Merge branch 'master' of github.com:sqlmapproject/sqlmap

2024-11-22 01:26:42 +03:00 · 2013-01-18 11:31:25 +01:00 · 2013-01-18 11:31:25 +01:00 · aa467cb54c
commit aa467cb54c
parent 17d36684b5 d66f7e22b1
3 changed files with 9 additions and 8 deletions
--- a/lib/core/testing.py
+++ b/lib/core/testing.py
@ -266,7 +266,7 @@ def runCase(switches=None, parse=None):
        tback = traceback.format_exc()
        retVal = False
    elif result is False:  # if None, ignore
-        logger.error("the test did not run")
+        logger.error("the test did not identify the SQL injection")
        retVal = False

    console = getUnicode(console, system=True)
--- a/plugins/dbms/oracle/enumeration.py
+++ b/plugins/dbms/oracle/enumeration.py
@ -79,9 +79,6 @@ class Enumeration(GenericEnumeration):
                            # In Oracle we get the list of roles as string
                            roles.add(role)

-                    if isAdminFromPrivileges(roles):
-                        areAdmins.add(user)
-
                    if user in kb.data.cachedUsersRoles:
                        kb.data.cachedUsersRoles[user] = list(roles.union(kb.data.cachedUsersRoles[user]))
                    else:
@ -162,4 +159,8 @@ class Enumeration(GenericEnumeration):
            errMsg += "for the database users"
            raise SqlmapNoneDataException(errMsg)

+        for user, privileges in kb.data.cachedUsersRoles.items():
+            if isAdminFromPrivileges(privileges):
+                areAdmins.add(user)
+
        return kb.data.cachedUsersRoles, areAdmins
--- a/xml/livetests.xml
+++ b/xml/livetests.xml
@ -736,7 +736,7 @@
            <item value="current user is DBA:    True"/>
            <item value="r'database management system users \[.+DB2INST1'"/>
            <item value="r'database management system users privileges:.+DB2INST1.+privilege: DB2INST1.USERS.+privilege: SYSTOOLS.POLICY'"/>
-            <item value="r'database management system users roles:.+DB2INST1.+privilege: DB2INST1.USERS.+privilege: SYSTOOLS.POLICY'"/>
+            <item value="r'database management system users roles:.+DB2INST1.+role: DB2INST1.USERS.+role: SYSTOOLS.POLICY'"/>
            <item value="r'available databases \[.+DB2INST1.+SYSIBM.+SYSTOOLS'"/>
            <item value="r'Database: DB2INST1.+1 table.+USERS'"/>
            <item value="r'Database: DB2INST1.+Table: USERS.+3 columns.+SURNAME.+VARCHAR\(1000\)'"/>
@ -1007,7 +1007,7 @@
            <excludeSysDbs value="True"/>
        </switches>
        <parse>
-            <item value="r'Database: SYS.+Table: USERS.+3 columns.+SURNAME.+VARCHAR2'"/>
+            <item value="r'Database: HR.+Table: JOBS.+4 columns.+MIN_SALARY.+NUMBER'"/>
            <item value="r'Database: SYS.+Table: USERS.+3 entries.+fluffy.+bunny.+wu.+ming'"/>
        </parse>
    </case>
@ -1025,7 +1025,7 @@
            <excludeSysDbs value="True"/>
        </switches>
        <parse>
-            <item value="r'Database: SYS.+Table: USERS.+3 columns.+SURNAME.+VARCHAR2'"/>
+            <item value="r'Database: HR.+Table: JOBS.+4 columns.+MIN_SALARY.+NUMBER'"/>
            <item value="r'Database: SYS.+Table: USERS.+3 entries.+fluffy.+bunny.+wu.+ming'"/>
        </parse>
    </case>
@ -2098,7 +2098,7 @@
            <level value="3"/>
        </switches>
        <parse>
-            <item value="MySQL boolean-based blind - WHERE, HAVING, ORDER BY or GROUP BY clause (RLIKE)"/>
+            <item value="Title: MySQL boolean-based blind - WHERE, HAVING, ORDER BY or GROUP BY clause (RLIKE)"/>
        </parse>
    </case>
    <case name="International data">