diff --git a/plugins/generic/databases.py b/plugins/generic/databases.py index 075ad8489..34b2989c8 100644 --- a/plugins/generic/databases.py +++ b/plugins/generic/databases.py @@ -388,19 +388,6 @@ class Databases: conf.db = safeSQLIdentificatorNaming(conf.db) - if conf.col: - if Backend.getIdentifiedDbms() in (DBMS.ORACLE, DBMS.DB2): - conf.col = conf.col.upper() - - colList = conf.col.split(",") - else: - colList = [] - - for col in colList: - colList[colList.index(col)] = safeSQLIdentificatorNaming(col) - - colList = filter(None, colList) - if conf.tbl: if Backend.getIdentifiedDbms() in (DBMS.ORACLE, DBMS.DB2): conf.tbl = conf.tbl.upper() @@ -440,7 +427,19 @@ class Databases: logger.error(errMsg) bruteForce = True - if bruteForce or colList: + if bruteForce: + if conf.col: + if Backend.getIdentifiedDbms() in (DBMS.ORACLE, DBMS.DB2): + conf.col = conf.col.upper() + + colList = conf.col.split(",") + else: + colList = [] + + for col in colList: + colList[colList.index(col)] = safeSQLIdentificatorNaming(col) + + colList = filter(None, colList) resumeAvailable = False for tbl in tblList: @@ -491,37 +490,17 @@ class Databases: return {conf.db: kb.data.cachedColumns[conf.db]} - infoMsg = "fetching columns " - - if len(colList) > 0: - if colTuple is None: - colConsider, colCondParam = self.likeOrExact("column") - else: - colConsider, colCondParam = colTuple - condQueryStr = "%%s%s" % colCondParam - condQuery = " AND (%s)" % " OR ".join(condQueryStr % (condition, unsafeSQLIdentificatorNaming(col)) for col in sorted(colList)) - - if colConsider == "1": - infoMsg += "like '%s' " % ", ".join(unsafeSQLIdentificatorNaming(col) for col in sorted(colList)) - else: - infoMsg += "'%s' " % ", ".join(unsafeSQLIdentificatorNaming(col) for col in sorted(colList)) - else: - condQuery = "" - - infoMsg += "for table '%s' " % unsafeSQLIdentificatorNaming(tbl) + infoMsg = "fetching columns for table '%s' " % unsafeSQLIdentificatorNaming(tbl) infoMsg += "in database '%s'" % unsafeSQLIdentificatorNaming(conf.db) logger.info(infoMsg) if Backend.getIdentifiedDbms() in (DBMS.MYSQL, DBMS.PGSQL): query = rootQuery.inband.query % (unsafeSQLIdentificatorNaming(tbl), unsafeSQLIdentificatorNaming(conf.db)) - query += condQuery elif Backend.getIdentifiedDbms() in (DBMS.ORACLE, DBMS.DB2): query = rootQuery.inband.query % unsafeSQLIdentificatorNaming(tbl.upper()) - query += condQuery elif Backend.isDbms(DBMS.MSSQL): query = rootQuery.inband.query % (conf.db, conf.db, conf.db, conf.db, conf.db, conf.db, conf.db, unsafeSQLIdentificatorNaming(tbl).split(".")[-1]) - query += condQuery.replace("[DB]", conf.db) elif Backend.isDbms(DBMS.SQLITE): query = rootQuery.inband.query % tbl @@ -560,44 +539,19 @@ class Databases: return {conf.db: kb.data.cachedColumns[conf.db]} - infoMsg = "fetching columns " - - if len(colList) > 0: - if colTuple is None: - colConsider, colCondParam = self.likeOrExact("column") - else: - colConsider, colCondParam = colTuple - condQueryStr = "%%s%s" % colCondParam - condQuery = " AND (%s)" % " OR ".join(condQueryStr % (condition, unsafeSQLIdentificatorNaming(col)) for col in sorted(colList)) - - if colConsider == "1": - infoMsg += "like '%s' " % ", ".join(unsafeSQLIdentificatorNaming(col) for col in sorted(colList)) - else: - infoMsg += "'%s' " % ", ".join(unsafeSQLIdentificatorNaming(col) for col in sorted(colList)) - else: - condQuery = "" - - infoMsg += "for table '%s' " % unsafeSQLIdentificatorNaming(tbl) + infoMsg = "fetching columns for table '%s' " % unsafeSQLIdentificatorNaming(tbl) infoMsg += "in database '%s'" % unsafeSQLIdentificatorNaming(conf.db) logger.info(infoMsg) if Backend.getIdentifiedDbms() in (DBMS.MYSQL, DBMS.PGSQL): query = rootQuery.blind.count % (unsafeSQLIdentificatorNaming(tbl), unsafeSQLIdentificatorNaming(conf.db)) - query += condQuery - elif Backend.getIdentifiedDbms() in (DBMS.ORACLE, DBMS.DB2): query = rootQuery.blind.count % unsafeSQLIdentificatorNaming(tbl.upper()) - query += condQuery - elif Backend.isDbms(DBMS.MSSQL): query = rootQuery.blind.count % (conf.db, conf.db, \ unsafeSQLIdentificatorNaming(tbl).split(".")[-1]) - query += condQuery.replace("[DB]", conf.db) - elif Backend.isDbms(DBMS.FIREBIRD): query = rootQuery.blind.count % (tbl) - query += condQuery - elif Backend.isDbms(DBMS.SQLITE): query = rootQuery.blind.query % tbl value = inject.getValue(query, union=False, error=False) @@ -620,19 +574,15 @@ class Databases: for index in getLimitRange(count): if Backend.getIdentifiedDbms() in (DBMS.MYSQL, DBMS.PGSQL): query = rootQuery.blind.query % (unsafeSQLIdentificatorNaming(tbl), unsafeSQLIdentificatorNaming(conf.db)) - query += condQuery field = None elif Backend.getIdentifiedDbms() in (DBMS.ORACLE, DBMS.DB2): query = rootQuery.blind.query % unsafeSQLIdentificatorNaming(tbl.upper()) - query += condQuery field = None elif Backend.isDbms(DBMS.MSSQL): query = rootQuery.blind.query.replace("'%s'", "'%s'" % unsafeSQLIdentificatorNaming(tbl).split(".")[-1]).replace("%s", conf.db).replace("%d", str(index)) - query += condQuery.replace("[DB]", conf.db) field = condition.replace("[DB]", conf.db) elif Backend.isDbms(DBMS.FIREBIRD): query = rootQuery.blind.query % (tbl) - query += condQuery field = None query = agent.limitQuery(index, query, field, field)