mirror of
https://github.com/sqlmapproject/sqlmap.git
synced 2024-11-25 11:03:47 +03:00
Merge branch 'master' of github.com:sqlmapproject/sqlmap
This commit is contained in:
commit
aa467cb54c
|
@ -266,7 +266,7 @@ def runCase(switches=None, parse=None):
|
||||||
tback = traceback.format_exc()
|
tback = traceback.format_exc()
|
||||||
retVal = False
|
retVal = False
|
||||||
elif result is False: # if None, ignore
|
elif result is False: # if None, ignore
|
||||||
logger.error("the test did not run")
|
logger.error("the test did not identify the SQL injection")
|
||||||
retVal = False
|
retVal = False
|
||||||
|
|
||||||
console = getUnicode(console, system=True)
|
console = getUnicode(console, system=True)
|
||||||
|
|
|
@ -79,9 +79,6 @@ class Enumeration(GenericEnumeration):
|
||||||
# In Oracle we get the list of roles as string
|
# In Oracle we get the list of roles as string
|
||||||
roles.add(role)
|
roles.add(role)
|
||||||
|
|
||||||
if isAdminFromPrivileges(roles):
|
|
||||||
areAdmins.add(user)
|
|
||||||
|
|
||||||
if user in kb.data.cachedUsersRoles:
|
if user in kb.data.cachedUsersRoles:
|
||||||
kb.data.cachedUsersRoles[user] = list(roles.union(kb.data.cachedUsersRoles[user]))
|
kb.data.cachedUsersRoles[user] = list(roles.union(kb.data.cachedUsersRoles[user]))
|
||||||
else:
|
else:
|
||||||
|
@ -162,4 +159,8 @@ class Enumeration(GenericEnumeration):
|
||||||
errMsg += "for the database users"
|
errMsg += "for the database users"
|
||||||
raise SqlmapNoneDataException(errMsg)
|
raise SqlmapNoneDataException(errMsg)
|
||||||
|
|
||||||
|
for user, privileges in kb.data.cachedUsersRoles.items():
|
||||||
|
if isAdminFromPrivileges(privileges):
|
||||||
|
areAdmins.add(user)
|
||||||
|
|
||||||
return kb.data.cachedUsersRoles, areAdmins
|
return kb.data.cachedUsersRoles, areAdmins
|
||||||
|
|
|
@ -736,7 +736,7 @@
|
||||||
<item value="current user is DBA: True"/>
|
<item value="current user is DBA: True"/>
|
||||||
<item value="r'database management system users \[.+DB2INST1'"/>
|
<item value="r'database management system users \[.+DB2INST1'"/>
|
||||||
<item value="r'database management system users privileges:.+DB2INST1.+privilege: DB2INST1.USERS.+privilege: SYSTOOLS.POLICY'"/>
|
<item value="r'database management system users privileges:.+DB2INST1.+privilege: DB2INST1.USERS.+privilege: SYSTOOLS.POLICY'"/>
|
||||||
<item value="r'database management system users roles:.+DB2INST1.+privilege: DB2INST1.USERS.+privilege: SYSTOOLS.POLICY'"/>
|
<item value="r'database management system users roles:.+DB2INST1.+role: DB2INST1.USERS.+role: SYSTOOLS.POLICY'"/>
|
||||||
<item value="r'available databases \[.+DB2INST1.+SYSIBM.+SYSTOOLS'"/>
|
<item value="r'available databases \[.+DB2INST1.+SYSIBM.+SYSTOOLS'"/>
|
||||||
<item value="r'Database: DB2INST1.+1 table.+USERS'"/>
|
<item value="r'Database: DB2INST1.+1 table.+USERS'"/>
|
||||||
<item value="r'Database: DB2INST1.+Table: USERS.+3 columns.+SURNAME.+VARCHAR\(1000\)'"/>
|
<item value="r'Database: DB2INST1.+Table: USERS.+3 columns.+SURNAME.+VARCHAR\(1000\)'"/>
|
||||||
|
@ -1007,7 +1007,7 @@
|
||||||
<excludeSysDbs value="True"/>
|
<excludeSysDbs value="True"/>
|
||||||
</switches>
|
</switches>
|
||||||
<parse>
|
<parse>
|
||||||
<item value="r'Database: SYS.+Table: USERS.+3 columns.+SURNAME.+VARCHAR2'"/>
|
<item value="r'Database: HR.+Table: JOBS.+4 columns.+MIN_SALARY.+NUMBER'"/>
|
||||||
<item value="r'Database: SYS.+Table: USERS.+3 entries.+fluffy.+bunny.+wu.+ming'"/>
|
<item value="r'Database: SYS.+Table: USERS.+3 entries.+fluffy.+bunny.+wu.+ming'"/>
|
||||||
</parse>
|
</parse>
|
||||||
</case>
|
</case>
|
||||||
|
@ -1025,7 +1025,7 @@
|
||||||
<excludeSysDbs value="True"/>
|
<excludeSysDbs value="True"/>
|
||||||
</switches>
|
</switches>
|
||||||
<parse>
|
<parse>
|
||||||
<item value="r'Database: SYS.+Table: USERS.+3 columns.+SURNAME.+VARCHAR2'"/>
|
<item value="r'Database: HR.+Table: JOBS.+4 columns.+MIN_SALARY.+NUMBER'"/>
|
||||||
<item value="r'Database: SYS.+Table: USERS.+3 entries.+fluffy.+bunny.+wu.+ming'"/>
|
<item value="r'Database: SYS.+Table: USERS.+3 entries.+fluffy.+bunny.+wu.+ming'"/>
|
||||||
</parse>
|
</parse>
|
||||||
</case>
|
</case>
|
||||||
|
@ -2098,7 +2098,7 @@
|
||||||
<level value="3"/>
|
<level value="3"/>
|
||||||
</switches>
|
</switches>
|
||||||
<parse>
|
<parse>
|
||||||
<item value="MySQL boolean-based blind - WHERE, HAVING, ORDER BY or GROUP BY clause (RLIKE)"/>
|
<item value="Title: MySQL boolean-based blind - WHERE, HAVING, ORDER BY or GROUP BY clause (RLIKE)"/>
|
||||||
</parse>
|
</parse>
|
||||||
</case>
|
</case>
|
||||||
<case name="International data">
|
<case name="International data">
|
||||||
|
|
Loading…
Reference in New Issue
Block a user