mirror of
https://github.com/sqlmapproject/sqlmap.git
synced 2024-11-22 17:46:37 +03:00
Major improvement to correctly enumerate tables, columns and dump tables
entries on PostgreSQL when the database name is not 'public' or a system database and on Oracle. Minor code restyle.
This commit is contained in:
Bernardo Damele
parent
e07e48efb2
commit
8f5fb5657d
|
|
@ -189,6 +189,22 @@ class OracleMap(Fingerprint, Enumeration, Filesystem, Takeover):
|
||||||
return False
|
return False
|
||||||
|
|
||||||
|
|
||||||
|
def forceDbmsEnum(self):
|
||||||
|
if conf.db:
|
||||||
|
conf.db = conf.db.upper()
|
||||||
|
else:
|
||||||
|
conf.db = "USERS"
|
||||||
|
|
||||||
|
warnMsg = "on Oracle it is only possible to enumerate "
|
||||||
|
warnMsg += "if you provide a TABLESPACE_NAME as database "
|
||||||
|
warnMsg += "name. sqlmap is going to use 'USERS' as database "
|
||||||
|
warnMsg += "name"
|
||||||
|
logger.warn(warnMsg)
|
||||||
|
|
||||||
|
if conf.tbl:
|
||||||
|
conf.tbl = conf.tbl.upper()
|
||||||
|
|
||||||
|
|
||||||
def getDbs(self):
|
def getDbs(self):
|
||||||
warnMsg = "this plugin can not enumerate databases"
|
warnMsg = "this plugin can not enumerate databases"
|
||||||
logger.warn(warnMsg)
|
logger.warn(warnMsg)
|
||||||
|
|
|
||||||
|
|
@ -35,6 +35,7 @@ from lib.core.data import logger
|
||||||
from lib.core.exception import sqlmapSyntaxException
|
from lib.core.exception import sqlmapSyntaxException
|
||||||
from lib.core.session import setDbms
|
from lib.core.session import setDbms
|
||||||
from lib.core.settings import PGSQL_ALIASES
|
from lib.core.settings import PGSQL_ALIASES
|
||||||
|
from lib.core.settings import PGSQL_SYSTEM_DBS
|
||||||
from lib.core.unescaper import unescaper
|
from lib.core.unescaper import unescaper
|
||||||
from lib.request import inject
|
from lib.request import inject
|
||||||
#from lib.utils.fuzzer import passiveFuzzing
|
#from lib.utils.fuzzer import passiveFuzzing
|
||||||
|
|
@ -200,3 +201,14 @@ class PostgreSQLMap(Fingerprint, Enumeration, Filesystem, Takeover):
|
||||||
logger.warn(warnMsg)
|
logger.warn(warnMsg)
|
||||||
|
|
||||||
return False
|
return False
|
||||||
|
|
||||||
|
|
||||||
|
def forceDbmsEnum(self):
|
||||||
|
if kb.dbms == "PostgreSQL" and conf.db not in PGSQL_SYSTEM_DBS and conf.db != "public":
|
||||||
|
conf.db = "public"
|
||||||
|
|
||||||
|
warnMsg = "on PostgreSQL it is only possible to enumerate "
|
||||||
|
warnMsg += "on the current schema and on system databases, "
|
||||||
|
warnMsg += "sqlmap is going to use 'public' schema as "
|
||||||
|
warnMsg += "database name"
|
||||||
|
logger.warn(warnMsg)
|
||||||
|
|
|
||||||
|
|
@ -80,6 +80,10 @@ class Enumeration:
|
||||||
self.excludeDbsList = MSSQL_SYSTEM_DBS
|
self.excludeDbsList = MSSQL_SYSTEM_DBS
|
||||||
|
|
||||||
|
|
||||||
|
def forceDbmsEnum(self):
|
||||||
|
pass
|
||||||
|
|
||||||
|
|
||||||
