sqlmapproject/sqlmap
1
1
Fork 0
mirror of https://github.com/sqlmapproject/sqlmap.git synced 2025-02-18 12:30:36 +03:00
Code Issues Packages Projects Releases Wiki Activity

Bug fix to properly identify if current user is DBA (--is-dba) on MySQL

Browse Source
This commit is contained in:
Bernardo Damele 2010-12-22 14:06:01 +00:00
parent 250608660d
commit c9ab8ae60e
2 changed files with 8 additions and 2 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

8
plugins/generic/enumeration.py
View File

@ -129,7 +129,13 @@ class Enumeration:
infoMsg = "testing if current user is DBA" infoMsg = "testing if current user is DBA"
logger.info(infoMsg) logger.info(infoMsg)
query = agent.forgeCaseStatement(queries[kb.dbms].is_dba.query) if kb.dbms == DBMS.MYSQL:
self.getCurrentUser()
query = queries[kb.dbms].is_dba.query % kb.data.currentUser.split("@")[0]
else:
query = queries[kb.dbms].is_dba.query
query = agent.forgeCaseStatement(query)
kb.data.isDba = inject.getValue(query, unpack=False, charsetType=1) kb.data.isDba = inject.getValue(query, unpack=False, charsetType=1)

2
xml/queries.xml
View File

@ -28,7 +28,7 @@
<banner query="VERSION()"/> <banner query="VERSION()"/>
<current_user query="CURRENT_USER()"/> <current_user query="CURRENT_USER()"/>
<current_db query="DATABASE()"/> <current_db query="DATABASE()"/>
<is_dba query="(SELECT super_priv FROM mysql.user WHERE user=(SUBSTRING_INDEX(CURRENT_USER(), '@', 1)) LIMIT 0, 1)='Y'"/> <is_dba query="(SELECT super_priv FROM mysql.user WHERE user='%s' LIMIT 0, 1)='Y'"/>
<check_udf query="(SELECT name FROM mysql.func WHERE name='%s' LIMIT 0, 1)='%s'"/> <check_udf query="(SELECT name FROM mysql.func WHERE name='%s' LIMIT 0, 1)='%s'"/>
<users> <users>
<inband query="SELECT grantee FROM information_schema.USER_PRIVILEGES ORDER BY 1" query2="SELECT user FROM mysql.user ORDER BY 1"/> <inband query="SELECT grantee FROM information_schema.USER_PRIVILEGES ORDER BY 1" query2="SELECT user FROM mysql.user ORDER BY 1"/>