Thanks to visit codestin.com
Credit goes to github.com

Skip to content

Commit 9825e24

Browse files
stamparmstamparm
committed
Refactoring search module
1 parent 599ad74 commit 9825e24

2 files changed

Lines changed: 40 additions & 52 deletions

File tree

plugins/generic/search.py

Lines changed: 15 additions & 27 deletions
Original file line numberDiff line numberDiff line change
@@ -83,8 +83,8 @@ def searchDb(self):
8383
query = rootQuery.inband.query2
8484
else:
8585
query = rootQuery.inband.query
86-
query += dbQuery
87-
query += exclDbsQuery
86+
87+
query = query % (dbQuery + exclDbsQuery)
8888
values = inject.getValue(query, blind=False, time=False)
8989

9090
if not isNoneValue(values):
@@ -106,8 +106,7 @@ def searchDb(self):
106106
else:
107107
query = rootQuery.blind.count
108108

109-
query += dbQuery
110-
query += exclDbsQuery
109+
query = query % (dbQuery + exclDbsQuery)
111110
count = inject.getValue(query, union=False, error=False, expected=EXPECTED.INT, charsetType=CHARSET_TYPE.DIGITS)
112111

113112
if not isNumPosStrValue(count):
@@ -126,10 +125,8 @@ def searchDb(self):
126125
query = rootQuery.blind.query2
127126
else:
128127
query = rootQuery.blind.query
129-
query += dbQuery
130-
query += exclDbsQuery
131-
if Backend.isDbms(DBMS.DB2):
132-
query += ") AS foobar"
128+
129+
query = query % (dbQuery + exclDbsQuery)
133130
query = agent.limitQuery(index, query, dbCond)
134131

135132
value = unArrayizeValue(inject.getValue(query, union=False, error=False))
@@ -194,8 +191,7 @@ def searchTable(self):
194191

195192
if any(isTechniqueAvailable(_) for _ in (PAYLOAD.TECHNIQUE.UNION, PAYLOAD.TECHNIQUE.ERROR, PAYLOAD.TECHNIQUE.QUERY)) or conf.direct:
196193
query = rootQuery.inband.query
197-
query += tblQuery
198-
query += whereDbsQuery
194+
query = query % (tblQuery + whereDbsQuery)
199195
values = inject.getValue(query, blind=False, time=False)
200196

201197
if values and Backend.getIdentifiedDbms() in (DBMS.SQLITE, DBMS.FIREBIRD):
@@ -231,8 +227,7 @@ def searchTable(self):
231227
logger.info(infoMsg)
232228

233229
query = rootQuery.blind.count
234-
query += tblQuery
235-
query += whereDbsQuery
230+
query = query % (tblQuery + whereDbsQuery)
236231
count = inject.getValue(query, union=False, error=False, expected=EXPECTED.INT, charsetType=CHARSET_TYPE.DIGITS)
237232

238233
if not isNumPosStrValue(count):
@@ -248,10 +243,7 @@ def searchTable(self):
248243

249244
for index in indexRange:
250245
query = rootQuery.blind.query
251-
query += tblQuery
252-
query += whereDbsQuery
253-
if Backend.isDbms(DBMS.DB2):
254-
query += ") AS foobar"
246+
query = query % (tblQuery + whereDbsQuery)
255247
query = agent.limitQuery(index, query)
256248

257249
foundDb = unArrayizeValue(inject.getValue(query, union=False, error=False))
@@ -286,6 +278,7 @@ def searchTable(self):
286278
if Backend.getIdentifiedDbms() not in (DBMS.SQLITE, DBMS.FIREBIRD):
287279
query = query % unsafeSQLIdentificatorNaming(db)
288280
query += " AND %s" % tblQuery
281+
289282
count = inject.getValue(query, union=False, error=False, expected=EXPECTED.INT, charsetType=CHARSET_TYPE.DIGITS)
290283

