mirror of
https://github.com/sqlmapproject/sqlmap.git
synced 2024-11-22 17:46:37 +03:00
Update for an Issue #481
This commit is contained in:
Miroslav Stampar
parent
b921ff0729
commit
de31688c4f
|
|
@ -121,6 +121,7 @@ optDict = {
|
||||||
"dumpTable": "boolean",
|
"dumpTable": "boolean",
|
||||||
"dumpAll": "boolean",
|
"dumpAll": "boolean",
|
||||||
"search": "boolean",
|
"search": "boolean",
|
||||||
|
"getComments": "boolean",
|
||||||
"db": "string",
|
"db": "string",
|
||||||
"tbl": "string",
|
"tbl": "string",
|
||||||
"col": "string",
|
"col": "string",
|
||||||
|
|
|
||||||
|
|
@ -386,6 +386,9 @@ def cmdLineParser():
|
||||||
enumeration.add_option("--search", dest="search", action="store_true",
|
enumeration.add_option("--search", dest="search", action="store_true",
|
||||||
help="Search column(s), table(s) and/or database name(s)")
|
help="Search column(s), table(s) and/or database name(s)")
|
||||||
|
|
||||||
|
enumeration.add_option("--comments", dest="getComments", action="store_true",
|
||||||
|
help="Retrieve DBMS comments")
|
||||||
|
|
||||||
enumeration.add_option("-D", dest="db",
|
enumeration.add_option("-D", dest="db",
|
||||||
help="DBMS database to enumerate")
|
help="DBMS database to enumerate")
|
||||||
|
|
||||||
|
|
|
||||||
|
|
@ -554,6 +554,19 @@ class Databases:
|
||||||
name = safeSQLIdentificatorNaming(columnData[0])
|
name = safeSQLIdentificatorNaming(columnData[0])
|
||||||
|
|
||||||
if name:
|
if name:
|
||||||
|
if conf.getComments:
|
||||||
|
_ = queries[Backend.getIdentifiedDbms()].column_comment
|
||||||
|
if hasattr(_, "query"):
|
||||||
|
if Backend.getIdentifiedDbms() in (DBMS.ORACLE, DBMS.DB2):
|
||||||
|
query = _.query % (unsafeSQLIdentificatorNaming(conf.db.upper()), unsafeSQLIdentificatorNaming(tbl.upper()), unsafeSQLIdentificatorNaming(name.upper()))
|
||||||
|
else:
|
||||||
|
query = _.query % (unsafeSQLIdentificatorNaming(conf.db), unsafeSQLIdentificatorNaming(tbl), unsafeSQLIdentificatorNaming(name))
|
||||||
|
comment = unArrayizeValue(inject.getValue(query, blind=False, time=False))
|
||||||
|
else:
|
||||||
|
warnMsg = "on %s it is not " % Backend.getIdentifiedDbms()
|
||||||
|
warnMsg += "possible to get column comments"
|
||||||
|
singleTimeWarnMessage(warnMsg)
|
||||||
|
|
||||||
if len(columnData) == 1:
|
if len(columnData) == 1:
|
||||||
columns[name] = None
|
columns[name] = None
|
||||||
else:
|
else:
|
||||||
|
|
@ -666,6 +679,19 @@ class Databases:
|
||||||
column = unArrayizeValue(inject.getValue(query, union=False, error=False))
|
column = unArrayizeValue(inject.getValue(query, union=False, error=False))
|
||||||
|
|
||||||
if not isNoneValue(column):
|
if not isNoneValue(column):
|
||||||
|
if conf.getComments:
|
||||||
|
_ = queries[Backend.getIdentifiedDbms()].column_comment
|
||||||
|
if hasattr(_, "query"):
|
||||||
|
if Backend.getIdentifiedDbms() in (DBMS.ORACLE, DBMS.DB2):
|
||||||
|
query = _.query % (unsafeSQLIdentificatorNaming(conf.db.upper()), unsafeSQLIdentificatorNaming(tbl.upper()), unsafeSQLIdentificatorNaming(column.upper()))
|
||||||
|
else:
|
||||||
|
query = _.query % (unsafeSQLIdentificatorNaming(conf.db), unsafeSQLIdentificatorNaming(tbl), unsafeSQLIdentificatorNaming(column))
|
||||||
|
comment = unArrayizeValue(inject.getValue(query, union=False, error=False))
|
||||||
|
else:
|
||||||
|
warnMsg = "on %s it is not " % Backend.getIdentifiedDbms()
|
||||||
|
warnMsg += "possible to get column comments"
|
||||||
|
singleTimeWarnMessage(warnMsg)
|
||||||
|
|
||||||
if not onlyColNames:
|
if not onlyColNames:
|
||||||
if Backend.getIdentifiedDbms() in (DBMS.MYSQL, DBMS.PGSQL):
|
if Backend.getIdentifiedDbms() in (DBMS.MYSQL, DBMS.PGSQL):
|
||||||
query = rootQuery.blind.query2 % (unsafeSQLIdentificatorNaming(tbl), column, unsafeSQLIdentificatorNaming(conf.db))
|
query = rootQuery.blind.query2 % (unsafeSQLIdentificatorNaming(tbl), column, unsafeSQLIdentificatorNaming(conf.db))
