one bug fix for Host header (value should be without port number); one improvement for --tables - when no tables ask user if he wants to brute force them; one tweak - adding kb.ignoreTimeout for --tables

2024-11-25 11:03:47 +03:00 · 2011-05-22 09:48:46 +00:00 · 2011-05-22 09:48:46 +00:00 · 9b2623514a
commit 9b2623514a
parent 2ea613b170
3 changed files with 34 additions and 4 deletions
--- a/lib/core/common.py
+++ b/lib/core/common.py
@ -2573,3 +2573,19 @@ def isBinaryData(value):
    if isinstance(value, basestring):
       retVal = reduce(lambda x, y: x or not (y in string.printable or ord(y) > 255), value, False)
    return retVal
+
+def isNoneValue(value):
+    """
+    Returns whether the value contains implicit 'None' value
+    """
+
+    if isinstance(value, basestring):
+        return value == "None"
+    elif isinstance(value, list):
+        return value == [None]
+    elif isinstance(value, tuple):
+        return value == (None)
+    elif isinstance(value, dict):
+        return len(value) == 1 and any(map(lambda x: x in value, [None, "None"]))
+    else:
+        return value is None
--- a/lib/request/connect.py
+++ b/lib/request/connect.py
@ -187,7 +187,7 @@ class Connect:
            if kb.proxyAuthHeader:
                headers[HTTPHEADER.PROXY_AUTHORIZATION] = kb.proxyAuthHeader

-            headers[HTTPHEADER.HOST] = host or urlparse.urlparse(url).netloc
+            headers[HTTPHEADER.HOST] = host or urlparse.urlparse(url).netloc.split(':')[0]

            if auxHeaders:
                for key, item in auxHeaders.items():
--- a/plugins/generic/enumeration.py
+++ b/plugins/generic/enumeration.py
@ -19,6 +19,7 @@ from lib.core.common import getCompiledRegex
 from lib.core.common import getFileItems
 from lib.core.common import Backend
 from lib.core.common import getUnicode
+from lib.core.common import isNoneValue
 from lib.core.common import isNumPosStrValue
 from lib.core.common import isTechniqueAvailable
 from lib.core.common import parsePasswordHash
@ -803,6 +804,10 @@ class Enumeration:
        infoMsg += "%s: %s" % ("s" if len(dbs) > 1 else "", ", ".join(db for db in dbs))
        logger.info(infoMsg)

+        pushValue(kb.ignoreTimeout)
+        # some DBMSes (like MySQL) have (permission related) timeout issues when retrieving table names
+        kb.ignoreTimeout = True
+
        rootQuery = queries[Backend.getIdentifiedDbms()].tables

        if isTechniqueAvailable(PAYLOAD.TECHNIQUE.UNION) or isTechniqueAvailable(PAYLOAD.TECHNIQUE.ERROR) or conf.direct:
@ -896,13 +901,22 @@ class Enumeration:
                if tables:
                    kb.data.cachedTables[db] = tables
                else:
-                    warnMsg = "unable to retrieve the tables "
+                    warnMsg = "unable to retrieve the table names "
                    warnMsg += "for database '%s'" % db
                    logger.warn(warnMsg)

+        kb.ignoreTimeout = popValue()
+
+        if isNoneValue(kb.data.cachedTables):
+            kb.data.cachedTables.clear()
+
        if not kb.data.cachedTables:
-            errMsg = "unable to retrieve the tables for any database"
-            raise sqlmapNoneDataException, errMsg
+            errMsg = "unable to retrieve the table names for any database"
+            if bruteForce is None:
+                logger.error(errMsg)
+                return self.getTables(bruteForce=True)
+            else:
+                raise sqlmapNoneDataException, errMsg

        return kb.data.cachedTables