From a92ae9384778764db7d383aeedb84c4fdcab02ac Mon Sep 17 00:00:00 2001
From: Bernardo Damele <bernardo.damele@gmail.com>
Date: Fri, 18 Jan 2013 09:22:53 +0000
Subject: [PATCH] minor bug fix to properly identify if user is admin on Oracle
 across all techniques

---
 plugins/dbms/oracle/enumeration.py | 7 ++++---
 1 file changed, 4 insertions(+), 3 deletions(-)

diff --git a/plugins/dbms/oracle/enumeration.py b/plugins/dbms/oracle/enumeration.py
index 66c676cb2..dda8f6d11 100644
--- a/plugins/dbms/oracle/enumeration.py
+++ b/plugins/dbms/oracle/enumeration.py
@@ -79,9 +79,6 @@ class Enumeration(GenericEnumeration):
                             # In Oracle we get the list of roles as string
                             roles.add(role)
 
-                    if isAdminFromPrivileges(roles):
-                        areAdmins.add(user)
-
                     if user in kb.data.cachedUsersRoles:
                         kb.data.cachedUsersRoles[user] = list(roles.union(kb.data.cachedUsersRoles[user]))
                     else:
@@ -162,4 +159,8 @@ class Enumeration(GenericEnumeration):
             errMsg += "for the database users"
             raise SqlmapNoneDataException(errMsg)
 
+        for user, privileges in kb.data.cachedUsersRoles.items():
+            if isAdminFromPrivileges(privileges):
+                areAdmins.add(user)
+
         return kb.data.cachedUsersRoles, areAdmins