one bug fix for Host header (value should be without port number); one improvement for --tables - when no tables ask user if he wants to brute force them; one tweak - adding kb.ignoreTimeout for --tables

lib/core/common.py

@@ -2573,3 +2573,19 @@ def isBinaryData(value):
     if isinstance(value, basestring):
        retVal = reduce(lambda x, y: x or not (y in string.printable or ord(y) > 255), value, False)
     return retVal
+
+def isNoneValue(value):
+    """
+    Returns whether the value contains implicit 'None' value
+    """
+
+    if isinstance(value, basestring):
+        return value == "None"
+    elif isinstance(value, list):
+        return value == [None]
+    elif isinstance(value, tuple):
+        return value == (None)
+    elif isinstance(value, dict):
+        return len(value) == 1 and any(map(lambda x: x in value, [None, "None"]))
+    else:
+        return value is None

lib/request/connect.py

@@ -187,7 +187,7 @@ class Connect:
             if kb.proxyAuthHeader:
                 headers[HTTPHEADER.PROXY_AUTHORIZATION] = kb.proxyAuthHeader
 
-            headers[HTTPHEADER.HOST] = host or urlparse.urlparse(url).netloc
+            headers[HTTPHEADER.HOST] = host or urlparse.urlparse(url).netloc.split(':')[0]
 
             if auxHeaders:
                 for key, item in auxHeaders.items():

plugins/generic/enumeration.py

@@ -19,6 +19,7 @@ from lib.core.common import getCompiledRegex
 from lib.core.common import getFileItems
 from lib.core.common import Backend
 from lib.core.common import getUnicode
+from lib.core.common import isNoneValue
 from lib.core.common import isNumPosStrValue
 from lib.core.common import isTechniqueAvailable
 from lib.core.common import parsePasswordHash
@@ -803,6 +804,10 @@ class Enumeration:
         infoMsg += "%s: %s" % ("s" if len(dbs) > 1 else "", ", ".join(db for db in dbs))
         logger.info(infoMsg)
 
+        pushValue(kb.ignoreTimeout)
+        # some DBMSes (like MySQL) have (permission related) timeout issues when retrieving table names
+        kb.ignoreTimeout = True
+
         rootQuery = queries[Backend.getIdentifiedDbms()].tables
 
         if isTechniqueAvailable(PAYLOAD.TECHNIQUE.UNION) or isTechniqueAvailable(PAYLOAD.TECHNIQUE.ERROR) or conf.direct:
@@ -896,13 +901,22 @@ class Enumeration:
                 if tables:
                     kb.data.cachedTables[db] = tables
                 else:
-                    warnMsg = "unable to retrieve the tables "
+                    warnMsg = "unable to retrieve the table names "
                     warnMsg += "for database '%s'" % db
                     logger.warn(warnMsg)
 
+        kb.ignoreTimeout = popValue()
+
+        if isNoneValue(kb.data.cachedTables):
+            kb.data.cachedTables.clear()
+
         if not kb.data.cachedTables:
-            errMsg = "unable to retrieve the tables for any database"
+            errMsg = "unable to retrieve the table names for any database"
-            raise sqlmapNoneDataException, errMsg
+            if bruteForce is None:
+                logger.error(errMsg)
+                return self.getTables(bruteForce=True)
+            else:
+                raise sqlmapNoneDataException, errMsg
 
         return kb.data.cachedTables