sqlmapproject/sqlmap
1
1
Fork 0
mirror of https://github.com/sqlmapproject/sqlmap.git synced 2024-11-22 17:46:37 +03:00
Code Issues Packages Projects Releases Wiki Activity

minor bug fix to properly identify if user is admin on Oracle across all techniques

Browse Source
This commit is contained in:
Bernardo Damele 2013-01-18 09:22:53 +00:00
parent 1599b5e37f
commit a92ae93847
1 changed files with 4 additions and 3 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

7
plugins/dbms/oracle/enumeration.py
View File

@ -79,9 +79,6 @@ class Enumeration(GenericEnumeration):
# In Oracle we get the list of roles as string # In Oracle we get the list of roles as string
roles.add(role) roles.add(role)
if isAdminFromPrivileges(roles):
areAdmins.add(user)
if user in kb.data.cachedUsersRoles: if user in kb.data.cachedUsersRoles:
kb.data.cachedUsersRoles[user] = list(roles.union(kb.data.cachedUsersRoles[user])) kb.data.cachedUsersRoles[user] = list(roles.union(kb.data.cachedUsersRoles[user]))
else: else:
@ -162,4 +159,8 @@ class Enumeration(GenericEnumeration):
errMsg += "for the database users" errMsg += "for the database users"
raise SqlmapNoneDataException(errMsg) raise SqlmapNoneDataException(errMsg)
for user, privileges in kb.data.cachedUsersRoles.items():
if isAdminFromPrivileges(privileges):
areAdmins.add(user)
return kb.data.cachedUsersRoles, areAdmins return kb.data.cachedUsersRoles, areAdmins