sqlmapproject/sqlmap
1
1
Fork 0
mirror of https://github.com/sqlmapproject/sqlmap.git synced 2024-11-22 09:36:35 +03:00
Code Issues Packages Projects Releases Wiki Activity

Update for an Issue #481

Browse Source
This commit is contained in:
Miroslav Stampar 2013-07-29 18:25:27 +02:00
parent b921ff0729
commit de31688c4f
5 changed files with 51 additions and 3 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

1
lib/core/optiondict.py
View File

@ -121,6 +121,7 @@ optDict = {
"dumpTable": "boolean",
"dumpAll": "boolean",
"search": "boolean",
"getComments": "boolean",
"db": "string",
"tbl": "string",
"col": "string",

3
lib/parse/cmdline.py
View File

@ -386,6 +386,9 @@ def cmdLineParser():
enumeration.add_option("--search", dest="search", action="store_true",
help="Search column(s), table(s) and/or database name(s)")
enumeration.add_option("--comments", dest="getComments", action="store_true",
help="Retrieve DBMS comments")
enumeration.add_option("-D", dest="db",
help="DBMS database to enumerate")

26
plugins/generic/databases.py
View File

@ -554,6 +554,19 @@ class Databases:
name = safeSQLIdentificatorNaming(columnData[0])
if name:
if conf.getComments:
_ = queries[Backend.getIdentifiedDbms()].column_comment
if hasattr(_, "query"):
if Backend.getIdentifiedDbms() in (DBMS.ORACLE, DBMS.DB2):
query = _.query % (unsafeSQLIdentificatorNaming(conf.db.upper()), unsafeSQLIdentificatorNaming(tbl.upper()), unsafeSQLIdentificatorNaming(name.upper()))
else:
query = _.query % (unsafeSQLIdentificatorNaming(conf.db), unsafeSQLIdentificatorNaming(tbl), unsafeSQLIdentificatorNaming(name))
comment = unArrayizeValue(inject.getValue(query, blind=False, time=False))
else:
warnMsg = "on %s it is not " % Backend.getIdentifiedDbms()
warnMsg += "possible to get column comments"
singleTimeWarnMessage(warnMsg)
if len(columnData) == 1:
columns[name] = None
else:
@ -666,6 +679,19 @@ class Databases:
column = unArrayizeValue(inject.getValue(query, union=False, error=False))
if not isNoneValue(column):
if conf.getComments:
_ = queries[Backend.getIdentifiedDbms()].column_comment
if hasattr(_, "query"):
if Backend.getIdentifiedDbms() in (DBMS.ORACLE, DBMS.DB2):
query = _.query % (unsafeSQLIdentificatorNaming(conf.db.upper()), unsafeSQLIdentificatorNaming(tbl.upper()), unsafeSQLIdentificatorNaming(column.upper()))
else:
query = _.query % (unsafeSQLIdentificatorNaming(conf.db), unsafeSQLIdentificatorNaming(tbl), unsafeSQLIdentificatorNaming(column))
comment = unArrayizeValue(inject.getValue(query, union=False, error=False))
else:
warnMsg = "on %s it is not " % Backend.getIdentifiedDbms()
warnMsg += "possible to get column comments"
singleTimeWarnMessage(warnMsg)
if not onlyColNames:
if Backend.getIdentifiedDbms() in (DBMS.MYSQL, DBMS.PGSQL):
query = rootQuery.blind.query2 % (unsafeSQLIdentificatorNaming(tbl), column, unsafeSQLIdentificatorNaming(conf.db))

4
sqlmap.conf
View File

@ -429,6 +429,10 @@ dumpAll = False
# Valid: True or False
search = False
# Retrieve back-end database management system comments.
# Valid: True or False
getComments = False
# Back-end database management system database to enumerate.
db =

20
xml/queries.xml
View File

@ -240,9 +240,9 @@
NOTE: in Oracle to check if the session user is DBA you can use:
SELECT USERENV('ISDBA') FROM DUAL
-->
<hostname query="SELECT UTL_INADDR.get_host_name FROM DUAL"/>
<table_comment query="SELECT comments FROM user_tab_comments WHERE table_name='%s'"/>
<column_comment query="SELECT comments FROM user_col_comments WHERE table_name='%s' AND column_name='%s'"/>
<hostname query="SELECT UTL_INADDR.GET_HOST_NAME FROM DUAL"/>
<table_comment query="SELECT COMMENTS FROM ALL_TAB_COMMENTS WHERE OWNER='%s' AND TABLE_NAME='%s'"/>
<column_comment query="SELECT COMMENTS FROM ALL_COL_COMMENTS WHERE OWNER='%s' AND TABLE_NAME='%s' AND COLUMN_NAME='%s'"/>
<is_dba query="(SELECT GRANTED_ROLE FROM DBA_ROLE_PRIVS WHERE GRANTEE=USER AND GRANTED_ROLE='DBA')='DBA'"/>
<users>
<inband query="SELECT USERNAME FROM SYS.ALL_USERS"/>
@ -324,6 +324,8 @@
<current_user/>
<current_db/>
<hostname/>
<table_comment/>
<column_comment/>
<is_dba/>
<check_udf/>
<users/>
@ -374,6 +376,8 @@
<current_user/>
<current_db/>
<hostname/>
<table_comment/>
<column_comment/>
<is_dba/>
<dbs/>
<!--MSysObjects have no read permission by default-->
@ -415,6 +419,8 @@
<current_user query="SELECT CURRENT_USER FROM RDB$DATABASE"/>
<current_db query="SELECT RDB$GET_CONTEXT('SYSTEM','DB_NAME') FROM RDB$DATABASE"/>
<hostname/>
<table_comment/>
<column_comment/>
<is_dba query="CURRENT_USER='SYSDBA'"/>
<users>
<inband query="SELECT RDB$USER FROM RDB$USER_PRIVILEGES"/>
@ -471,6 +477,8 @@
<current_user query="SELECT USER() FROM DUAL"/>
<current_db query="SELECT DATABASE() FROM DUAL"/>
<hostname/>
<table_comment/>
<column_comment/>
<is_dba/>
<users>
<inband query="SELECT username FROM domain.users"/>
@ -521,6 +529,8 @@
<current_user query="SELECT SUSER_NAME()"/>
<current_db query="SELECT DB_NAME()"/>
<hostname/>
<table_comment/>
<column_comment/>
<is_dba query="PATINDEX('%sa_role%',SHOW_ROLE())>0" query2="EXISTS(SELECT * FROM master..syslogins,master..sysloginroles WHERE srid=0 and name='%s')"/>
<users>
<inband query="SELECT name FROM master..syslogins"/>
@ -592,6 +602,8 @@
<!-- NOTE: On DB2 we use the current user as default schema (database) -->
<current_db query="SELECT current server FROM SYSIBM.SYSDUMMY1"/>
<hostname query="SELECT host_name FROM TABLE(sysproc.env_get_sys_info())"/>
<table_comment/>
<column_comment/>
<is_dba query="(SELECT dbadmauth FROM syscat.dbauth WHERE grantee=current user)='Y'"/>
<users>
<inband query="SELECT grantee FROM sysibm.sysdbauth WHERE grantee!='SYSTEM' AND grantee!='PUBLIC'"/>
@ -657,6 +669,8 @@
<current_user query="CURRENT_USER"/>
<current_db query="DATABASE()"/>
<hostname/>
<table_comment/>
<column_comment/>
<is_dba query="SELECT ADMIN FROM INFORMATION_SCHEMA.SYSTEM_USERS WHERE USER=CURRENT_USER"/>
<check_udf/>
<users>