/lib/request/connect.py index 222ae9305..faf228c48 100644 --- a/lib/request/connect.py +++ b/lib/request/connect.py @@ -731,6 +731,8 @@ class Connect: if not response and removeReflection: page = removeReflectiveValues(page, payload) + kb.permissionFlag = re.search(r"permission denied", page or "", re.I) is not None + if content or response: return page, headers diff --git a/plugins/generic/enumeration.py b/plugins/generic/enumeration.py index 37c7ec6c8..66f94b0e6 100644 --- a/plugins/generic/enumeration.py +++ b/plugins/generic/enumeration.py @@ -1768,20 +1768,20 @@ class Enumeration: entriesCount = len(columnEntries) - if len(kb.data.dumpedTable) > 0: + if len(kb.data.dumpedTable) == 0 or (entriesCount == 0 and kb.permissionFlag): + warnMsg = "unable to retrieve the entries of " + if conf.col: + warnMsg += "columns '%s' " % colString + warnMsg += "for table '%s' " % unsafeSQLIdentificatorNaming(tbl) + warnMsg += "on database '%s'%s" % (unsafeSQLIdentificatorNaming(conf.db), " (permission denied)" if kb.permissionFlag else "") + logger.warn(warnMsg) + else: kb.data.dumpedTable["__infos__"] = { "count": entriesCount, "table": safeSQLIdentificatorNaming(tbl, True), "db": safeSQLIdentificatorNaming(conf.db) } attackDumpedTable() conf.dumper.dbTableValues(kb.data.dumpedTable) - else: - warnMsg = "unable to retrieve the entries of " - if conf.col: - warnMsg += "columns '%s' " % colString - warnMsg += "for table '%s' " % unsafeSQLIdentificatorNaming(tbl) - warnMsg += "on database '%s'" % unsafeSQLIdentificatorNaming(conf.db) - logger.warn(warnMsg) except sqlmapConnectionException, e: errMsg = "connection exception detected in dumping phase: "