update regarding brute forcing

lib/core/dump.py

@@ -148,7 +148,7 @@ class Dump:
 
             dbTables.sort(key=lambda x: x.lower())
 
-            self.__write("Brute-forced table names:")
+            self.__write("Database: %s" % conf.db)
 
             if len(dbTables) == 1:
                 self.__write("[1 table]")
@@ -209,7 +209,7 @@ class Dump:
 
             tableColumns.sort(key=lambda x: x.lower())
 
-            self.__write("Brute-forced column names for table '%s':" % conf.tbl)
+            self.__write("Database: %s\nTable: %s" % (conf.db if conf.db else 'All', conf.tbl))
 
             if len(tableColumns) == 1:
                 self.__write("[1 column]")

lib/techniques/brute/use.py

@@ -23,9 +23,9 @@ from lib.core.exception import sqlmapMissingMandatoryOptionException
 from lib.request.connect import Connect as Request
 
 def tableExists(tableFile):
-    tables = getFileItems(tableFile, None)
+    tables = getFileItems(tableFile)
     retVal = []
-    infoMsg = "checking tables existence using items from '%s'" % tableFile
+    infoMsg = "checking table existence using items from '%s'" % tableFile
     logger.info(infoMsg)
 
     pushValue(conf.verbose)
@@ -34,7 +34,7 @@ def tableExists(tableFile):
     length = len(tables)
 
     for table in tables:
-        query = agent.prefixQuery("%s" % safeStringFormat("AND EXISTS(SELECT %d FROM %s)", (randomInt(1), table)))
+        query = agent.prefixQuery("%s" % safeStringFormat("AND EXISTS(SELECT %d FROM %s)", (randomInt(1), table if not conf.db else "%s.%s" % (conf.db, table))))
         query = agent.postfixQuery(query)
         result = Request.queryPage(agent.payload(newValue=query))
 
@@ -63,9 +63,10 @@ def columnExists(columnFile):
         errMsg = "missing table parameter"
         raise sqlmapMissingMandatoryOptionException, errMsg
 
-    columns = getFileItems(columnFile, None)
+    columns = getFileItems(columnFile)
+    table = conf.tbl if not conf.db else ("%s.%s" % (conf.db, conf.tbl))
     retVal = []
-    infoMsg = "checking column existence for table '%s' using items from '%s'" % (conf.tbl, columnFile)
+    infoMsg = "checking column existence using items from '%s'" % columnFile
     logger.info(infoMsg)
 
     pushValue(conf.verbose)
@@ -74,7 +75,7 @@ def columnExists(columnFile):
     length = len(columns)
 
     for column in columns:
-        query = agent.prefixQuery("%s" % safeStringFormat("AND EXISTS(SELECT %s FROM %s)", (column, conf.tbl)))
+        query = agent.prefixQuery("%s" % safeStringFormat("AND EXISTS(SELECT %s FROM %s)", (column, table)))
         query = agent.postfixQuery(query)
         result = Request.queryPage(agent.payload(newValue=query))
 

