Thanks to visit codestin.com
Credit goes to github.com

Skip to content

Commit 6c1b31d

Browse files
bdamelebdamele
committed
Adjusted --columns with -C also for Microsoft SQL Server
1 parent ef1180c commit 6c1b31d

2 files changed

Lines changed: 23 additions & 14 deletions

File tree

plugins/generic/enumeration.py

Lines changed: 21 additions & 12 deletions
Original file line numberDiff line numberDiff line change
@@ -805,14 +805,14 @@ def getColumns(self, onlyColNames=False):
805805
conf.db = self.getCurrentDb()
806806

807807
rootQuery = queries[kb.dbms].columns
808+
condition = rootQuery["blind"]["condition"]
808809

809810
infoMsg = "fetching columns "
810811

811812
if conf.col:
812813
if kb.dbms == "Oracle":
813814
conf.col = conf.col.upper()
814815
colList = conf.col.split(",")
815-
condition = rootQuery["blind"]["condition"]
816816
condQuery = " AND (" + " OR ".join("%s LIKE '%s'" % (condition, "%" + col + "%") for col in colList) + ")"
817817
infoMsg += "like '%s' " % ", ".join(col for col in colList)
818818
else:
@@ -825,16 +825,17 @@ def getColumns(self, onlyColNames=False):
825825
if kb.unionPosition:
826826
if kb.dbms in ( "MySQL", "PostgreSQL" ):
827827
query = rootQuery["inband"]["query"] % (conf.tbl, conf.db)
828+
query += condQuery
828829
elif kb.dbms == "Oracle":
829830
query = rootQuery["inband"]["query"] % conf.tbl.upper()
831+
query += condQuery
830832
elif kb.dbms == "Microsoft SQL Server":
831-
# TODO: adjust with condQuery
832833
query = rootQuery["inband"]["query"] % (conf.db, conf.db,
833834
conf.db, conf.db,
834835
conf.db, conf.db,
835836
conf.db, conf.tbl)
837+
query += condQuery.replace("[DB]", conf.db)
836838

837-
query += condQuery
838839
value = inject.getValue(query, blind=False)
839840

840841
if value:
@@ -855,13 +856,14 @@ def getColumns(self, onlyColNames=False):
855856

856857
if kb.dbms in ( "MySQL", "PostgreSQL" ):
857858
query = rootQuery["blind"]["count"] % (conf.tbl, conf.db)
859+
query += condQuery
858860
elif kb.dbms == "Oracle":
859861
query = rootQuery["blind"]["count"] % conf.tbl.upper()
862+
query += condQuery
860863
elif kb.dbms == "Microsoft SQL Server":
861-
# TODO: adjust with condQuery
862864
query = rootQuery["blind"]["count"] % (conf.db, conf.db, conf.tbl)
865+
query += condQuery.replace("[DB]", conf.db)
863866

864-
query += condQuery
865867
count = inject.getValue(query, inband=False, expected="int", charsetType=2)
866868

867869
if not count.isdigit() or not len(count) or count == "0":
@@ -873,7 +875,8 @@ def getColumns(self, onlyColNames=False):
873875
table = {}
874876
columns = {}
875877

876-
if kb.dbms == "Microsoft SQL Server":
878+
# TODO: check on Oracle
879+
if kb.dbms == "Oracle":
877880
plusOne = True
878881
else:
879882
plusOne = False
@@ -882,15 +885,21 @@ def getColumns(self, onlyColNames=False):
882885
for index in indexRange:
883886
if kb.dbms in ( "MySQL", "PostgreSQL" ):
884887
query = rootQuery["blind"]["query"] % (conf.tbl, conf.db)
888+
query += condQuery
889+
field = None
885890
elif kb.dbms == "Oracle":
886891
query = rootQuery["blind"]["query"] % (conf.tbl.upper())
892+
query += condQuery
893+
field = None
887894
elif kb.dbms == "Microsoft SQL Server":
888-
# TODO: adjust with condQuery
889-
query = rootQuery["blind"]["query"] % (index, conf.db,
890-
conf.db, conf.tbl)
891-
892-
query += condQuery
893-
query = agent.limitQuery(index, query)
895+
query = rootQuery["blind"]["query"] % (conf.db, conf.db,
896+
conf.db, conf.db,
897+
conf.db, conf.db,
898+
conf.tbl)
899+
query += condQuery.replace("[DB]", conf.db)
900+
field = condition.replace("[DB]", conf.db)
901+
902+
query = agent.limitQuery(index, query, field)
894903
column = inject.getValue(query, inband=False)
895904

896905
if not onlyColNames:

xml/queries.xml

Lines changed: 2 additions & 2 deletions
Original file line numberDiff line numberDiff line change
@@ -223,8 +223,8 @@
223223
<blind query="SELECT TOP 1 name FROM %s..sysobjects WHERE xtype IN ('u', 'v') AND name NOT IN (SELECT TOP %d name FROM %s..sysobjects WHERE xtype IN ('u', 'v') ORDER BY name ASC) ORDER BY name ASC" count="SELECT LTRIM(STR(COUNT(name))) FROM %s..sysobjects WHERE xtype IN ('u', 'v')"/>
224224
</tables>
225225
<columns>
226-
<inband query="SELECT %s..syscolumns.name, TYPE_NAME(%s..syscolumns.xtype) FROM %s..syscolumns, %s..sysobjects WHERE %s..syscolumns.id=%s..sysobjects.id AND %s..sysobjects.name='%s'"/>
227-
<blind query="SELECT TOP 1 name FROM (SELECT TOP %s name FROM %s..syscolumns WHERE id=(SELECT id FROM %s..sysobjects WHERE name='%s') ORDER BY name ASC) CTABLE ORDER BY name DESC" query2="SELECT TYPE_NAME(%s..syscolumns.xtype) FROM %s..syscolumns, %s..sysobjects WHERE %s..syscolumns.name='%s' AND %s..syscolumns.id=%s..sysobjects.id AND %s..sysobjects.name='%s'" count="SELECT LTRIM(STR(COUNT(name))) FROM %s..syscolumns WHERE id=(SELECT id FROM %s..sysobjects WHERE name='%s')"/>
226+
<inband query="SELECT %s..syscolumns.name, TYPE_NAME(%s..syscolumns.xtype) FROM %s..syscolumns, %s..sysobjects WHERE %s..syscolumns.id=%s..sysobjects.id AND %s..sysobjects.name='%s'" condition="[DB]..syscolumns.name"/>
227+
<blind query="SELECT %s..syscolumns.name FROM %s..syscolumns, %s..sysobjects WHERE %s..syscolumns.id=%s..sysobjects.id AND %s..sysobjects.name='%s'" query2="SELECT TYPE_NAME(%s..syscolumns.xtype) FROM %s..syscolumns, %s..sysobjects WHERE %s..syscolumns.name='%s' AND %s..syscolumns.id=%s..sysobjects.id AND %s..sysobjects.name='%s'" count="SELECT LTRIM(STR(COUNT(name))) FROM %s..syscolumns WHERE id=(SELECT id FROM %s..sysobjects WHERE name='%s')" condition="[DB]..syscolumns.name"/>
228228
</columns>
229229
<dump_column/>
230230
<dump_table>

0 commit comments

Comments
 (0)