def getBanner(self):
|
def getBanner(self):
|
||||||
logMsg = "fetching banner"
|
logMsg = "fetching banner"
|
||||||
logger.info(logMsg)
|
logger.info(logMsg)
|
||||||
|
|
@ -588,18 +592,7 @@ class Enumeration:
|
||||||
errMsg += "back-end DBMS is MySQL < 5.0"
|
errMsg += "back-end DBMS is MySQL < 5.0"
|
||||||
raise sqlmapUnsupportedFeatureException, errMsg
|
raise sqlmapUnsupportedFeatureException, errMsg
|
||||||
|
|
||||||
if kb.dbms == "Oracle":
|
self.forceDbmsEnum()
|
||||||
if conf.db:
|
|
||||||
conf.db = conf.db.upper()
|
|
||||||
else:
|
|
||||||
conf.db = "USERS"
|
|
||||||
|
|
||||||
warnMsg = "on Oracle it is only possible to enumerate "
|
|
||||||
warnMsg += "tables if you provide a TABLESPACE_NAME as "
|
|
||||||
warnMsg += "database name. sqlmap is going to use "
|
|
||||||
warnMsg += "'USERS' to retrieve all tables owned by an "
|
|
||||||
warnMsg += "Oracle database management system user"
|
|
||||||
logger.warn(warnMsg)
|
|
||||||
|
|
||||||
logMsg = "fetching tables"
|
logMsg = "fetching tables"
|
||||||
if conf.db:
|
if conf.db:
|
||||||
|
|
@ -701,15 +694,10 @@ class Enumeration:
|
||||||
if "." in conf.tbl:
|
if "." in conf.tbl:
|
||||||
conf.db, conf.tbl = conf.tbl.split(".")
|
conf.db, conf.tbl = conf.tbl.split(".")
|
||||||
|
|
||||||
|
self.forceDbmsEnum()
|
||||||
|
|
||||||
if not conf.db:
|
if not conf.db:
|
||||||
errMsg = "missing database parameter"
|
errMsg = "missing database parameter"
|
||||||
|
|
||||||
if kb.dbms == "PostgreSQL":
|
|
||||||
conf.db = "public"
|
|
||||||
|
|
||||||
errMsg += ", sqlmap is going to use 'public' schema"
|
|
||||||
logger.warn(errMsg)
|
|
||||||
else:
|
|
||||||
raise sqlmapMissingMandatoryOptionException, errMsg
|
raise sqlmapMissingMandatoryOptionException, errMsg
|
||||||
|
|
||||||
logMsg = "fetching columns "
|
logMsg = "fetching columns "
|
||||||
|
|
@ -821,21 +809,12 @@ class Enumeration:
|
||||||
if "." in conf.tbl:
|
if "." in conf.tbl:
|
||||||
conf.db, conf.tbl = conf.tbl.split(".")
|
conf.db, conf.tbl = conf.tbl.split(".")
|
||||||
|
|
||||||
|
self.forceDbmsEnum()
|
||||||
|
|
||||||
if not conf.db:
|
if not conf.db:
|
||||||
errMsg = "missing database parameter"
|
errMsg = "missing database parameter"
|
||||||
|
|
||||||
if kb.dbms == "PostgreSQL":
|
|
||||||
conf.db = "public"
|
|
||||||
|
|
||||||
errMsg += ", sqlmap is going to use 'public' schema"
|
|
||||||
logger.warn(errMsg)
|
|
||||||
else:
|
|
||||||
raise sqlmapMissingMandatoryOptionException, errMsg
|
raise sqlmapMissingMandatoryOptionException, errMsg
|
||||||
|
|
||||||
if kb.dbms == "Oracle":
|
|
||||||
conf.db = conf.db.upper()
|
|
||||||
conf.tbl = conf.tbl.upper()
|
|
||||||
|
|
||||||
rootQuery = queries[kb.dbms].dumpTable
|
rootQuery = queries[kb.dbms].dumpTable
|
||||||
|
|
||||||
logMsg = "fetching"
|
logMsg = "fetching"
|
||||||
|
|
|
||||||
Loading…
Reference in New Issue
Block a user