291284
if not isNumPosStrValue(count):
@@ -412,9 +405,7 @@ def searchColumn(self):
412405
# Enumerate tables containing the column provided if
413406
# either of database(s) or table(s) is not provided
414407
query = rootQuery.inband.query
415-
query += colQuery
416-
query += whereDbsQuery
417-
query += whereTblsQuery
408+
query = query % (colQuery + whereDbsQuery + whereTblsQuery)
418409
values = inject.getValue(query, blind=False, time=False)
419410
else:
420411
# Assume provided databases' tables contain the
@@ -466,9 +457,7 @@ def searchColumn(self):
466457
logger.info("%s%s%s" % (infoMsg, infoMsgTbl, infoMsgDb))
467458

468459
query = rootQuery.blind.count
469-
query += colQuery
470-
query += whereDbsQuery
471-
query += whereTblsQuery
460+
query = query % (colQuery + whereDbsQuery + whereTblsQuery)
472461
count = inject.getValue(query, union=False, error=False, expected=EXPECTED.INT, charsetType=CHARSET_TYPE.DIGITS)
473462

474463
if not isNumPosStrValue(count):
@@ -484,12 +473,9 @@ def searchColumn(self):
484473

485474
for index in indexRange:
486475
query = rootQuery.blind.query
487-
query += colQuery
488-
query += whereDbsQuery
489-
query += whereTblsQuery
490-
if Backend.isDbms(DBMS.DB2):
491-
query += ") AS foobar"
476+
query = query % (colQuery + whereDbsQuery + whereTblsQuery)
492477
query = agent.limitQuery(index, query)
478+
493479
db = unArrayizeValue(inject.getValue(query, union=False, error=False))
494480
db = safeSQLIdentificatorNaming(db)
495481

@@ -525,6 +511,7 @@ def searchColumn(self):
525511
query = query % db
526512
query += " AND %s" % colQuery
527513
query += whereTblsQuery
514+
528515
count = inject.getValue(query, union=False, error=False, expected=EXPECTED.INT, charsetType=CHARSET_TYPE.DIGITS)
529516

530517
if not isNumPosStrValue(count):
@@ -545,6 +532,7 @@ def searchColumn(self):
545532
query += " AND %s" % colQuery
546533
query += whereTblsQuery
547534
query = agent.limitQuery(index, query)
535+
548536
tbl = unArrayizeValue(inject.getValue(query, union=False, error=False))
549537
kb.hintValue = tbl
550538

