From 8f5fb5657d29613650bdbc05d8d3b365b9666bde Mon Sep 17 00:00:00 2001 From: Bernardo Damele Date: Sun, 26 Oct 2008 16:19:15 +0000 Subject: [PATCH] Major improvement to correctly enumerate tables, columns and dump tables entries on PostgreSQL when the database name is not 'public' or a system database and on Oracle. Minor code restyle. --- plugins/dbms/oracle.py | 16 +++++++++ plugins/dbms/postgresql.py | 12 +++++++ plugins/generic/enumeration.py | 65 ++++++++++++---------------------- 3 files changed, 50 insertions(+), 43 deletions(-) diff --git a/plugins/dbms/oracle.py b/plugins/dbms/oracle.py index 0d270800a..80d1d9fa7 100644 --- a/plugins/dbms/oracle.py +++ b/plugins/dbms/oracle.py @@ -189,6 +189,22 @@ class OracleMap(Fingerprint, Enumeration, Filesystem, Takeover): return False + def forceDbmsEnum(self): + if conf.db: + conf.db = conf.db.upper() + else: + conf.db = "USERS" + + warnMsg = "on Oracle it is only possible to enumerate " + warnMsg += "if you provide a TABLESPACE_NAME as database " + warnMsg += "name. sqlmap is going to use 'USERS' as database " + warnMsg += "name" + logger.warn(warnMsg) + + if conf.tbl: + conf.tbl = conf.tbl.upper() + + def getDbs(self): warnMsg = "this plugin can not enumerate databases" logger.warn(warnMsg) diff --git a/plugins/dbms/postgresql.py b/plugins/dbms/postgresql.py index fc70598c6..a76709a36 100644 --- a/plugins/dbms/postgresql.py +++ b/plugins/dbms/postgresql.py @@ -35,6 +35,7 @@ from lib.core.data import logger from lib.core.exception import sqlmapSyntaxException from lib.core.session import setDbms from lib.core.settings import PGSQL_ALIASES +from lib.core.settings import PGSQL_SYSTEM_DBS from lib.core.unescaper import unescaper from lib.request import inject #from lib.utils.fuzzer import passiveFuzzing @@ -200,3 +201,14 @@ class PostgreSQLMap(Fingerprint, Enumeration, Filesystem, Takeover): logger.warn(warnMsg) return False + + + def forceDbmsEnum(self): + if kb.dbms == "PostgreSQL" and conf.db not in PGSQL_SYSTEM_DBS and conf.db != "public": + conf.db = "public" + + warnMsg = "on PostgreSQL it is only possible to enumerate " + warnMsg += "on the current schema and on system databases, " + warnMsg += "sqlmap is going to use 'public' schema as " + warnMsg += "database name" + logger.warn(warnMsg) diff --git a/plugins/generic/enumeration.py b/plugins/generic/enumeration.py index 269dc5ff1..964ed5854 100644 --- a/plugins/generic/enumeration.py +++ b/plugins/generic/enumeration.py @@ -57,18 +57,18 @@ class Enumeration: def __init__(self, dbms): self.has_information_schema = None - self.banner = "" - self.currentUser = "" - self.currentDb = "" - self.cachedUsers = [] - self.cachedUsersPassword = {} - self.cachedUsersPrivileges = {} - self.cachedDbs = [] - self.cachedTables = {} - self.cachedColumns = {} - self.dumpedTable = {} + self.banner = "" + self.currentUser = "" + self.currentDb = "" + self.cachedUsers = [] + self.cachedUsersPassword = {} + self.cachedUsersPrivileges = {} + self.cachedDbs = [] + self.cachedTables = {} + self.cachedColumns = {} + self.dumpedTable = {} - temp.inference = queries[dbms].inference + temp.inference = queries[dbms].inference if dbms == "MySQL": self.excludeDbsList = MYSQL_SYSTEM_DBS @@ -80,6 +80,10 @@ class Enumeration: self.excludeDbsList = MSSQL_SYSTEM_DBS + def forceDbmsEnum(self): + pass + + def getBanner(self): logMsg = "fetching banner" logger.info(logMsg) @@ -588,18 +592,7 @@ class Enumeration: errMsg += "back-end DBMS is MySQL < 5.0" raise sqlmapUnsupportedFeatureException, errMsg - if kb.dbms == "Oracle": - if conf.db: - conf.db = conf.db.upper() - else: - conf.db = "USERS" - - warnMsg = "on Oracle it is only possible to enumerate " - warnMsg += "tables if you provide a TABLESPACE_NAME as " - warnMsg += "database name. sqlmap is going to use " - warnMsg += "'USERS' to retrieve all tables owned by an " - warnMsg += "Oracle database management system user" - logger.warn(warnMsg) + self.forceDbmsEnum() logMsg = "fetching tables" if conf.db: @@ -701,16 +694,11 @@ class Enumeration: if "." in conf.tbl: conf.db, conf.tbl = conf.tbl.split(".") + self.forceDbmsEnum() + if not conf.db: errMsg = "missing database parameter" - - if kb.dbms == "PostgreSQL": - conf.db = "public" - - errMsg += ", sqlmap is going to use 'public' schema" - logger.warn(errMsg) - else: - raise sqlmapMissingMandatoryOptionException, errMsg + raise sqlmapMissingMandatoryOptionException, errMsg logMsg = "fetching columns " logMsg += "for table '%s' " % conf.tbl @@ -821,20 +809,11 @@ class Enumeration: if "." in conf.tbl: conf.db, conf.tbl = conf.tbl.split(".") + self.forceDbmsEnum() + if not conf.db: errMsg = "missing database parameter" - - if kb.dbms == "PostgreSQL": - conf.db = "public" - - errMsg += ", sqlmap is going to use 'public' schema" - logger.warn(errMsg) - else: - raise sqlmapMissingMandatoryOptionException, errMsg - - if kb.dbms == "Oracle": - conf.db = conf.db.upper() - conf.tbl = conf.tbl.upper() + raise sqlmapMissingMandatoryOptionException, errMsg rootQuery = queries[kb.dbms].dumpTable