From 90b9c4d0d53cae6c4f69f13ec917bf8d60a20dd9 Mon Sep 17 00:00:00 2001
From: aNiceGuy <auditsByANiceGuy@tormail.org>
Date: Mon, 16 Jul 2012 20:33:22 +0100
Subject: [PATCH] fixed some issues with dotted database-,table- and
 colum-names

---
 plugins/generic/enumeration.py | 16 +++++++++++-----
 1 file changed, 11 insertions(+), 5 deletions(-)

diff --git a/plugins/generic/enumeration.py b/plugins/generic/enumeration.py
index 1d5c6b4b5..bf5fcfb64 100644
--- a/plugins/generic/enumeration.py
+++ b/plugins/generic/enumeration.py
@@ -1353,6 +1353,8 @@ class Enumeration:
     def __tableGetCount(self, db, table):
         if Backend.isDbms(DBMS.DB2):
             query = "SELECT %s FROM %s.%s--" % (queries[Backend.getIdentifiedDbms()].count.query % '*', safeSQLIdentificatorNaming(db.upper()), safeSQLIdentificatorNaming(table.upper(), True))
+        elif Backend.isDbms(DBMS.MYSQL):
+            query = "SELECT %s FROM `%s`.`%s`" % (queries[Backend.getIdentifiedDbms()].count.query % '*', safeSQLIdentificatorNaming(db), safeSQLIdentificatorNaming(table, True))
         else:
             query = "SELECT %s FROM %s.%s" % (queries[Backend.getIdentifiedDbms()].count.query % '*', safeSQLIdentificatorNaming(db), safeSQLIdentificatorNaming(table, True))
 
@@ -1578,7 +1580,7 @@ class Enumeration:
                 kb.data.cachedColumns = foundData
 
             try:
-                kb.dumpTable = "%s.%s" % (conf.db, tbl)
+                kb.dumpTable = "`%s`.`%s`" % (conf.db, tbl)
 
                 if not safeSQLIdentificatorNaming(conf.db) in kb.data.cachedColumns \
                    or safeSQLIdentificatorNaming(tbl, True) not in \
@@ -1617,7 +1619,7 @@ class Enumeration:
                         # Partial inband and error
                         if not (isTechniqueAvailable(PAYLOAD.TECHNIQUE.UNION) and kb.injection.data[PAYLOAD.TECHNIQUE.UNION].where == PAYLOAD.WHERE.ORIGINAL):
                             table = "%s.%s" % (conf.db, tbl)
-
+                            
                             retVal = self.__pivotDumpTable(table, colList, blind=False)
 
                             if retVal:
@@ -1628,8 +1630,12 @@ class Enumeration:
                     elif Backend.getIdentifiedDbms() in (DBMS.PGSQL):
                         query = rootQuery.inband.query % (colString, conf.db, tbl, prioritySortColumns(colList)[0])
                     elif Backend.getIdentifiedDbms() in (DBMS.MYSQL):
-                        colString = '`%s`' % colString
-                        query = rootQuery.inband.query % (colString, conf.db, tbl, prioritySortColumns(colList)[0])
+                        newColString = ""
+                        for (index, column) in enumerate(colString.split(',')):
+                            newColString = "`%s`, %s" % (column.replace(" ", ""), newColString)
+                        newColString = newColString[:-2]   
+                       
+                        query = rootQuery.inband.query % (newColString, conf.db, tbl, prioritySortColumns(colList)[0])
                     else:
                         query = rootQuery.inband.query % (colString, conf.db, tbl)
 
@@ -1687,7 +1693,7 @@ class Enumeration:
                     else:
                         query = rootQuery.blind.count % (conf.db, tbl)
                     count = inject.getValue(query, inband=False, error=False, expected=EXPECTED.INT, charsetType=CHARSET_TYPE.DIGITS)
-
+                    
                     lengths = {}
                     entries = {}