txt/common-columns.txt

@@ -10,336 +10,3 @@ owner
 table_name
 type
 type_id
-Name
-term_id
-column_name
-tablespace_name
-address
-object_id
-user_name
-version
-description
-person_id
-parent
-uid
-userid
-item_id
-category_id
-cid
-dbid
-password
-customer_id
-pid
-pixSize
-customer_name
-object_name
-ProductID
-privilege
-aid
-GroupID
-segment_name
-tid
-event_id
-pno
-title
-cat_id
-granted_role
-log_id
-imageinfo_id
-md5sum
-The
-branch_name
-author_id
-userInfo_id
-index_name
-imageInfo_id
-vendor_id
-group_id
-attributeCategory_id
-sid
-cname
-EmployeeID
-Version
-CustomerID
-constraint_name
-alias
-idThumb
-fname
-email_id
-gid
-text_id
-areaCode
-permission_id
-nextval
-data
-menu_id
-request_id
-city
-comment_id
-role_id
-USER_ID
-message_id
-aID
-session_id
-status_id
-account_number
-token
-pname
-idGallery
-country_id
-database
-FieldName
-language_id
-idKeyword
-TRIGGER_NAME
-book_id
-object_type
-zip
-USERNAME
-card_no
-JOB_NAME
-instance_name
-location_id
-uri
-OBJECT_NAME
-email
-key
-version_id
-payment_id
-assets
-Host
-cmd
-second
-Deleted
-dno
-acl_id
-auth_id
-ConditionValue1
-table_id
-ps_suppkey
-tax_id
-db_name
-Control
-segment_type
-next_extent
-categoryid
-post_id
-set_id
-idFacture
-SourceTypeOrReferenceId
-db_link
-LastName
-sessionID
-base_id
-ElseGroup
-column_value
-itemID
-reference
-JobID
-s_suppkey
-COLUMN_NAME
-guid
-type_name
-spid
-child
-NAME
-runalone_flag
-default_role
-profile_id
-cond_2_val_2
-cond_2_val_1
-indirect
-cno
-statements
-segment
-tag_id
-idType
-score_id
-idCommande
-item
-Accounts
-customer_forname
-TableName
-lang_name
-lootcondition
-customer_phone'
-ROLE_ID
-c_sec_id
-CourseNo
-Numbers
-ext_id
-product
-Average
-idVol
-serviceID
-to_run_application_id
-emp_id
-U_ID
-page_nr
-member_id
-row_id
-first
-ono
-categoryId
-Location
-region_id
-SCR_ID
-idList
-loc_id
-itemid
-TO_CHAR
-Test
-condition_value1
-define
-ssn
-owner_id
-Loan
-c_custkey
-credit_id
-weight_id
-address_id
-course_id
-idPath
-program_application_id
-queue_control_flag
-ordno
-ref_value
-calendar_id
-Classic
-user_type_link_id
-DNAME
-SourceEntry
-staff_id
-pnumber
-dnumber
-USA
-page_log_exclusion_id
-An
-publisher_name
-TRIGGER_GROUP
-ps_partkey
-project_id
-FacNo
-productid
-Guid
-ref_id
-what
-fk_id
-publisher
-end_date
-company
-day_id
-news_id
-cond_1_val_1
-postedByUserId
-CHANNEL_ID
-admin_option
-trigger_name
-weight_name
-APP_ID
-paper
-job_id
-CUR_ID
-operationID
-value_id
-entryId
-statement
-l_orderkey
-StdNo
-ALERT_ID
-topic_id
-FacFirstName
-authority_id
-node_id
-essn
-master_table
-idFournisseur
-run_num
-s_id
-targetEntry
-cond_3_val_2
-UserID
-eID
-pdf_page_number
-OfferNo
-employee_id
-lang_id
-species_id
-entry
-dnum
-source
-UG_ID
-CT_ID
-sql_text
-snap_id
-CategoryID
-external_id
-running_processes
-CustomerName
-User
-InvoiceID
-line
-condition_value2
-osvdb_id
-CustID
-master_db
-CF_ID
-dname
-ssno
-cond_3
-cond_2
-cond_1
-branch_id
-host
-ReturnCode
-agentID
-p_partkey
-TOP
-entry_id
-f_id
-profile
-SERVER_ID
-badge_number
-banner
-StdFirstName
-GROUP_ID
-day
-ROWNUM
-master_field
-Redo
-instance
-url
-ConditionTypeOrReference
-JOB_GROUP
-ConditionValue3
-ConditionValue2
-datarow
-version_name
-orderid
-job
-UserName
-Number
-value
-SourceGroup
-loan_number
-resource_id
-rule_id
-base_name
-customerName
-eno
-cond_3_val_1
-C_ID
-Tablespaces
-cond_1_val_2
-OperationID
-order_id
-SEQUENCE_ID
-COM_NAME
-corr_id
-cart_id
-cID
-ticket_id
-transcript_id
-FIF_ID
-book
-vendor_name