mirror of
https://github.com/sqlmapproject/sqlmap.git
synced 2025-01-23 15:54:24 +03:00
Update for an Issue #481
This commit is contained in:
parent
b921ff0729
commit
de31688c4f
|
@ -121,6 +121,7 @@ optDict = {
|
|||
"dumpTable": "boolean",
|
||||
"dumpAll": "boolean",
|
||||
"search": "boolean",
|
||||
"getComments": "boolean",
|
||||
"db": "string",
|
||||
"tbl": "string",
|
||||
"col": "string",
|
||||
|
|
|
@ -386,6 +386,9 @@ def cmdLineParser():
|
|||
enumeration.add_option("--search", dest="search", action="store_true",
|
||||
help="Search column(s), table(s) and/or database name(s)")
|
||||
|
||||
enumeration.add_option("--comments", dest="getComments", action="store_true",
|
||||
help="Retrieve DBMS comments")
|
||||
|
||||
enumeration.add_option("-D", dest="db",
|
||||
help="DBMS database to enumerate")
|
||||
|
||||
|
|
|
@ -554,6 +554,19 @@ class Databases:
|
|||
name = safeSQLIdentificatorNaming(columnData[0])
|
||||
|
||||
if name:
|
||||
if conf.getComments:
|
||||
_ = queries[Backend.getIdentifiedDbms()].column_comment
|
||||
if hasattr(_, "query"):
|
||||
if Backend.getIdentifiedDbms() in (DBMS.ORACLE, DBMS.DB2):
|
||||
query = _.query % (unsafeSQLIdentificatorNaming(conf.db.upper()), unsafeSQLIdentificatorNaming(tbl.upper()), unsafeSQLIdentificatorNaming(name.upper()))
|
||||
else:
|
||||
query = _.query % (unsafeSQLIdentificatorNaming(conf.db), unsafeSQLIdentificatorNaming(tbl), unsafeSQLIdentificatorNaming(name))
|
||||
comment = unArrayizeValue(inject.getValue(query, blind=False, time=False))
|
||||
else:
|
||||
warnMsg = "on %s it is not " % Backend.getIdentifiedDbms()
|
||||
warnMsg += "possible to get column comments"
|
||||
singleTimeWarnMessage(warnMsg)
|
||||
|
||||
if len(columnData) == 1:
|
||||
columns[name] = None
|
||||
else:
|
||||
|
@ -666,6 +679,19 @@ class Databases:
|
|||
column = unArrayizeValue(inject.getValue(query, union=False, error=False))
|
||||
|
||||
if not isNoneValue(column):
|
||||
if conf.getComments:
|
||||
_ = queries[Backend.getIdentifiedDbms()].column_comment
|
||||
if hasattr(_, "query"):
|
||||
if Backend.getIdentifiedDbms() in (DBMS.ORACLE, DBMS.DB2):
|
||||
query = _.query % (unsafeSQLIdentificatorNaming(conf.db.upper()), unsafeSQLIdentificatorNaming(tbl.upper()), unsafeSQLIdentificatorNaming(column.upper()))
|
||||
else:
|
||||
query = _.query % (unsafeSQLIdentificatorNaming(conf.db), unsafeSQLIdentificatorNaming(tbl), unsafeSQLIdentificatorNaming(column))
|
||||
comment = unArrayizeValue(inject.getValue(query, union=False, error=False))
|
||||
else:
|
||||
warnMsg = "on %s it is not " % Backend.getIdentifiedDbms()
|
||||
warnMsg += "possible to get column comments"
|
||||
singleTimeWarnMessage(warnMsg)
|
||||
|
||||
if not onlyColNames:
|
||||
if Backend.getIdentifiedDbms() in (DBMS.MYSQL, DBMS.PGSQL):
|
||||
query = rootQuery.blind.query2 % (unsafeSQLIdentificatorNaming(tbl), column, unsafeSQLIdentificatorNaming(conf.db))
