From 9b2623514aac77c72ab82519553cbd0697de00da Mon Sep 17 00:00:00 2001 From: Miroslav Stampar Date: Sun, 22 May 2011 09:48:46 +0000 Subject: [PATCH] one bug fix for Host header (value should be without port number); one improvement for --tables - when no tables ask user if he wants to brute force them; one tweak - adding kb.ignoreTimeout for --tables --- lib/core/common.py | 16 ++++++++++++++++ lib/request/connect.py | 2 +- plugins/generic/enumeration.py | 20 +++++++++++++++++--- 3 files changed, 34 insertions(+), 4 deletions(-) diff --git a/lib/core/common.py b/lib/core/common.py index 5eab66cc4..822644da1 100644 --- a/lib/core/common.py +++ b/lib/core/common.py @@ -2573,3 +2573,19 @@ def isBinaryData(value): if isinstance(value, basestring): retVal = reduce(lambda x, y: x or not (y in string.printable or ord(y) > 255), value, False) return retVal + +def isNoneValue(value): + """ + Returns whether the value contains implicit 'None' value + """ + + if isinstance(value, basestring): + return value == "None" + elif isinstance(value, list): + return value == [None] + elif isinstance(value, tuple): + return value == (None) + elif isinstance(value, dict): + return len(value) == 1 and any(map(lambda x: x in value, [None, "None"])) + else: + return value is None diff --git a/lib/request/connect.py b/lib/request/connect.py index d2a8a5e83..feb837826 100644 --- a/lib/request/connect.py +++ b/lib/request/connect.py @@ -187,7 +187,7 @@ class Connect: if kb.proxyAuthHeader: headers[HTTPHEADER.PROXY_AUTHORIZATION] = kb.proxyAuthHeader - headers[HTTPHEADER.HOST] = host or urlparse.urlparse(url).netloc + headers[HTTPHEADER.HOST] = host or urlparse.urlparse(url).netloc.split(':')[0] if auxHeaders: for key, item in auxHeaders.items(): diff --git a/plugins/generic/enumeration.py b/plugins/generic/enumeration.py index 32b443393..de8e94e3a 100644 --- a/plugins/generic/enumeration.py +++ b/plugins/generic/enumeration.py @@ -19,6 +19,7 @@ from lib.core.common import getCompiledRegex from lib.core.common import getFileItems from lib.core.common import Backend from lib.core.common import getUnicode +from lib.core.common import isNoneValue from lib.core.common import isNumPosStrValue from lib.core.common import isTechniqueAvailable from lib.core.common import parsePasswordHash @@ -803,6 +804,10 @@ class Enumeration: infoMsg += "%s: %s" % ("s" if len(dbs) > 1 else "", ", ".join(db for db in dbs)) logger.info(infoMsg) + pushValue(kb.ignoreTimeout) + # some DBMSes (like MySQL) have (permission related) timeout issues when retrieving table names + kb.ignoreTimeout = True + rootQuery = queries[Backend.getIdentifiedDbms()].tables if isTechniqueAvailable(PAYLOAD.TECHNIQUE.UNION) or isTechniqueAvailable(PAYLOAD.TECHNIQUE.ERROR) or conf.direct: @@ -896,13 +901,22 @@ class Enumeration: if tables: kb.data.cachedTables[db] = tables else: - warnMsg = "unable to retrieve the tables " + warnMsg = "unable to retrieve the table names " warnMsg += "for database '%s'" % db logger.warn(warnMsg) + kb.ignoreTimeout = popValue() + + if isNoneValue(kb.data.cachedTables): + kb.data.cachedTables.clear() + if not kb.data.cachedTables: - errMsg = "unable to retrieve the tables for any database" - raise sqlmapNoneDataException, errMsg + errMsg = "unable to retrieve the table names for any database" + if bruteForce is None: + logger.error(errMsg) + return self.getTables(bruteForce=True) + else: + raise sqlmapNoneDataException, errMsg return kb.data.cachedTables