Thanks to visit codestin.com
Credit goes to github.com

Skip to content

Commit 3e21f3d

Browse files
bdamelebdamele
committed
fixed --search -C too on MSSQL - issue #81 
1 parent 60242f9 commit 3e21f3d

1 file changed

Lines changed: 17 additions & 3 deletions

File tree

plugins/dbms/mssqlserver/enumeration.py

Lines changed: 17 additions & 3 deletions
Original file line numberDiff line numberDiff line change
@@ -162,7 +162,6 @@ def searchTable(self):
162162
tblList = conf.tbl.split(",")
163163
rootQuery = queries[Backend.getIdentifiedDbms()].search_table
164164
tblCond = rootQuery.inband.condition
165-
#dbCond = rootQuery.inband.condition2
166165
tblConsider, tblCondParam = self.likeOrExact("table")
167166

168167
if conf.db and conf.db != CURRENT_DB:
@@ -260,11 +259,16 @@ def searchColumn(self):
260259
rootQuery = queries[Backend.getIdentifiedDbms()].search_column
261260
foundCols = {}
262261
dbs = {}
262+
whereTblsQuery = ""
263+
infoMsgTbl = ""
263264
colList = conf.col.split(",")
265+
origTbl = conf.tbl
266+
origDb = conf.db
264267
colCond = rootQuery.inband.condition
268+
tblCond = rootQuery.inband.condition2
265269
colConsider, colCondParam = self.likeOrExact("column")
266270

267-
if conf.db is not None:
271+
if conf.db and conf.db != CURRENT_DB:
268272
enumDbs = conf.db.split(",")
269273
elif not len(kb.data.cachedDbs):
270274
enumDbs = self.getDbs()
@@ -277,15 +281,23 @@ def searchColumn(self):
277281

278282
for column in colList:
279283
column = safeSQLIdentificatorNaming(column)
284+
conf.db = origDb
285+
conf.tbl = origTbl
280286

281287
infoMsg = "searching column"
282288
if colConsider == "1":
283289
infoMsg += "s like"
284290
infoMsg += " '%s'" % unsafeSQLIdentificatorNaming(column)
285-
logger.info(infoMsg)
286291

287292
foundCols[column] = {}
288293

294+
if conf.tbl:
295+
_ = conf.tbl.split(",")
296+
whereTblsQuery = " AND (" + " OR ".join("%s = '%s'" % (tblCond, unsafeSQLIdentificatorNaming(tbl)) for tbl in _) + ")"
297+
infoMsgTbl = " for table%s '%s'" % ("s" if len(_) > 1 else "", ", ".join(tbl for tbl in _))
298+
299+
logger.info("%s%s" % (infoMsg, infoMsgTbl))
300+
289301
colQuery = "%s%s" % (colCond, colCondParam)
290302
colQuery = colQuery % unsafeSQLIdentificatorNaming(column)
291303

@@ -301,6 +313,7 @@ def searchColumn(self):
301313
if any(isTechniqueAvailable(_) for _ in (PAYLOAD.TECHNIQUE.UNION, PAYLOAD.TECHNIQUE.ERROR)) or conf.direct:
302314
query = rootQuery.inband.query % (db, db, db, db, db, db)
303315
query += " AND %s" % colQuery.replace("[DB]", db)
316+
query += whereTblsQuery.replace("[DB]", db)
304317
values = inject.getValue(query, blind=False)
305318

306319
if not isNoneValue(values):
@@ -388,4 +401,5 @@ def searchColumn(self):
388401

389402
foundCols[column][db].append(tbl)
390403

404+
conf.dumper.dbColumns(foundCols, colConsider, dbs)
391405
self.dumpFoundColumn(dbs, foundCols, colConsider)

0 commit comments

Comments
 (0)