Thanks to visit codestin.com
Credit goes to github.com

Skip to content

Commit 706d8e0

Browse files
stamparmstamparm
committed
development update (basic ms access dumping implemented)
1 parent 2d115e0 commit 706d8e0

2 files changed

Lines changed: 52 additions & 28 deletions

File tree

plugins/generic/enumeration.py

Lines changed: 51 additions & 27 deletions
Original file line numberDiff line numberDiff line change
@@ -1210,36 +1210,60 @@ def dumpTable(self):
12101210
plusOne = False
12111211
indexRange = getRange(count, dump=True, plusOne=plusOne)
12121212

1213-
for index in indexRange:
1213+
if kb.dbms == DBMS.ACCESS:
1214+
value = " "
12141215
for column in colList:
1215-
if column not in lengths:
1216-
lengths[column] = 0
1217-
1218-
if column not in entries:
1219-
entries[column] = []
1220-
1221-
if kb.dbms in ( DBMS.MYSQL, DBMS.PGSQL ):
1222-
query = rootQuery.blind.query % (column, conf.db,
1223-
conf.tbl, index)
1224-
elif kb.dbms == DBMS.ORACLE:
1225-
query = rootQuery.blind.query % (column, column,
1226-
conf.tbl.upper(),
1227-
index)
1228-
elif kb.dbms in (DBMS.MSSQL, DBMS.SYBASE):
1229-
query = rootQuery.blind.query % (column, index, conf.db,
1230-
conf.tbl, colList[0],
1231-
colList[0], colList[0])
1232-
1233-
elif kb.dbms == DBMS.SQLITE:
1234-
query = rootQuery.blind.query % (column, conf.tbl, index)
1235-
1236-
elif kb.dbms == DBMS.FIREBIRD:
1237-
query = rootQuery.blind.query % (index, column, conf.tbl)
1216+
for index in indexRange:
1217+
if column not in lengths:
1218+
lengths[column] = 0
1219+
1220+
if column not in entries:
1221+
entries[column] = []
1222+
1223+
if column == colList[0]:
1224+
# Correction for values with unrecognized chars
1225+
if value and '?' in value and value[0]!='?':
1226+
value = value.split('?')[0]
1227+
value = value[:-1] + chr(ord(value[-1]) + 1)
1228+
query = rootQuery.blind.query % (column, conf.tbl, column, value)
1229+
else:
1230+
query = rootQuery.blind.query2 % (column, conf.tbl, colList[0], entries[column][index])
12381231

1239-
value = inject.getValue(query, inband=False)
1232+
value = inject.getValue(query, inband=False)
1233+
lengths[column] = max(lengths[column], len(value))
1234+
entries[column].append(value)
12401235

1241-
lengths[column] = max(lengths[column], len(value))
1242-
entries[column].append(value)
1236+
else:
1237+
for index in indexRange:
1238+
for column in colList:
1239+
if column not in lengths:
1240+
lengths[column] = 0
1241+
1242+
if column not in entries:
1243+
entries[column] = []
1244+
1245+
if kb.dbms in ( DBMS.MYSQL, DBMS.PGSQL ):
1246+
query = rootQuery.blind.query % (column, conf.db,
1247+
conf.tbl, index)
1248+
elif kb.dbms == DBMS.ORACLE:
1249+
query = rootQuery.blind.query % (column, column,
1250+
conf.tbl.upper(),
1251+
index)
1252+
elif kb.dbms in (DBMS.MSSQL, DBMS.SYBASE):
1253+
query = rootQuery.blind.query % (column, index, conf.db,
1254+
conf.tbl, colList[0],
1255+
colList[0], colList[0])
1256+
1257+
elif kb.dbms == DBMS.SQLITE:
1258+
query = rootQuery.blind.query % (column, conf.tbl, index)
1259+
1260+
elif kb.dbms == DBMS.FIREBIRD:
1261+
query = rootQuery.blind.query % (index, column, conf.tbl)
1262+
1263+
value = inject.getValue(query, inband=False)
1264+
1265+
lengths[column] = max(lengths[column], len(value))
1266+
entries[column].append(value)
12431267

12441268
for column, columnEntries in entries.items():
12451269
if lengths[column] < len(column):

xml/queries.xml

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -359,7 +359,7 @@
359359
<tables/>
360360
<dump_table>
361361
<inband query="SELECT %s FROM %s"/>
362-
<blind query="SELECT MIN(%s) FROM %s WHERE %s > '%s'" count="SELECT COUNT(*) FROM %s"/>
362+
<blind query="SELECT MIN(%s) FROM %s WHERE CVAR(%s) > '%s'" query2="SELECT %s FROM %s WHERE %s = '%s'" count="SELECT COUNT(*) FROM %s"/>
363363
</dump_table>
364364
</dbms>
365365

0 commit comments

Comments
 (0)