xml/queries.xml

Lines changed: 25 additions & 25 deletions
Original file line numberDiff line numberDiff line change
@@ -56,16 +56,16 @@
5656
<blind query="SELECT %s FROM %s.%s ORDER BY %s LIMIT %d,1" count="SELECT COUNT(*) FROM %s.%s"/>
5757
</dump_table>
5858
<search_db>
59-
<inband query="SELECT schema_name FROM INFORMATION_SCHEMA.SCHEMATA WHERE " query2="SELECT db FROM mysql.db WHERE " condition="schema_name" condition2="db"/>
60-
<blind query="SELECT DISTINCT(schema_name) FROM INFORMATION_SCHEMA.SCHEMATA WHERE " query2="SELECT DISTINCT(db) FROM mysql.db WHERE " count="SELECT COUNT(DISTINCT(schema_name)) FROM INFORMATION_SCHEMA.SCHEMATA WHERE " count2="SELECT COUNT(DISTINCT(db)) FROM mysql.db WHERE " condition="schema_name" condition2="db"/>
59+
<inband query="SELECT schema_name FROM INFORMATION_SCHEMA.SCHEMATA WHERE %s" query2="SELECT db FROM mysql.db WHERE %s" condition="schema_name" condition2="db"/>
60+
<blind query="SELECT DISTINCT(schema_name) FROM INFORMATION_SCHEMA.SCHEMATA WHERE %s" query2="SELECT DISTINCT(db) FROM mysql.db WHERE %s" count="SELECT COUNT(DISTINCT(schema_name)) FROM INFORMATION_SCHEMA.SCHEMATA WHERE %s" count2="SELECT COUNT(DISTINCT(db)) FROM mysql.db WHERE %s" condition="schema_name" condition2="db"/>
6161
</search_db>
6262
<search_table>
63-
<inband query="SELECT table_schema,table_name FROM INFORMATION_SCHEMA.TABLES WHERE " condition="table_name" condition2="table_schema"/>
64-
<blind query="SELECT DISTINCT(table_schema) FROM INFORMATION_SCHEMA.TABLES WHERE " query2="SELECT DISTINCT(table_name) FROM INFORMATION_SCHEMA.TABLES WHERE table_schema='%s'" count="SELECT COUNT(DISTINCT(table_schema)) FROM INFORMATION_SCHEMA.TABLES WHERE " count2="SELECT COUNT(DISTINCT(table_name)) FROM INFORMATION_SCHEMA.TABLES WHERE table_schema='%s'" condition="table_name" condition2="table_schema"/>
63+
<inband query="SELECT table_schema,table_name FROM INFORMATION_SCHEMA.TABLES WHERE %s" condition="table_name" condition2="table_schema"/>
64+
<blind query="SELECT DISTINCT(table_schema) FROM INFORMATION_SCHEMA.TABLES WHERE %s" query2="SELECT DISTINCT(table_name) FROM INFORMATION_SCHEMA.TABLES WHERE table_schema='%s'" count="SELECT COUNT(DISTINCT(table_schema)) FROM INFORMATION_SCHEMA.TABLES WHERE %s" count2="SELECT COUNT(DISTINCT(table_name)) FROM INFORMATION_SCHEMA.TABLES WHERE table_schema='%s'" condition="table_name" condition2="table_schema"/>
6565
</search_table>
6666
<search_column>
67-
<inband query="SELECT table_schema,table_name FROM INFORMATION_SCHEMA.COLUMNS WHERE " condition="column_name" condition2="table_schema" condition3="table_name"/>
68-
<blind query="SELECT DISTINCT(table_schema) FROM INFORMATION_SCHEMA.COLUMNS WHERE " query2="SELECT DISTINCT(table_name) FROM INFORMATION_SCHEMA.COLUMNS WHERE table_schema='%s'" count="SELECT COUNT(DISTINCT(table_schema)) FROM INFORMATION_SCHEMA.COLUMNS WHERE " count2="SELECT COUNT(DISTINCT(table_name)) FROM INFORMATION_SCHEMA.COLUMNS WHERE table_schema='%s'" condition="column_name" condition2="table_schema" condition3="table_name"/>
67+
<inband query="SELECT table_schema,table_name FROM INFORMATION_SCHEMA.COLUMNS WHERE %s" condition="column_name" condition2="table_schema" condition3="table_name"/>
68+
<blind query="SELECT DISTINCT(table_schema) FROM INFORMATION_SCHEMA.COLUMNS WHERE %s" query2="SELECT DISTINCT(table_name) FROM INFORMATION_SCHEMA.COLUMNS WHERE table_schema='%s'" count="SELECT COUNT(DISTINCT(table_schema)) FROM INFORMATION_SCHEMA.COLUMNS WHERE %s" count2="SELECT COUNT(DISTINCT(table_name)) FROM INFORMATION_SCHEMA.COLUMNS WHERE table_schema='%s'" condition="column_name" condition2="table_schema" condition3="table_name"/>
6969
</search_column>
7070
</dbms>
7171