|
||||||
|
|
|
||||||
|
|
@ -429,6 +429,10 @@ dumpAll = False
|
||||||
# Valid: True or False
|
# Valid: True or False
|
||||||
search = False
|
search = False
|
||||||
|
|
||||||
|
# Retrieve back-end database management system comments.
|
||||||
|
# Valid: True or False
|
||||||
|
getComments = False
|
||||||
|
|
||||||
# Back-end database management system database to enumerate.
|
# Back-end database management system database to enumerate.
|
||||||
db =
|
db =
|
||||||
|
|
||||||
|
|
|
||||||
|
|
@ -240,9 +240,9 @@
|
||||||
NOTE: in Oracle to check if the session user is DBA you can use:
|
NOTE: in Oracle to check if the session user is DBA you can use:
|
||||||
SELECT USERENV('ISDBA') FROM DUAL
|
SELECT USERENV('ISDBA') FROM DUAL
|
||||||
-->
|
-->
|
||||||
<hostname query="SELECT UTL_INADDR.get_host_name FROM DUAL"/>
|
<hostname query="SELECT UTL_INADDR.GET_HOST_NAME FROM DUAL"/>
|
||||||
<table_comment query="SELECT comments FROM user_tab_comments WHERE table_name='%s'"/>
|
<table_comment query="SELECT COMMENTS FROM ALL_TAB_COMMENTS WHERE OWNER='%s' AND TABLE_NAME='%s'"/>
|
||||||
<column_comment query="SELECT comments FROM user_col_comments WHERE table_name='%s' AND column_name='%s'"/>
|
<column_comment query="SELECT COMMENTS FROM ALL_COL_COMMENTS WHERE OWNER='%s' AND TABLE_NAME='%s' AND COLUMN_NAME='%s'"/>
|
||||||
<is_dba query="(SELECT GRANTED_ROLE FROM DBA_ROLE_PRIVS WHERE GRANTEE=USER AND GRANTED_ROLE='DBA')='DBA'"/>
|
<is_dba query="(SELECT GRANTED_ROLE FROM DBA_ROLE_PRIVS WHERE GRANTEE=USER AND GRANTED_ROLE='DBA')='DBA'"/>
|
||||||
<users>
|
<users>
|
||||||
<inband query="SELECT USERNAME FROM SYS.ALL_USERS"/>
|
<inband query="SELECT USERNAME FROM SYS.ALL_USERS"/>
|
||||||
|
|
@ -324,6 +324,8 @@
|
||||||
<current_user/>
|
<current_user/>
|
||||||
<current_db/>
|
<current_db/>
|
||||||
<hostname/>
|
<hostname/>
|
||||||
|
<table_comment/>
|
||||||
|
<column_comment/>
|
||||||
<is_dba/>
|
<is_dba/>
|
||||||
<check_udf/>
|
<check_udf/>
|
||||||
<users/>
|
<users/>
|
||||||
|
|
@ -374,6 +376,8 @@
|
||||||
<current_user/>
|
<current_user/>
|
||||||
<current_db/>
|
<current_db/>
|
||||||
<hostname/>
|
<hostname/>
|
||||||
|
<table_comment/>
|
||||||
|
<column_comment/>
|
||||||
<is_dba/>
|
<is_dba/>
|
||||||
<dbs/>
|
<dbs/>
|
||||||
<!--MSysObjects have no read permission by default-->
|
<!--MSysObjects have no read permission by default-->
|
||||||
|
|
@ -415,6 +419,8 @@
|
||||||
<current_user query="SELECT CURRENT_USER FROM RDB$DATABASE"/>
|
<current_user query="SELECT CURRENT_USER FROM RDB$DATABASE"/>
|
||||||
<current_db query="SELECT RDB$GET_CONTEXT('SYSTEM','DB_NAME') FROM RDB$DATABASE"/>
|
<current_db query="SELECT RDB$GET_CONTEXT('SYSTEM','DB_NAME') FROM RDB$DATABASE"/>
|
||||||
<hostname/>
|
<hostname/>
|
||||||
|
<table_comment/>
|
||||||
|
<column_comment/>
|
||||||
<is_dba query="CURRENT_USER='SYSDBA'"/>
|
<is_dba query="CURRENT_USER='SYSDBA'"/>
|
||||||
<users>
|
<users>
|
||||||