|
||||
|
|
|
@ -429,6 +429,10 @@ dumpAll = False
|
|||
# Valid: True or False
|
||||
search = False
|
||||
|
||||
# Retrieve back-end database management system comments.
|
||||
# Valid: True or False
|
||||
getComments = False
|
||||
|
||||
# Back-end database management system database to enumerate.
|
||||
db =
|
||||
|
||||
|
|
|
@ -240,9 +240,9 @@
|
|||
NOTE: in Oracle to check if the session user is DBA you can use:
|
||||
SELECT USERENV('ISDBA') FROM DUAL
|
||||
-->
|
||||
<hostname query="SELECT UTL_INADDR.get_host_name FROM DUAL"/>
|
||||
<table_comment query="SELECT comments FROM user_tab_comments WHERE table_name='%s'"/>
|
||||
<column_comment query="SELECT comments FROM user_col_comments WHERE table_name='%s' AND column_name='%s'"/>
|
||||
<hostname query="SELECT UTL_INADDR.GET_HOST_NAME FROM DUAL"/>
|
||||
<table_comment query="SELECT COMMENTS FROM ALL_TAB_COMMENTS WHERE OWNER='%s' AND TABLE_NAME='%s'"/>
|
||||
<column_comment query="SELECT COMMENTS FROM ALL_COL_COMMENTS WHERE OWNER='%s' AND TABLE_NAME='%s' AND COLUMN_NAME='%s'"/>
|
||||
<is_dba query="(SELECT GRANTED_ROLE FROM DBA_ROLE_PRIVS WHERE GRANTEE=USER AND GRANTED_ROLE='DBA')='DBA'"/>
|
||||
<users>
|
||||
<inband query="SELECT USERNAME FROM SYS.ALL_USERS"/>
|
||||
|
@ -324,6 +324,8 @@
|
|||
<current_user/>
|
||||
<current_db/>
|
||||
<hostname/>
|
||||
<table_comment/>
|
||||
<column_comment/>
|
||||
<is_dba/>
|
||||
<check_udf/>
|
||||
<users/>
|
||||
|
@ -374,6 +376,8 @@
|
|||
<current_user/>
|
||||
<current_db/>
|
||||
<hostname/>
|
||||
<table_comment/>
|
||||
<column_comment/>
|
||||
<is_dba/>
|
||||
<dbs/>
|
||||
<!--MSysObjects have no read permission by default-->
|
||||
|
@ -415,6 +419,8 @@
|
|||
<current_user query="SELECT CURRENT_USER FROM RDB$DATABASE"/>
|
||||
<current_db query="SELECT RDB$GET_CONTEXT('SYSTEM','DB_NAME') FROM RDB$DATABASE"/>
|
||||
<hostname/>
|
||||
<table_comment/>
|
||||
<column_comment/>
|
||||
<is_dba query="CURRENT_USER='SYSDBA'"/>
|
||||
<users>
|
||||
<inband query="SELECT RDB$USER FROM RDB$USER_PRIVILEGES"/>
|
||||
|
@ -471,6 +477,8 @@
|
|||
<current_user query="SELECT USER() FROM DUAL"/>
|
||||
<current_db query="SELECT DATABASE() FROM DUAL"/>
|
||||
<hostname/>
|
||||
<table_comment/>
|
||||
<column_comment/>
|
||||
<is_dba/>
|
||||
<users>
|
||||
<inband query="SELECT username FROM domain.users"/>
|
||||
|
@ -521,6 +529,8 @@
|
|||
<current_user query="SELECT SUSER_NAME()"/>
|
||||
<current_db query="SELECT DB_NAME()"/>
|
||||
<hostname/>
|
||||
<table_comment/>
|
||||
<column_comment/>
|
||||
<is_dba query="PATINDEX('%sa_role%',SHOW_ROLE())>0" query2="EXISTS(SELECT * FROM master..syslogins,master..sysloginroles WHERE srid=0 and name='%s')"/>
|
||||
<users>
|
||||
<inband query="SELECT name FROM master..syslogins"/>
|
||||
|
@ -592,6 +602,8 @@
|
|||
<!-- NOTE: On DB2 we use the current user as default schema (database) -->
|
||||
<current_db query="SELECT current server FROM SYSIBM.SYSDUMMY1"/>
|
||||
<hostname query="SELECT host_name FROM TABLE(sysproc.env_get_sys_info())"/>
|
||||
<table_comment/>
|
||||
<column_comment/>
|
||||
<is_dba query="(SELECT dbadmauth FROM syscat.dbauth WHERE grantee=current user)='Y'"/>
|
||||
<users>
|
||||
<inband query="SELECT grantee FROM sysibm.sysdbauth WHERE grantee!='SYSTEM' AND grantee!='PUBLIC'"/>
|
||||
|
@ -657,6 +669,8 @@
|
|||
<current_user query="CURRENT_USER"/>
|
||||
<current_db query="DATABASE()"/>
|
||||
<hostname/>
|
||||
<table_comment/>
|
||||
<column_comment/>
|
||||
<is_dba query="SELECT ADMIN FROM INFORMATION_SCHEMA.SYSTEM_USERS WHERE USER=CURRENT_USER"/>
|
||||
<check_udf/>
|
||||
<users>
|
||||
|
|
Loading…
Reference in New Issue
Block a user