Thanks to visit codestin.com
Credit goes to github.com

Skip to content

Commit 39b406c

Browse files
stamparmstamparm
committed
fix for --search on Oracle
1 parent b9ae28d commit 39b406c

3 files changed

Lines changed: 44 additions & 148 deletions

File tree

plugins/dbms/oracle/enumeration.py

Lines changed: 0 additions & 115 deletions
Original file line numberDiff line numberDiff line change
@@ -168,118 +168,3 @@ def getRoles(self, query2=False):
168168
raise sqlmapNoneDataException, errMsg
169169

170170
return ( kb.data.cachedUsersRoles, areAdmins )
171-
172-
def searchColumn(self):
173-
rootQuery = queries[Backend.getIdentifiedDbms()].search_column
174-
foundCols = {}
175-
dbs = { "USERS": {} }
176-
colList = conf.col.split(",")
177-
colCond = rootQuery.inband.condition
178-
179-
colConsider, colCondParam = self.likeOrExact("column")
180-
181-
for column in colList:
182-
column = safeSQLIdentificatorNaming(column)
183-
column = column.upper()
184-
185-
infoMsg = "searching column"
186-
if colConsider == "1":
187-
infoMsg += "s like"
188-
infoMsg += " '%s'" % unsafeSQLIdentificatorNaming(column)
189-
logger.info(infoMsg)
190-
191-
foundCols[column] = {}
192-
193-
colQuery = "%s%s" % (colCond, colCondParam)
194-
colQuery = colQuery % unsafeSQLIdentificatorNaming(column)
195-
196-
for db in dbs.keys():
197-
db = safeSQLIdentificatorNaming(db)
198-
199-
if isTechniqueAvailable(PAYLOAD.TECHNIQUE.UNION) or isTechniqueAvailable(PAYLOAD.TECHNIQUE.ERROR) or conf.direct:
200-
query = rootQuery.inband.query
201-
query += colQuery
202-
values = inject.getValue(query, blind=False)
203-
204-
if not isNoneValue(values):
205-
if isinstance(values, basestring):
206-
values = [ values ]
207-
208-
for foundTbl in values:
209-
foundTbl = safeSQLIdentificatorNaming(foundTbl, True)
210-
211-
if foundTbl is None:
212-
continue
213-
214-
if foundTbl not in dbs[db]:
215-
dbs[db][foundTbl] = {}
216-
217-
if colConsider == "1":
218-
conf.db = db
219-
conf.tbl = foundTbl
220-
conf.col = column
221-
222-
self.getColumns(onlyColNames=True, colTuple=(colConsider, colCondParam))
223-
224-
dbs[db][foundTbl].update(kb.data.cachedColumns[db][foundTbl])
225-
kb.data.cachedColumns = {}
226-
else:
227-
dbs[db][foundTbl][column] = None
228-
229-
if db in foundCols[column]:
230-
foundCols[column][db].append(foundTbl)
231-
else:
232-
foundCols[column][db] = [ foundTbl ]
233-
else:
234-
foundCols[column][db] = []
235-
236-
infoMsg = "fetching number of tables containing column"
237-
if colConsider == "1":
238-
infoMsg += "s like"
239-
infoMsg += " '%s' in database '%s'" % (column, db)
240-
logger.info(infoMsg)
241-
242-
query = rootQuery.blind.count2
243-
query += " WHERE %s" % colQuery
244-
count = inject.getValue(query, inband=False, error=False, expected=EXPECTED.INT, charsetType=2)
245-
246-
if not isNumPosStrValue(count):
247-
warnMsg = "no tables contain column"
248-
if colConsider == "1":
249-
warnMsg += "s like"
250-
warnMsg += " '%s' " % column
251-
warnMsg += "in database '%s'" % db
252-
logger.warn(warnMsg)
253-
254-
continue
255-
256-
indexRange = getRange(count)
257-
258-
for index in indexRange:
259-
query = rootQuery.blind.query2
260-
query += " WHERE %s" % colQuery
261-
query = agent.limitQuery(index, query)
262-
tbl = inject.getValue(query, inband=False, error=False)
263-
kb.hintValue = tbl
264-
265-
tbl = safeSQLIdentificatorNaming(tbl, True)
266-
267-
if tbl not in dbs[db]:
268-
dbs[db][tbl] = {}
269-
270-
if colConsider == "1":
271-
conf.db = db
272-
conf.tbl = tbl
273-
conf.col = column
274-
275-
self.getColumns(onlyColNames=True, colTuple=(colConsider, colCondParam))
276-
277-
if db in kb.data.cachedColumns and tbl in kb.data.cachedColumns[db]:
278-
dbs[db][tbl].update(kb.data.cachedColumns[db][tbl])
279-
kb.data.cachedColumns = {}
280-
else:
281-
dbs[db][tbl][column] = None
282-
283-
foundCols[column][db].append(tbl)
284-
285-
self.dumpFoundColumn(dbs, foundCols, colConsider)

plugins/generic/enumeration.py

Lines changed: 42 additions & 31 deletions
Original file line numberDiff line numberDiff line change
@@ -2193,7 +2193,7 @@ def searchColumn(self):
21932193
for column in colList:
21942194
column = safeSQLIdentificatorNaming(column)
21952195

2196-
if Backend.isDbms(DBMS.DB2):
2196+
if Backend.getIdentifiedDbms() in (DBMS.ORACLE, DBMS.DB2):
21972197
column = column.upper()
21982198

