sqlmapproject/sqlmap
1
1
Fork 0
mirror of https://github.com/sqlmapproject/sqlmap.git synced 2024-11-22 09:36:35 +03:00
Code Issues Packages Projects Releases Wiki Activity

Major improvement to correctly enumerate tables, columns and dump tables

Browse Source 
entries on PostgreSQL when the database name is not 'public' or a system
database and on Oracle. Minor code restyle.
This commit is contained in:
Bernardo Damele 2008-10-26 16:19:15 +00:00
parent e07e48efb2
commit 8f5fb5657d
3 changed files with 50 additions and 43 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

16
plugins/dbms/oracle.py
View File

@ -189,6 +189,22 @@ class OracleMap(Fingerprint, Enumeration, Filesystem, Takeover):
return False
def forceDbmsEnum(self):
if conf.db:
conf.db = conf.db.upper()
else:
conf.db = "USERS"
warnMsg = "on Oracle it is only possible to enumerate "
warnMsg += "if you provide a TABLESPACE_NAME as database "
warnMsg += "name. sqlmap is going to use 'USERS' as database "
warnMsg += "name"
logger.warn(warnMsg)
if conf.tbl:
conf.tbl = conf.tbl.upper()
def getDbs(self):
warnMsg = "this plugin can not enumerate databases"
logger.warn(warnMsg)

12
plugins/dbms/postgresql.py
View File

@ -35,6 +35,7 @@ from lib.core.data import logger
from lib.core.exception import sqlmapSyntaxException
from lib.core.session import setDbms
from lib.core.settings import PGSQL_ALIASES
from lib.core.settings import PGSQL_SYSTEM_DBS
from lib.core.unescaper import unescaper
from lib.request import inject
#from lib.utils.fuzzer import passiveFuzzing
@ -200,3 +201,14 @@ class PostgreSQLMap(Fingerprint, Enumeration, Filesystem, Takeover):
logger.warn(warnMsg)
return False
def forceDbmsEnum(self):
if kb.dbms == "PostgreSQL" and conf.db not in PGSQL_SYSTEM_DBS and conf.db != "public":
conf.db = "public"
warnMsg = "on PostgreSQL it is only possible to enumerate "
warnMsg += "on the current schema and on system databases, "
warnMsg += "sqlmap is going to use 'public' schema as "
warnMsg += "database name"
logger.warn(warnMsg)

39
plugins/generic/enumeration.py
View File

@ -80,6 +80,10 @@ class Enumeration:
self.excludeDbsList = MSSQL_SYSTEM_DBS
def forceDbmsEnum(self):
pass
def getBanner(self):
logMsg = "fetching banner"
logger.info(logMsg)
@ -588,18 +592,7 @@ class Enumeration:
errMsg += "back-end DBMS is MySQL < 5.0"
raise sqlmapUnsupportedFeatureException, errMsg
if kb.dbms == "Oracle":
if conf.db:
conf.db = conf.db.upper()
else:
conf.db = "USERS"
warnMsg = "on Oracle it is only possible to enumerate "
warnMsg += "tables if you provide a TABLESPACE_NAME as "
warnMsg += "database name. sqlmap is going to use "
warnMsg += "'USERS' to retrieve all tables owned by an "
warnMsg += "Oracle database management system user"
logger.warn(warnMsg)
self.forceDbmsEnum()
logMsg = "fetching tables"
if conf.db:
@ -701,15 +694,10 @@ class Enumeration:
if "." in conf.tbl:
conf.db, conf.tbl = conf.tbl.split(".")
self.forceDbmsEnum()
if not conf.db:
errMsg = "missing database parameter"
if kb.dbms == "PostgreSQL":
conf.db = "public"
errMsg += ", sqlmap is going to use 'public' schema"
logger.warn(errMsg)
else:
raise sqlmapMissingMandatoryOptionException, errMsg
logMsg = "fetching columns "
@ -821,21 +809,12 @@ class Enumeration:
if "." in conf.tbl:
conf.db, conf.tbl = conf.tbl.split(".")
self.forceDbmsEnum()
if not conf.db:
errMsg = "missing database parameter"
if kb.dbms == "PostgreSQL":
conf.db = "public"
errMsg += ", sqlmap is going to use 'public' schema"
logger.warn(errMsg)
else:
raise sqlmapMissingMandatoryOptionException, errMsg
if kb.dbms == "Oracle":
conf.db = conf.db.upper()
conf.tbl = conf.tbl.upper()
rootQuery = queries[kb.dbms].dumpTable
logMsg = "fetching"