Thanks to visit codestin.com
Credit goes to github.com

Skip to content

Commit 3fe493b

Browse files
bdamelebdamele
committed
Minor enhancement to support an option (--is-dba) to show if the
current user is a database management system administrator.
1 parent c32ef9d commit 3fe493b

8 files changed

Lines changed: 42 additions & 0 deletions

File tree

doc/ChangeLog

Lines changed: 11 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -1,3 +1,14 @@
1+
sqlmap (0.6.4-1) stable; urgency=low
2+
3+
* Minor enhancement to support an option (--is-dba) to show if the
4+
current user is a database management system administrator;
5+
* Major bug fix to avoid tracebacks when multiple targets are specified
6+
and one of them is not reachable;
7+
* Minor bug fix to make the --postfix work even if --prefix is not
8+
provided;
9+
10+
-- Bernardo Damele A. G. <[email protected]> Day, DD MMM 2009 10:00:00 +0000
11+
112
sqlmap (0.6.3-1) stable; urgency=low
213

314
* Major enhancement to get list of targets to test from Burp proxy

lib/controller/action.py

Lines changed: 3 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -90,6 +90,9 @@ def action():
9090
if conf.getCurrentDb:
9191
dumper.string("current database", conf.dbmsHandler.getCurrentDb())
9292

93+
if conf.isDba:
94+
dumper.string("current user is DBA", conf.dbmsHandler.isDba())
95+
9396
if conf.getUsers:
9497
dumper.lister("database management system users", conf.dbmsHandler.getUsers())
9598

lib/core/optiondict.py

Lines changed: 1 addition & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -74,6 +74,7 @@
7474
"getBanner": "boolean",
7575
"getCurrentUser": "boolean",
7676
"getCurrentDb": "boolean",
77+
"isDba": "boolean",
7778
"getUsers": "boolean",
7879
"getPasswordHashes": "boolean",
7980
"getPrivileges": "boolean",

lib/parse/cmdline.py

Lines changed: 4 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -202,6 +202,10 @@ def cmdLineParser():
202202
action="store_true",
203203
help="Retrieve DBMS current database")
204204

205+
enumeration.add_option("--is-dba", dest="isDba",
206+
action="store_true",
207+
help="Detect if the DBMS current user is DBA")
208+
205209
enumeration.add_option("--users", dest="getUsers", action="store_true",
206210
help="Enumerate DBMS users")
207211

lib/parse/queriesfile.py

Lines changed: 4 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -123,6 +123,10 @@ def startElement(self, name, attrs):
123123
data = sanitizeStr(attrs.get("query"))
124124
self.__queries.currentDb = data
125125

126+
elif name == "is_dba":
127+
data = sanitizeStr(attrs.get("query"))
128+
self.__queries.isDba = data
129+
126130
elif name == "inband":
127131
self.__inband = sanitizeStr(attrs.get("query"))
128132
self.__inband2 = sanitizeStr(attrs.get("query2"))

plugins/generic/enumeration.py

Lines changed: 11 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -116,6 +116,17 @@ def getCurrentDb(self):
116116
return self.currentDb
117117

118118

119+
def isDba(self):
120+
infoMsg = "testing if current user is DBA"
121+
logger.info(infoMsg)
122+
123+
query = queries[kb.dbms].isDba
124+
125+
self.isDba = inject.getValue(query)
126+
127+
return str(self.isDba == "1")
128+
129+
119130
def getUsers(self):
120131
infoMsg = "fetching database users"
121132
logger.info(infoMsg)

sqlmap.conf

Lines changed: 4 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -170,6 +170,10 @@ getCurrentUser = False
170170
# Valid: True or False
171171
getCurrentDb = False
172172

