diff --git a/lib/core/agent.py b/lib/core/agent.py
index dae2c4226..10d518a2f 100644
--- a/lib/core/agent.py
+++ b/lib/core/agent.py
@@ -639,7 +639,7 @@ class Agent:
limitedQuery = limitedQuery % fromFrom
limitedQuery += "=%d" % (num + 1)
- elif Backend.getIdentifiedDbms() in (DBMS.MSSQL, DBMS.SYBASE):
+ elif Backend.getIdentifiedDbms() == DBMS.MSSQL:
forgeNotIn = True
if " ORDER BY " in limitedQuery:
diff --git a/plugins/dbms/sybase/enumeration.py b/plugins/dbms/sybase/enumeration.py
index ad31a5fe8..e0171ebec 100644
--- a/plugins/dbms/sybase/enumeration.py
+++ b/plugins/dbms/sybase/enumeration.py
@@ -7,9 +7,86 @@ Copyright (c) 2006-2010 sqlmap developers (http://sqlmap.sourceforge.net/)
See the file 'doc/COPYING' for copying permission
"""
+from lib.core.common import Backend
+from lib.core.common import isTechniqueAvailable
+from lib.core.common import randomStr
+from lib.core.data import conf
+from lib.core.data import kb
+from lib.core.data import logger
+from lib.core.data import queries
+from lib.core.dicts import sybaseTypes
+from lib.core.enums import PAYLOAD
from lib.core.exception import sqlmapUnsupportedFeatureException
from plugins.generic.enumeration import Enumeration as GenericEnumeration
class Enumeration(GenericEnumeration):
def __init__(self):
GenericEnumeration.__init__(self)
+
+ def getUsers(self):
+ infoMsg = "fetching database users"
+ logger.info(infoMsg)
+
+ rootQuery = queries[Backend.getIdentifiedDbms()].users
+
+ randStr = randomStr()
+ query = rootQuery.inband.query
+
+ if isTechniqueAvailable(PAYLOAD.TECHNIQUE.UNION) or isTechniqueAvailable(PAYLOAD.TECHNIQUE.ERROR) or conf.direct:
+ blinds = [False, True]
+ else:
+ blinds = [True]
+
+ for blind in blinds:
+ retVal = self.__pivotDumpTable("(%s) AS %s" % (query, randStr), ['%s.name' % randStr], blind=blind)
+
+ if retVal:
+ kb.data.cachedUsers = retVal[0].values()[0]
+ break
+
+ return kb.data.cachedUsers
+
+ def getColumns(self, onlyColNames=False):
+ if "." in conf.tbl:
+ conf.db, conf.tbl = conf.tbl.split(".")
+
+ self.forceDbmsEnum()
+
+ if not conf.db:
+ warnMsg = "missing database parameter, sqlmap is going to "
+ warnMsg += "use the current database to enumerate table "
+ warnMsg += "'%s' columns" % conf.tbl
+ logger.warn(warnMsg)
+
+ conf.db = self.getCurrentDb()
+ rootQuery = queries[Backend.getIdentifiedDbms()].columns
+ condition = rootQuery.blind.condition if 'condition' in rootQuery.blind else None
+
+ infoMsg = "fetching columns "
+ infoMsg += "for table '%s' " % conf.tbl
+ infoMsg += "on database '%s'" % conf.db
+ logger.info(infoMsg)
+
+ if isTechniqueAvailable(PAYLOAD.TECHNIQUE.UNION) or isTechniqueAvailable(PAYLOAD.TECHNIQUE.ERROR) or conf.direct:
+ blinds = [False, True]
+ else:
+ blinds = [True]
+
+ for blind in blinds:
+ randStr = randomStr()
+ query = rootQuery.inband.query % (conf.db, conf.db, conf.db, conf.db, conf.db, conf.db, conf.db, conf.tbl)
+ retVal = self.__pivotDumpTable("(%s) AS %s" % (query, randStr), ['%s.name' % randStr,'%s.usertype' % randStr], blind=blind)
+
+ if retVal:
+ table = {}
+ columns = {}
+
+ for name, type_ in zip(retVal[0]["%s.name" % randStr], retVal[0]["%s.usertype" % randStr]):
+ columns[name] = sybaseTypes[type_] if type_ else None
+
+ table[conf.tbl] = columns
+ kb.data.cachedColumns[conf.db] = table
+
+ break
+
+ return kb.data.cachedColumns
diff --git a/plugins/generic/enumeration.py b/plugins/generic/enumeration.py
index a03f03067..e039f0c92 100644
--- a/plugins/generic/enumeration.py
+++ b/plugins/generic/enumeration.py
@@ -37,7 +37,6 @@ from lib.core.data import logger
from lib.core.data import paths
from lib.core.data import queries
from lib.core.dicts import firebirdTypes
-from lib.core.dicts import sybaseTypes
from lib.core.enums import DBMS
from lib.core.enums import EXPECTED
from lib.core.enums import PAYLOAD
@@ -1040,23 +1039,6 @@ class Enumeration:
parseSqliteTableSchema(value)
return kb.data.cachedColumns
- elif Backend.getIdentifiedDbms() == DBMS.SYBASE:
- randStr = randomStr()
- query = rootQuery.inband.query % (conf.db, conf.db, conf.db, conf.db, conf.db, conf.db, conf.db, conf.tbl)
- retVal = self.__pivotDumpTable("(%s) AS %s" % (query, randStr), ['%s.name' % randStr,'%s.usertype' % randStr], blind=True)
-
- if retVal:
- table = {}
- columns = {}
-
- for name, type_ in zip(retVal[0]["%s.name" % randStr], retVal[0]["%s.usertype" % randStr]):
- columns[name] = sybaseTypes[type_] if type_ else None
-
- table[conf.tbl] = columns
- kb.data.cachedColumns[conf.db] = table
-
- return kb.data.cachedColumns
-
count = inject.getValue(query, inband=False, error=False, expected=EXPECTED.INT, charsetType=2)
if not isNumPosStrValue(count):
@@ -1149,7 +1131,6 @@ class Enumeration:
logger.info(infoMsg)
query = dumpNode.count2 % (column, table)
-
if blind:
value = inject.getValue(query, inband=False, error=False)
else:
@@ -1312,7 +1293,7 @@ class Enumeration:
else:
query = rootQuery.inband.query % (colString, conf.db, conf.tbl)
- if not (Backend.getIdentifiedDbms() == DBMS.MYSQL and entries):
+ if not entries:
entries = inject.getValue(query, blind=False, dump=True)
if entries:
@@ -1381,14 +1362,10 @@ class Enumeration:
try:
if Backend.getIdentifiedDbms() in (DBMS.ACCESS, DBMS.SYBASE):
- validColumnList = False
- validPivotValue = False
-
if DBMS.ACCESS:
table = conf.tbl
elif DBMS.SYBASE:
table = "%s..%s" % (conf.db, conf.tbl)
-
entries, lengths = self.__pivotDumpTable(table, colList, count, blind=True)
else:
diff --git a/xml/queries.xml b/xml/queries.xml
index 4a90a5b71..254fc5c5a 100644
--- a/xml/queries.xml
+++ b/xml/queries.xml
@@ -489,22 +489,22 @@
-
-
+
+
-
+
-
+
-
+
@@ -516,15 +516,15 @@
-
+
-
+
-
+