@@ -124,12 +124,12 @@
124124
<blind query="SELECT %s FROM %s.%s ORDER BY %s OFFSET %d LIMIT 1" count="SELECT COUNT(*) FROM %s.%s"/>
125125
</dump_table>
126126
<search_db>
127-
<inband query="SELECT datname FROM pg_database WHERE " condition="datname"/>
128-
<blind query="SELECT DISTINCT(datname) FROM pg_database WHERE " count="SELECT COUNT(DISTINCT(datname)) FROM pg_database WHERE " condition="datname"/>
127+
<inband query="SELECT datname FROM pg_database WHERE %s" condition="datname"/>
128+
<blind query="SELECT DISTINCT(datname) FROM pg_database WHERE %s" count="SELECT COUNT(DISTINCT(datname)) FROM pg_database WHERE %s" condition="datname"/>
129129
</search_db>
130130
<search_table>
131-
<inband query="SELECT schemaname,tablename FROM pg_tables WHERE " condition="tablename" condition2="schemaname"/>
132-
<blind query="SELECT DISTINCT(schemaname) FROM pg_tables WHERE " query2="SELECT tablename FROM pg_tables WHERE schemaname='%s'" count="SELECT COUNT(DISTINCT(schemaname)) FROM pg_tables WHERE " count2="SELECT COUNT(tablename) FROM pg_tables WHERE schemaname='%s'" condition="tablename" condition2="schemaname"/>
131+
<inband query="SELECT schemaname,tablename FROM pg_tables WHERE %s" condition="tablename" condition2="schemaname"/>
132+
<blind query="SELECT DISTINCT(schemaname) FROM pg_tables WHERE %s" query2="SELECT tablename FROM pg_tables WHERE schemaname='%s'" count="SELECT COUNT(DISTINCT(schemaname)) FROM pg_tables WHERE %s" count2="SELECT COUNT(tablename) FROM pg_tables WHERE schemaname='%s'" condition="tablename" condition2="schemaname"/>
133133
</search_table>
134134
<search_column>
135135
<inband query="SELECT nspname,relname FROM pg_namespace,pg_type,pg_attribute b JOIN pg_class a ON a.oid=b.attrelid WHERE a.relnamespace=pg_namespace.oid AND pg_type.oid=b.atttypid AND attnum>0 AND " condition="attname" condition2="nspname" condition3="relname"/>
@@ -190,8 +190,8 @@
190190
<blind query="SELECT MIN(%s) FROM %s WHERE CONVERT(NVARCHAR(4000),%s)>'%s'" query2="SELECT MAX(%s) FROM %s WHERE CONVERT(NVARCHAR(4000),%s) LIKE '%s'" count="SELECT LTRIM(STR(COUNT(*))) FROM %s" count2="SELECT LTRIM(STR(COUNT(DISTINCT(%s)))) FROM %s"/>
191191
</dump_table>
192192
<search_db>
193-
<inband query="SELECT name FROM master..sysdatabases WHERE " condition="name"/>
194-
<blind query="SELECT name FROM master..sysdatabases WHERE " count="SELECT LTRIM(STR(COUNT(name))) FROM master..sysdatabases WHERE " condition="name"/>
193+
<inband query="SELECT name FROM master..sysdatabases WHERE %s" condition="name"/>
194+
<blind query="SELECT name FROM master..sysdatabases WHERE %s" count="SELECT LTRIM(STR(COUNT(name))) FROM master..sysdatabases WHERE %s" condition="name"/>
195195
</search_db>
196196
<search_table>
197197
<inband query="SELECT name FROM %s..sysobjects WHERE %s..sysobjects.xtype IN ('u','v') AND " condition="name" condition2="name"/>
