From a92ae9384778764db7d383aeedb84c4fdcab02ac Mon Sep 17 00:00:00 2001
From: Bernardo Damele <bernardo.damele@gmail.com>
Date: Fri, 18 Jan 2013 09:22:53 +0000
Subject: [PATCH 1/2] minor bug fix to properly identify if user is admin on
 Oracle across all techniques

---
 plugins/dbms/oracle/enumeration.py | 7 ++++---
 1 file changed, 4 insertions(+), 3 deletions(-)

diff --git a/plugins/dbms/oracle/enumeration.py b/plugins/dbms/oracle/enumeration.py
index 66c676cb2..dda8f6d11 100644
--- a/plugins/dbms/oracle/enumeration.py
+++ b/plugins/dbms/oracle/enumeration.py
@@ -79,9 +79,6 @@ class Enumeration(GenericEnumeration):
                             # In Oracle we get the list of roles as string
                             roles.add(role)
 
-                    if isAdminFromPrivileges(roles):
-                        areAdmins.add(user)
-
                     if user in kb.data.cachedUsersRoles:
                         kb.data.cachedUsersRoles[user] = list(roles.union(kb.data.cachedUsersRoles[user]))
                     else:
@@ -162,4 +159,8 @@ class Enumeration(GenericEnumeration):
             errMsg += "for the database users"
             raise SqlmapNoneDataException(errMsg)
 
+        for user, privileges in kb.data.cachedUsersRoles.items():
+            if isAdminFromPrivileges(privileges):
+                areAdmins.add(user)
+
         return kb.data.cachedUsersRoles, areAdmins

From d66f7e22b1944d01cfc5d519de1ec7cb9b7933de Mon Sep 17 00:00:00 2001
From: Bernardo Damele <bernardo.damele@gmail.com>
Date: Fri, 18 Jan 2013 09:32:05 +0000
Subject: [PATCH 2/2] more fixes to test cases

---
 lib/core/testing.py | 2 +-
 xml/livetests.xml   | 8 ++++----
 2 files changed, 5 insertions(+), 5 deletions(-)

diff --git a/lib/core/testing.py b/lib/core/testing.py
index 952b323ef..413cbd46e 100644
--- a/lib/core/testing.py
+++ b/lib/core/testing.py
@@ -266,7 +266,7 @@ def runCase(switches=None, parse=None):
         tback = traceback.format_exc()
         retVal = False
     elif result is False:  # if None, ignore
-        logger.error("the test did not run")
+        logger.error("the test did not identify the SQL injection")
         retVal = False
 
     console = getUnicode(console, system=True)
diff --git a/xml/livetests.xml b/xml/livetests.xml
index bf6bed60f..841d2f174 100644
--- a/xml/livetests.xml
+++ b/xml/livetests.xml
@@ -736,7 +736,7 @@
             <item value="current user is DBA:    True"/>
             <item value="r'database management system users \[.+DB2INST1'"/>
             <item value="r'database management system users privileges:.+DB2INST1.+privilege: DB2INST1.USERS.+privilege: SYSTOOLS.POLICY'"/>
-            <item value="r'database management system users roles:.+DB2INST1.+privilege: DB2INST1.USERS.+privilege: SYSTOOLS.POLICY'"/>
+            <item value="r'database management system users roles:.+DB2INST1.+role: DB2INST1.USERS.+role: SYSTOOLS.POLICY'"/>
             <item value="r'available databases \[.+DB2INST1.+SYSIBM.+SYSTOOLS'"/>
             <item value="r'Database: DB2INST1.+1 table.+USERS'"/>
             <item value="r'Database: DB2INST1.+Table: USERS.+3 columns.+SURNAME.+VARCHAR\(1000\)'"/>
@@ -1007,7 +1007,7 @@
             <excludeSysDbs value="True"/>
         </switches>
         <parse>
-            <item value="r'Database: SYS.+Table: USERS.+3 columns.+SURNAME.+VARCHAR2'"/>
+            <item value="r'Database: HR.+Table: JOBS.+4 columns.+MIN_SALARY.+NUMBER'"/>
             <item value="r'Database: SYS.+Table: USERS.+3 entries.+fluffy.+bunny.+wu.+ming'"/>
         </parse>
     </case>
@@ -1025,7 +1025,7 @@
             <excludeSysDbs value="True"/>
         </switches>
         <parse>
-            <item value="r'Database: SYS.+Table: USERS.+3 columns.+SURNAME.+VARCHAR2'"/>
+            <item value="r'Database: HR.+Table: JOBS.+4 columns.+MIN_SALARY.+NUMBER'"/>
             <item value="r'Database: SYS.+Table: USERS.+3 entries.+fluffy.+bunny.+wu.+ming'"/>
         </parse>
     </case>
@@ -2098,7 +2098,7 @@
             <level value="3"/>
         </switches>
         <parse>
-            <item value="MySQL boolean-based blind - WHERE, HAVING, ORDER BY or GROUP BY clause (RLIKE)"/>
+            <item value="Title: MySQL boolean-based blind - WHERE, HAVING, ORDER BY or GROUP BY clause (RLIKE)"/>
         </parse>
     </case>
     <case name="International data">