Minor enhancement to be able to enumerate table columns and dump table

bdamele · bdamele · commit 9329f8c9c44b · 2008-11-12T22:53:25.000Z
entries also if the database name is not provided by using the current
database on MySQL and MSSQL, the 'public' scheme on PostgreSQL and the
'USERS' TABLESPACE_NAME on Oracle.
Minor bug fix so that when the user provide as SELECT statement to be
processed an asterisk, now it also work if in the FROM there is no
database name specified.
Minor layout adjustments.
diff --git a/lib/core/common.py b/lib/core/common.py
@@ -507,15 +507,20 @@ def expandAsteriskForColumns(expression):
     # If the user provided an asterisk rather than the column(s)
     # name, sqlmap will retrieve the columns itself and reprocess
     # the SQL query string (expression)
-    asterisk = re.search("^SELECT\s+\*\s+FROM\s+(\w+)[\.]+(\w+)\s*", expression, re.I)
+    asterisk = re.search("^SELECT\s+\*\s+FROM\s+([\w\.\_]+)\s*", expression, re.I)
 
     if asterisk:
         infoMsg  = "you did not provide the fields in your query. "
         infoMsg += "sqlmap will retrieve the column names itself"
         logger.info(infoMsg)
 
-        conf.db = asterisk.group(1)
-        conf.tbl = asterisk.group(2)
+        dbTbl = asterisk.group(1)
+
+        if dbTbl and "." in dbTbl:
+            conf.db, conf.tbl = dbTbl.split(".")
+        else:
+            conf.tbl = dbTbl
+
         columnsDict = conf.dbmsHandler.getColumns(onlyColNames=True)
 
         if columnsDict and conf.db in columnsDict and conf.tbl in columnsDict[conf.db]:
diff --git a/lib/core/settings.py b/lib/core/settings.py
@@ -56,7 +56,7 @@
 MSSQL_SYSTEM_DBS  = ( "Northwind", "model", "msdb", "pubs", "tempdb" )
 MYSQL_SYSTEM_DBS  = ( "information_schema", "mysql" )                   # Before MySQL 5.0 only "mysql"
 PGSQL_SYSTEM_DBS  = ( "information_schema", "pg_catalog" )
-ORACLE_SYSTEM_DBS = ( "SYSTEM", "SYSAUX" )
+ORACLE_SYSTEM_DBS = ( "SYSTEM", "SYSAUX" )                              # These are TABLESPACE_NAME
 
 MSSQL_ALIASES     = [ "microsoft sql server", "mssqlserver", "mssql", "ms" ]
 MYSQL_ALIASES     = [ "mysql", "my" ]
diff --git a/lib/core/shell.py b/lib/core/shell.py
@@ -54,6 +54,8 @@ def queriesForAutoCompletion():
             autoComplQuery = query
         elif isinstance(query, dict) and "inband" in query:
             autoComplQuery = query["inband"]["query"]
+        else:
+            continue
 
         autoComplQueries[autoComplQuery] = None
 
diff --git a/lib/parse/cmdline.py b/lib/parse/cmdline.py
@@ -168,11 +168,11 @@ def cmdLineParser():
 
         enumeration.add_option("--columns", dest="getColumns", action="store_true",
                                help="Enumerate DBMS database table columns "
-                                    "(req: -T, -D)")
+                                    "(req:-T opt:-D)")
 
         enumeration.add_option("--dump", dest="dumpTable", action="store_true",
                                help="Dump DBMS database table entries "
-                                    "(req: -T, -D opt: -C, --start, --stop)")
+                                    "(req: -T, opt: -D, -C, --start, --stop)")
 
         enumeration.add_option("--dump-all", dest="dumpAll", action="store_true",
                                help="Dump all DBMS databases tables entries")
diff --git a/lib/request/inject.py b/lib/request/inject.py
@@ -372,7 +372,7 @@ def getValue(expression, blind=True, inband=True, fromUser=False, expected=None)
 
     expression = cleanQuery(expression)
     expression = expandAsteriskForColumns(expression)
-    value = None
+    value      = None
 
     if inband and conf.unionUse and kb.dbms:
         value = __goInband(expression, expected)
diff --git a/plugins/generic/enumeration.py b/plugins/generic/enumeration.py
@@ -730,8 +730,12 @@ def getColumns(self, onlyColNames=False):
         self.forceDbmsEnum()
 
         if not conf.db:
-            errMsg = "missing database parameter"
-            raise sqlmapMissingMandatoryOptionException, errMsg
+            warnMsg  = "missing database parameter, sqlmap is going to "
+            warnMsg += "use the current database to enumerate table "
+            warnMsg += "'%s' columns" % conf.tbl
+            logger.warn(warnMsg)
+
+            conf.db = self.getCurrentDb()
 
         infoMsg  = "fetching columns "
         infoMsg += "for table '%s' " % conf.tbl
@@ -740,10 +744,6 @@ def getColumns(self, onlyColNames=False):
 
         rootQuery = queries[kb.dbms].columns
 
-        if kb.dbms == "Oracle":
-            conf.db = conf.db.upper()
-            conf.tbl = conf.tbl.upper()
-
         if conf.unionUse:
             if kb.dbms in ( "MySQL", "PostgreSQL" ):
                 query = rootQuery["inband"]["query"] % (conf.tbl, conf.db)
@@ -840,8 +840,12 @@ def dumpTable(self):
         self.forceDbmsEnum()
 
         if not conf.db:
-            errMsg = "missing database parameter"
-            raise sqlmapMissingMandatoryOptionException, errMsg
+            warnMsg  = "missing database parameter, sqlmap is going to "
+            warnMsg += "use the current database to dump table "
+            warnMsg += "'%s' entries" % conf.tbl
+            logger.warn(warnMsg)
+
+            conf.db = self.getCurrentDb()
 
         rootQuery = queries[kb.dbms].dumpTable
 