@@ -278,16 +278,16 @@
278278
</dump_table>
279279
<!-- NOTE: in Oracle schema names are the counterpart to database names on other DBMSes -->
280280
<search_db>
281-
<inband query="SELECT OWNER FROM (SELECT DISTINCT(OWNER) FROM SYS.ALL_TABLES) WHERE " condition="OWNER"/>
282-
<blind query="SELECT OWNER FROM (SELECT DISTINCT(OWNER) FROM SYS.ALL_TABLES) WHERE " count="SELECT COUNT(DISTINCT(OWNER)) FROM SYS.ALL_TABLES WHERE " condition="OWNER"/>
281+
<inband query="SELECT OWNER FROM (SELECT DISTINCT(OWNER) FROM SYS.ALL_TABLES) WHERE %s" condition="OWNER"/>
282+
<blind query="SELECT OWNER FROM (SELECT DISTINCT(OWNER) FROM SYS.ALL_TABLES) WHERE %s" count="SELECT COUNT(DISTINCT(OWNER)) FROM SYS.ALL_TABLES WHERE %s" condition="OWNER"/>
283283
</search_db>
284284
<search_table>
285-
<inband query="SELECT OWNER,TABLE_NAME FROM SYS.ALL_TABLES WHERE " condition="TABLE_NAME" condition2="OWNER"/>
286-
<blind query="SELECT DISTINCT(OWNER) FROM SYS.ALL_TABLES WHERE " query2="SELECT TABLE_NAME FROM SYS.ALL_TABLES WHERE OWNER='%s'" count="SELECT COUNT(DISTINCT(OWNER)) FROM SYS.ALL_TABLES WHERE " count2="SELECT COUNT(TABLE_NAME) FROM SYS.ALL_TABLES WHERE OWNER='%s'" condition="TABLE_NAME" condition2="OWNER"/>
285+
<inband query="SELECT OWNER,TABLE_NAME FROM SYS.ALL_TABLES WHERE %s" condition="TABLE_NAME" condition2="OWNER"/>
286+
<blind query="SELECT DISTINCT(OWNER) FROM SYS.ALL_TABLES WHERE %s" query2="SELECT TABLE_NAME FROM SYS.ALL_TABLES WHERE OWNER='%s'" count="SELECT COUNT(DISTINCT(OWNER)) FROM SYS.ALL_TABLES WHERE %s" count2="SELECT COUNT(TABLE_NAME) FROM SYS.ALL_TABLES WHERE OWNER='%s'" condition="TABLE_NAME" condition2="OWNER"/>
287287
</search_table>
288288
<search_column>
289-
<inband query="SELECT OWNER,TABLE_NAME FROM SYS.ALL_TAB_COLUMNS WHERE " condition="COLUMN_NAME" condition2="OWNER" condition3="TABLE_NAME"/>
290-
<blind query="SELECT DISTINCT(OWNER) FROM SYS.ALL_TAB_COLUMNS WHERE " query2="SELECT DISTINCT(TABLE_NAME) FROM SYS.ALL_TAB_COLUMNS WHERE OWNER='%s'" count="SELECT COUNT(DISTINCT(OWNER)) FROM SYS.ALL_TAB_COLUMNS WHERE " count2="SELECT COUNT(DISTINCT(TABLE_NAME)) FROM SYS.ALL_TAB_COLUMNS WHERE OWNER='%s'" condition="COLUMN_NAME" condition2="OWNER" condition3="TABLE_NAME"/>
289+
<inband query="SELECT OWNER,TABLE_NAME FROM SYS.ALL_TAB_COLUMNS WHERE %s" condition="COLUMN_NAME" condition2="OWNER" condition3="TABLE_NAME"/>
290+
<blind query="SELECT DISTINCT(OWNER) FROM SYS.ALL_TAB_COLUMNS WHERE %s" query2="SELECT DISTINCT(TABLE_NAME) FROM SYS.ALL_TAB_COLUMNS WHERE OWNER='%s'" count="SELECT COUNT(DISTINCT(OWNER)) FROM SYS.ALL_TAB_COLUMNS WHERE %s" count2="SELECT COUNT(DISTINCT(TABLE_NAME)) FROM SYS.ALL_TAB_COLUMNS WHERE OWNER='%s'" condition="COLUMN_NAME" condition2="OWNER" condition3="TABLE_NAME"/>
291291
</search_column>
292292
</dbms>
293293