173+
# Detect if the DBMS current user is DBA.
174+
# Valid: True or False
175+
isDba = False
176+
173177
# Enumerate back-end database management system users.
174178
# Valid: True or False
175179
getUsers = False

xml/queries.xml

Lines changed: 4 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -27,6 +27,7 @@
2727
<banner query="VERSION()"/>
2828
<current_user query="CURRENT_USER()"/>
2929
<current_db query="DATABASE()"/>
30+
<is_dba query="SELECT (CASE WHEN super_priv='Y' THEN 1 ELSE 0 END) FROM mysql.user WHERE user=(SUBSTRING_INDEX(CURRENT_USER(), '@', 1)) LIMIT 0, 1" query2="SELECT IF((SELECT privilege_type FROM information_schema.USER_PRIVILEGES WHERE grantee LIKE '%s' AND privilege_type='SUPER' LIMIT 0, 1)='SUPER', 1, 0)"/>
3031
<users>
3132
<inband query="SELECT grantee FROM information_schema.USER_PRIVILEGES" query2="SELECT user FROM mysql.user"/>
3233
<blind query="SELECT DISTINCT(grantee) FROM information_schema.USER_PRIVILEGES LIMIT %d, 1" query2="SELECT DISTINCT(user) FROM mysql.user LIMIT %d, 1" count="SELECT COUNT(DISTINCT(grantee)) FROM information_schema.USER_PRIVILEGES" count2="SELECT COUNT(DISTINCT(user)) FROM mysql.user"/>
@@ -77,6 +78,7 @@
7778
<banner query="SELECT banner FROM v$version WHERE ROWNUM=1"/>
7879
<current_user query="SELECT SYS.LOGIN_USER FROM DUAL"/>
7980
<current_db query="SELECT SYS.DATABASE_NAME FROM DUAL"/>
81+
<is_dba query="SELECT CASE WHEN ((SELECT GRANTED_ROLE FROM DBA_ROLE_PRIVS WHERE GRANTEE=SYS.LOGIN_USER AND GRANTED_ROLE='DBA')='DBA') THEN 1 ELSE 0 END FROM DUAL"/>
8082
<users>
8183
<inband query="SELECT USERNAME FROM SYS.ALL_USERS"/>
8284
<blind query="SELECT DISTINCT(USERNAME) FROM (SELECT DISTINCT(USERNAME), ROWNUM AS limit FROM SYS.ALL_USERS) WHERE limit=%d" count="SELECT COUNT(DISTINCT(USERNAME)) FROM SYS.ALL_USERS"/>
@@ -126,6 +128,7 @@
126128
<banner query="VERSION()"/>
127129
<current_user query="CURRENT_USER"/>
128130
<current_db query="CURRENT_DATABASE()"/>
131+
<is_dba query="SELECT (CASE WHEN usesuper=true THEN 1 ELSE 0 END) FROM pg_user WHERE usename=CURRENT_USER OFFSET 0 LIMIT 1"/>
129132
<users>
130133
<inband query="SELECT usename FROM pg_user"/>
131134
<blind query="SELECT DISTINCT(usename) FROM pg_user OFFSET %d LIMIT 1" count="SELECT COUNT(DISTINCT(usename)) FROM pg_user"/>
@@ -176,6 +179,7 @@
176179
<banner query="@@VERSION"/>
177180
<current_user query="SYSTEM_USER"/>
178181
<current_db query="DB_NAME()"/>
182+
<is_dba query="SELECT (CASE WHEN is_srvrolemember('sysadmin')=1 THEN 1 ELSE 0 END)"/>
179183
<users>
180184
<inband query="SELECT name FROM master..syslogins" query2="SELECT name FROM sys.sql_logins"/>
181185
<blind query="SELECT TOP 1 name FROM master..syslogins WHERE name NOT IN (SELECT TOP %d name FROM master..syslogins)" query2="SELECT TOP 1 name FROM sys.sql_logins WHERE name NOT IN (SELECT TOP %d name FROM sys.sql_logins)" count="SELECT LTRIM(STR(COUNT(name))) FROM master..syslogins" count2="SELECT LTRIM(STR(COUNT(name))) FROM sys.sql_logins"/>

0 commit comments

Comments
 (0)