basic --search now works with MS Access

2025-01-24 08:14:24 +03:00 · 2010-12-26 23:50:16 +00:00 · 2010-12-26 23:50:16 +00:00 · 89c2640d23
commit 89c2640d23
parent f2373121d0
3 changed files with 64 additions and 6 deletions
--- a/lib/core/common.py
+++ b/lib/core/common.py
@ -1877,3 +1877,18 @@ def getInjectionTests():
          and test.details.dbms == dbms else True)

    return retVal
+
+def filterListValue(value, regex):
+    """
+    Returns list with items that have parts
+    satisfying given regular expression
+    """
+    if regex:
+        retVal = []
+        filter = getCompiledRegex(regex, re.I)
+        for word in value:
+            if filter.search(word):
+                retVal.append(word)
+        return retVal
+    else:
+        return value
--- a/lib/techniques/brute/use.py
+++ b/lib/techniques/brute/use.py
@ -12,6 +12,7 @@ import time

 from lib.core.common import clearConsoleLine
 from lib.core.common import dataToStdout
+from lib.core.common import filterListValue
 from lib.core.common import getFileItems
 from lib.core.common import getPageTextWordsSet
 from lib.core.common import popValue
@ -27,9 +28,8 @@ from lib.core.exception import sqlmapThreadException
 from lib.core.settings import METADB_SUFFIX
 from lib.request import inject

-def tableExists(tableFile):
+def tableExists(tableFile, regex=None):
    tables = getFileItems(tableFile, lowercase=kb.dbms in (DBMS.ACCESS), unique=True)
-    tableSet = set(tables)
    retVal = []
    infoMsg = "checking table existence using items from '%s'" % tableFile
    logger.info(infoMsg)
@ -39,9 +39,10 @@ def tableExists(tableFile):
    pageWords = getPageTextWordsSet(kb.originalPage)
    for word in pageWords:
        word = word.lower()
-        if len(word) > 2 and not word[0].isdigit() and word not in tableSet:
+        if len(word) > 2 and not word[0].isdigit() and word not in tables:
            tables.append(word)

+    tables = filterListValue(tables, regex)
    count = [0]
    length = len(tables)
    threads = []
@ -129,12 +130,14 @@ def tableExists(tableFile):

    return kb.data.cachedTables

-def columnExists(columnFile):
+def columnExists(columnFile, regex=None):
    if not conf.tbl:
        errMsg = "missing table parameter"
        raise sqlmapMissingMandatoryOptionException, errMsg

    columns = getFileItems(columnFile, unique=True)
+    columns = filterListValue(columns, regex)
+
    if conf.db and not conf.db.endswith(METADB_SUFFIX):
        table = "%s.%s" % (conf.db, conf.tbl)
    else:
--- a/plugins/generic/enumeration.py
+++ b/plugins/generic/enumeration.py
@ -1501,10 +1501,30 @@ class Enumeration:
        return foundDbs

    def searchTable(self):
+        bruteForce = False
+
        if kb.dbms == DBMS.MYSQL and not kb.data.has_information_schema:
            errMsg  = "information_schema not available, "
            errMsg += "back-end DBMS is MySQL < 5.0"
-            raise sqlmapUnsupportedFeatureException, errMsg
+            bruteForce = True
+
+        elif kb.dbms == DBMS.ACCESS:
+            errMsg  = "cannot retrieve table names, "
+            errMsg += "back-end DBMS is Access"
+            logger.error(errMsg)
+            bruteForce = True
+
+        if bruteForce:
+            message = "do you want to use common table existance check? [Y/n/q]"
+            test = readInput(message, default="Y")
+
+            if test[0] in ("n", "N"):
+                return
+            elif test[0] in ("q", "Q"):
+                raise sqlmapUserQuitException
+            else:
+                regex = "|".join(conf.tbl.split(","))
+                return tableExists(paths.COMMON_TABLES, regex)

        rootQuery = queries[kb.dbms].search_table
        foundTbls = {}
@ -1622,10 +1642,30 @@ class Enumeration:
        return foundTbls

    def searchColumn(self):
+        bruteForce = False
+
        if kb.dbms == DBMS.MYSQL and not kb.data.has_information_schema:
            errMsg  = "information_schema not available, "
            errMsg += "back-end DBMS is MySQL < 5.0"
-            raise sqlmapUnsupportedFeatureException, errMsg
+            bruteForce = True
+
+        elif kb.dbms == DBMS.ACCESS:
+            errMsg  = "cannot retrieve column names, "
+            errMsg += "back-end DBMS is Access"
+            logger.error(errMsg)
+            bruteForce = True
+
+        if bruteForce:
+            message = "do you want to use common columns existance check? [Y/n/q]"
+            test = readInput(message, default="Y")
+
+            if test[0] in ("n", "N"):
+                return
+            elif test[0] in ("q", "Q"):
+                raise sqlmapUserQuitException
+            else:
+                regex = "|".join(conf.col.split(","))
+                return columnExists(paths.COMMON_COLUMNS, regex)

        rootQuery = queries[kb.dbms].search_column
        foundCols = {}