@@ -543,7 +543,7 @@
543543
<blind query="SELECT MIN(%s) FROM %s WHERE CONVERT(NVARCHAR(4000),%s)>'%s'" query2="SELECT MAX(%s) FROM %s WHERE CONVERT(NVARCHAR(4000),%s) LIKE '%s'" count="SELECT COUNT(*) FROM %s" count2="SELECT COUNT(*) FROM (SELECT DISTINCT %s FROM %s) AS value_table"/>
544544
</dump_table>
545545
<search_db>
546-
<inband query="SELECT name FROM master..sysdatabases WHERE " condition="name"/>
546+
<inband query="SELECT name FROM master..sysdatabases WHERE %s" condition="name"/>
547547
<blind/>
548548
</search_db>
549549
<search_table>
@@ -613,16 +613,16 @@
613613
<blind query="SELECT ENTRY_VALUE FROM (SELECT ROW_NUMBER() OVER () AS LIMIT,%s AS ENTRY_VALUE FROM %s) AS foobar WHERE LIMIT=%d" count="SELECT COUNT(*) FROM %s"/>
614614
</dump_table>
615615
<search_db>
616-
<inband query="SELECT schemaname FROM syscat.schemata WHERE " condition="schemaname"/>
617-
<blind query="SELECT schemaname FROM (SELECT DISTINCT(schemaname) FROM syscat.schemata WHERE " count="SELECT COUNT(DISTINCT(schemaname)) FROM syscat.schemata WHERE " condition="schemaname"/>
616+
<inband query="SELECT schemaname FROM syscat.schemata WHERE %s" condition="schemaname"/>
617+
<blind query="SELECT schemaname FROM (SELECT DISTINCT(schemaname) FROM syscat.schemata WHERE %s) AS foobar" count="SELECT COUNT(DISTINCT(schemaname)) FROM syscat.schemata WHERE %s" condition="schemaname"/>
618618
</search_db>
619619
<search_table>
620-
<inband query="SELECT tabschema,tabname FROM sysstat.tables WHERE " condition="tabname" condition2="tabschema"/>
621-
<blind query="SELECT tabschema FROM (SELECT DISTINCT(tabschema) FROM sysstat.tables WHERE " query2="SELECT DISTINCT(tabname) FROM sysstat.tables WHERE tabschema='%s'" count="SELECT COUNT(DISTINCT(tabschema)) FROM sysstat.tables WHERE " count2="SELECT COUNT(tabname) FROM sysstat.tables WHERE tabschema='%s'" condition="tabname" condition2="tabschema"/>
620+
<inband query="SELECT tabschema,tabname FROM sysstat.tables WHERE %s" condition="tabname" condition2="tabschema"/>
621+
<blind query="SELECT tabschema FROM (SELECT DISTINCT(tabschema) FROM sysstat.tables WHERE %s) AS foobar" query2="SELECT DISTINCT(tabname) FROM sysstat.tables WHERE tabschema='%s'" count="SELECT COUNT(DISTINCT(tabschema)) FROM sysstat.tables WHERE %s" count2="SELECT COUNT(tabname) FROM sysstat.tables WHERE tabschema='%s'" condition="tabname" condition2="tabschema"/>
622622
</search_table>
623623
<search_column>
624-
<inband query="SELECT tabschema,tabname FROM sysstat.columns WHERE " condition="colname" condition2="tabschema" condition3="tabname"/>
625-
<blind query="SELECT tabschema FROM (SELECT DISTINCT(tabschema) FROM sysstat.columns WHERE " query2="SELECT DISTINCT(tabname) FROM sysstat.columns WHERE tabschema='%s'" count="SELECT COUNT(DISTINCT(tabschema)) FROM sysstat.columns WHERE " count2="SELECT COUNT(DISTINCT(tabname)) FROM sysstat.columns WHERE tabschema='%s'" condition="colname" condition2="tabschema" condition3="tabname"/>
624+
<inband query="SELECT tabschema,tabname FROM sysstat.columns WHERE %s" condition="colname" condition2="tabschema" condition3="tabname"/>
625+
<blind query="SELECT tabschema FROM (SELECT DISTINCT(tabschema) FROM sysstat.columns WHERE %s) AS foobar" query2="SELECT DISTINCT(tabname) FROM sysstat.columns WHERE tabschema='%s'" count="SELECT COUNT(DISTINCT(tabschema)) FROM sysstat.columns WHERE %s" count2="SELECT COUNT(DISTINCT(tabname)) FROM sysstat.columns WHERE tabschema='%s'" condition="colname" condition2="tabschema" condition3="tabname"/>
626626
</search_column>
627627
</dbms>
628628
</root>

0 commit comments

Comments
 (0)