update regarding brute force retrieval of table names and table column names

lib/controller/action.py

@@ -16,6 +16,7 @@ from lib.core.data import paths
 from lib.core.exception import sqlmapUnsupportedDBMSException
 from lib.core.settings import SUPPORTED_DBMS
 from lib.techniques.blind.timebased import timeTest
+from lib.techniques.brute.use import columnExists
 from lib.techniques.brute.use import tableExists
 from lib.techniques.error.test import errorTest
 from lib.techniques.inband.union.test import unionTest
@@ -105,15 +106,15 @@ def action():
     if conf.getTables:
         conf.dumper.dbTables(conf.dbmsHandler.getTables())
 
-    if conf.cExists:
+    if conf.bruteTables:
         conf.dumper.dbTables(tableExists(paths.COMMON_TABLES))
 
-    if conf.tableFile:
-        conf.dumper.dbTables(tableExists(conf.tableFile))
-
     if conf.getColumns:
         conf.dumper.dbTableColumns(conf.dbmsHandler.getColumns())
 
+    if conf.bruteColumns:
+        conf.dumper.dbTableColumns(columnExists(paths.COMMON_COLUMNS))
+
     if conf.dumpTable:
         conf.dumper.dbTableValues(conf.dbmsHandler.dumpTable())
 

lib/core/dump.py

@@ -148,7 +148,7 @@ class Dump:
 
             dbTables.sort(key=lambda x: x.lower())
 
-            self.__write("Brute-forced tables:")
+            self.__write("Brute-forced table names:")
 
             if len(dbTables) == 1:
                 self.__write("[1 table]")
@@ -199,6 +199,33 @@ class Dump:
             self.string("tables", dbTables)
 
     def dbTableColumns(self, tableColumns):
+        if isinstance(tableColumns, list) and len(tableColumns) > 0:
+            maxlength = 0
+
+            for table in tableColumns:
+                maxlength = max(maxlength, len(table))
+
+            lines = "-" * (int(maxlength) + 2)
+
+            tableColumns.sort(key=lambda x: x.lower())
+
+            self.__write("Brute-forced column names for table '%s':" % conf.tbl)
+
+            if len(tableColumns) == 1:
+                self.__write("[1 column]")
+            else:
+                self.__write("[%d columns]" % len(tableColumns))
+
+            self.__write("+%s+" % lines)
+
+            for table in tableColumns:
+                blank = " " * (maxlength - len(table))
+                self.__write("| %s%s |" % (table, blank))
+
+            self.__write("+%s+\n" % lines)
+
+        elif isinstance(tableColumns, dict) and len(tableColumns) > 0:
+
             for db, tables in tableColumns.items():
                 if not db:
                     db = "All"

lib/parse/cmdline.py

@@ -341,11 +341,16 @@ def cmdLineParser():
                                action="store_true", default=False,
                                help="Prompt for an interactive SQL shell")
 
-        enumeration.add_option("--common-exists", dest="cExists", action="store_true",
+        # User-defined function options
+        brute = OptionGroup(parser, "Brute force", "These "
+                          "options can be used to run brute force "
+                          "checks.")
+
+        brute.add_option("--brute-tables", dest="bruteTables", action="store_true",
                                default=False, help="Check existence of common tables")
 
-        enumeration.add_option("--exists", dest="tableFile",
-                               help="Check existence of user specified tables")
+        brute.add_option("--brute-columns", dest="bruteColumns", action="store_true",
+                               default=False, help="Check existence of common columns")
 
         # User-defined function options
         udf = OptionGroup(parser, "User-defined function injection", "These "
@@ -526,6 +531,7 @@ def cmdLineParser():
         parser.add_option_group(techniques)
         parser.add_option_group(fingerprint)
         parser.add_option_group(enumeration)
+        parser.add_option_group(brute)
         parser.add_option_group(udf)
         parser.add_option_group(filesystem)
         parser.add_option_group(takeover)

lib/techniques/brute/use.py

@@ -19,6 +19,7 @@ from lib.core.common import randomInt
 from lib.core.common import safeStringFormat
 from lib.core.data import conf
 from lib.core.data import logger
+from lib.core.exception import sqlmapMissingMandatoryOptionException
 from lib.request.connect import Connect as Request
 
 def tableExists(tableFile):
@@ -57,19 +58,23 @@ def tableExists(tableFile):
 
     return retVal
 
-def columnExists(table, columnFile):
-    tables = getFileItems(columnFile, None)
+def columnExists(columnFile):
+    if not conf.tbl:
+        errMsg = "missing table parameter"
+        raise sqlmapMissingMandatoryOptionException, errMsg
+
+    columns = getFileItems(columnFile, None)
     retVal = []
-    infoMsg = "checking column existence for table '%s' using items from '%s'" % (table, columnFile)
+    infoMsg = "checking column existence for table '%s' using items from '%s'" % (conf.tbl, columnFile)
     logger.info(infoMsg)
 
     pushValue(conf.verbose)
     conf.verbose = 0
     count = 0
-    length = len(tables)
+    length = len(columns)
 
     for column in columns:
-        query = agent.prefixQuery("%s" % safeStringFormat("AND EXISTS(SELECT %s FROM %s)", (column, table)))
+        query = agent.prefixQuery("%s" % safeStringFormat("AND EXISTS(SELECT %s FROM %s)", (column, conf.tbl)))
         query = agent.postfixQuery(query)
         result = Request.queryPage(agent.payload(newValue=query))