21992199
infoMsg = "searching column"
@@ -2259,43 +2259,49 @@ def searchColumn(self):
22592259
else:
22602260
foundCols[column][foundDb] = [ foundTbl ]
22612261
else:
2262-
infoMsg = "fetching number of databases with tables containing column"
2263-
if colConsider == "1":
2264-
infoMsg += "s like"
2265-
infoMsg += " '%s'" % column
2266-
logger.info(infoMsg)
2262+
if not conf.db:
2263+
infoMsg = "fetching number of databases with tables containing column"
2264+
if colConsider == "1":
2265+
infoMsg += "s like"
2266+
infoMsg += " '%s'" % column
2267+
logger.info(infoMsg)
22672268

2268-
query = rootQuery.blind.count
2269-
query += colQuery
2270-
query += whereDbsQuery
2271-
count = inject.getValue(query, inband=False, error=False, expected=EXPECTED.INT, charsetType=2)
2269+
query = rootQuery.blind.count
2270+
query += colQuery
2271+
query += whereDbsQuery
2272+
count = inject.getValue(query, inband=False, error=False, expected=EXPECTED.INT, charsetType=2)
22722273

2273-
if not isNumPosStrValue(count):
2274-
warnMsg = "no databases have tables containing column"
2275-
if colConsider == "1":
2276-
warnMsg += "s like"
2277-
warnMsg += " '%s'" % column
2278-
logger.warn(warnMsg)
2274+
if not isNumPosStrValue(count):
2275+
warnMsg = "no databases have tables containing column"
2276+
if colConsider == "1":
2277+
warnMsg += "s like"
2278+
warnMsg += " '%s'" % column
2279+
logger.warn(warnMsg)
22792280

2280-
continue
2281+
continue
22812282

2282-
indexRange = getRange(count)
2283+
indexRange = getRange(count)
22832284

2284-
for index in indexRange:
2285-
query = rootQuery.blind.query
2286-
query += colQuery
2287-
query += whereDbsQuery
2288-
if Backend.isDbms(DBMS.DB2):
2289-
query += ") AS foobar"
2290-
query = agent.limitQuery(index, query)
2291-
db = inject.getValue(query, inband=False, error=False)
2292-
db = safeSQLIdentificatorNaming(db)
2285+
for index in indexRange:
2286+
query = rootQuery.blind.query
2287+
query += colQuery
2288+
query += whereDbsQuery
2289+
if Backend.isDbms(DBMS.DB2):
2290+
query += ") AS foobar"
2291+
query = agent.limitQuery(index, query)
2292+
db = inject.getValue(query, inband=False, error=False)
2293+
db = safeSQLIdentificatorNaming(db)
22932294

2294-
if db not in dbs:
2295-
dbs[db] = {}
2295+
if db not in dbs:
2296+
dbs[db] = {}
22962297

2297-
if db not in foundCols[column]:
2298-
foundCols[column][db] = []
2298+
if db not in foundCols[column]:
2299+
foundCols[column][db] = []
2300+
else:
2301+
for db in conf.db.split(","):
2302+
dbs[db] = {}
2303+
if db not in foundCols[column]:
2304+
foundCols[column][db] = []
22992305

23002306
for column, dbData in foundCols.items():
23012307
colQuery = "%s%s" % (colCond, colCondParam)
@@ -2358,6 +2364,11 @@ def searchColumn(self):
23582364
self.dumpFoundColumn(dbs, foundCols, colConsider)
23592365

23602366
def search(self):
2367+
if conf.db and Backend.getIdentifiedDbms() in (DBMS.ORACLE, DBMS.DB2):
2368+
for item in ('db', 'tbl', 'col'):
2369+
if getattr(conf, item, None):
2370+
setattr(conf, item, getattr(conf, item).upper())
2371+
23612372
if conf.col:
23622373
self.searchColumn()
23632374

xml/queries.xml

Lines changed: 2 additions & 2 deletions
Original file line numberDiff line numberDiff line change
@@ -290,8 +290,8 @@
290290
<blind query="SELECT DISTINCT(OWNER) FROM SYS.ALL_TABLES WHERE " query2="SELECT TABLE_NAME FROM SYS.ALL_TABLES WHERE OWNER='%s'" count="SELECT COUNT(DISTINCT(OWNER)) FROM SYS.ALL_TABLES WHERE " count2="SELECT COUNT(TABLE_NAME) FROM SYS.ALL_TABLES WHERE OWNER='%s'" condition="TABLE_NAME" condition2="OWNER"/>
291291
</search_table>
292292
<search_column>
293-
<inband query="SELECT TABLE_NAME FROM SYS.ALL_TAB_COLUMNS WHERE " condition="COLUMN_NAME"/>
294-
<blind query="" query2="SELECT DISTINCT(TABLE_NAME) FROM SYS.ALL_TAB_COLUMNS" count="" count2="SELECT COUNT(DISTINCT(TABLE_NAME)) FROM SYS.ALL_TAB_COLUMNS" condition="COLUMN_NAME"/>
293+
<inband query="SELECT OWNER,TABLE_NAME FROM SYS.ALL_TAB_COLUMNS WHERE " condition="COLUMN_NAME" condition2="OWNER"/>
294+
<blind query="SELECT DISTINCT(OWNER) FROM SYS.ALL_TAB_COLUMNS WHERE " query2="SELECT DISTINCT(TABLE_NAME) FROM SYS.ALL_TAB_COLUMNS WHERE OWNER='%s'" count="SELECT COUNT(DISTINCT(OWNER)) FROM SYS.ALL_TAB_COLUMNS WHERE " count2="SELECT COUNT(DISTINCT(TABLE_NAME)) FROM SYS.ALL_TAB_COLUMNS WHERE OWNER='%s'" condition="COLUMN_NAME" condition2="OWNER"/>
295295
</search_column>
296296
</dbms>
297297

0 commit comments

Comments
 (0)