<inband query="SELECT RDB$USER FROM RDB$USER_PRIVILEGES"/>
|
<inband query="SELECT RDB$USER FROM RDB$USER_PRIVILEGES"/>
|
||||||
|
|
@ -471,6 +477,8 @@
|
||||||
<current_user query="SELECT USER() FROM DUAL"/>
|
<current_user query="SELECT USER() FROM DUAL"/>
|
||||||
<current_db query="SELECT DATABASE() FROM DUAL"/>
|
<current_db query="SELECT DATABASE() FROM DUAL"/>
|
||||||
<hostname/>
|
<hostname/>
|
||||||
|
<table_comment/>
|
||||||
|
<column_comment/>
|
||||||
<is_dba/>
|
<is_dba/>
|
||||||
<users>
|
<users>
|
||||||
<inband query="SELECT username FROM domain.users"/>
|
<inband query="SELECT username FROM domain.users"/>
|
||||||
|
|
@ -521,6 +529,8 @@
|
||||||
<current_user query="SELECT SUSER_NAME()"/>
|
<current_user query="SELECT SUSER_NAME()"/>
|
||||||
<current_db query="SELECT DB_NAME()"/>
|
<current_db query="SELECT DB_NAME()"/>
|
||||||
<hostname/>
|
<hostname/>
|
||||||
|
<table_comment/>
|
||||||
|
<column_comment/>
|
||||||
<is_dba query="PATINDEX('%sa_role%',SHOW_ROLE())>0" query2="EXISTS(SELECT * FROM master..syslogins,master..sysloginroles WHERE srid=0 and name='%s')"/>
|
<is_dba query="PATINDEX('%sa_role%',SHOW_ROLE())>0" query2="EXISTS(SELECT * FROM master..syslogins,master..sysloginroles WHERE srid=0 and name='%s')"/>
|
||||||
<users>
|
<users>
|
||||||
<inband query="SELECT name FROM master..syslogins"/>
|
<inband query="SELECT name FROM master..syslogins"/>
|
||||||
|
|
@ -592,6 +602,8 @@
|
||||||
<!-- NOTE: On DB2 we use the current user as default schema (database) -->
|
<!-- NOTE: On DB2 we use the current user as default schema (database) -->
|
||||||
<current_db query="SELECT current server FROM SYSIBM.SYSDUMMY1"/>
|
<current_db query="SELECT current server FROM SYSIBM.SYSDUMMY1"/>
|
||||||
<hostname query="SELECT host_name FROM TABLE(sysproc.env_get_sys_info())"/>
|
<hostname query="SELECT host_name FROM TABLE(sysproc.env_get_sys_info())"/>
|
||||||
|
<table_comment/>
|
||||||
|
<column_comment/>
|
||||||
<is_dba query="(SELECT dbadmauth FROM syscat.dbauth WHERE grantee=current user)='Y'"/>
|
<is_dba query="(SELECT dbadmauth FROM syscat.dbauth WHERE grantee=current user)='Y'"/>
|
||||||
<users>
|
<users>
|
||||||
<inband query="SELECT grantee FROM sysibm.sysdbauth WHERE grantee!='SYSTEM' AND grantee!='PUBLIC'"/>
|
<inband query="SELECT grantee FROM sysibm.sysdbauth WHERE grantee!='SYSTEM' AND grantee!='PUBLIC'"/>
|
||||||
|
|
@ -657,6 +669,8 @@
|
||||||
<current_user query="CURRENT_USER"/>
|
<current_user query="CURRENT_USER"/>
|
||||||
<current_db query="DATABASE()"/>
|
<current_db query="DATABASE()"/>
|
||||||
<hostname/>
|
<hostname/>
|
||||||
|
<table_comment/>
|
||||||
|
<column_comment/>
|
||||||
<is_dba query="SELECT ADMIN FROM INFORMATION_SCHEMA.SYSTEM_USERS WHERE USER=CURRENT_USER"/>
|
<is_dba query="SELECT ADMIN FROM INFORMATION_SCHEMA.SYSTEM_USERS WHERE USER=CURRENT_USER"/>
|
||||||
<check_udf/>
|
<check_udf/>
|
||||||
<users>
|
<users>
|
||||||
|
|
|
||||||
Loading…
Reference in New Issue
Block a user