Thanks to visit codestin.com
Credit goes to github.com

Skip to content

Commit 27fdccc

Browse files
stamparmstamparm
committed
Update for Issue #55 (falling back to SELECT DB_NAME(N))
1 parent bbf41f6 commit 27fdccc

3 files changed

Lines changed: 23 additions & 3 deletions

File tree

plugins/dbms/sybase/enumeration.py

Lines changed: 2 additions & 2 deletions
Original file line numberDiff line numberDiff line change
@@ -36,9 +36,9 @@ def getUsers(self):
3636
query = rootQuery.inband.query
3737

3838
if any(isTechniqueAvailable(_) for _ in (PAYLOAD.TECHNIQUE.UNION, PAYLOAD.TECHNIQUE.ERROR)) or conf.direct:
39-
blinds = [False, True]
39+
blinds = (False, True)
4040
else:
41-
blinds = [True]
41+
blinds = (True,)
4242

4343
for blind in blinds:
4444
retVal = self.__pivotDumpTable("(%s) AS %s" % (query, randStr), ['%s.name' % randStr], blind=blind)

plugins/generic/enumeration.py

Lines changed: 20 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -764,6 +764,26 @@ def getDbs(self):
764764
if db:
765765
kb.data.cachedDbs.append(safeSQLIdentificatorNaming(db))
766766

767+
if not kb.data.cachedDbs and Backend.isDbms(DBMS.MSSQL):
768+
if any(isTechniqueAvailable(_) for _ in (PAYLOAD.TECHNIQUE.UNION, PAYLOAD.TECHNIQUE.ERROR)) or conf.direct:
769+
blinds = (False, True)
770+
else:
771+
blinds = (True,)
772+
773+
for blind in blinds:
774+
count = 0
775+
kb.data.cachedDbs = []
776+
while True:
777+
query = rootQuery.inband.query2 % count
778+
value = inject.getValue(query, blind=blind)
779+
if not value:
780+
break
781+
else:
782+
kb.data.cachedDbs.append(unArrayizeValue(value))
783+
count += 1
784+
if kb.data.cachedDbs:
785+
break
786+
767787
if not kb.data.cachedDbs:
768788
infoMsg = "falling back to current database"
769789
logger.info(infoMsg)

xml/queries.xml

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -183,7 +183,7 @@
183183
<privileges/>
184184
<roles/>
185185
<dbs>
186-
<inband query="SELECT name FROM master..sysdatabases"/>
186+
<inband query="SELECT name FROM master..sysdatabases" query2="SELECT DB_NAME(%d)"/>
187187
<blind query="SELECT TOP 1 name FROM master..sysdatabases WHERE name NOT IN (SELECT TOP %d name FROM master..sysdatabases ORDER BY name) ORDER BY name" count="SELECT LTRIM(STR(COUNT(name))) FROM master..sysdatabases"/>
188188
</dbs>
189189
<tables>

0 commit comments

Comments
 (0)