Bug fix to properly identify if current user is DBA (--is-dba) on MySQL

bdamele · bdamele · commit c9ab8ae60e06 · 2010-12-22T14:06:01.000Z
diff --git a/plugins/generic/enumeration.py b/plugins/generic/enumeration.py
@@ -129,7 +129,13 @@ def isDba(self):
         infoMsg = "testing if current user is DBA"
         logger.info(infoMsg)
 
-        query = agent.forgeCaseStatement(queries[kb.dbms].is_dba.query)
+        if kb.dbms == DBMS.MYSQL:
+            self.getCurrentUser()
+            query = queries[kb.dbms].is_dba.query % kb.data.currentUser.split("@")[0]
+        else:
+            query = queries[kb.dbms].is_dba.query
+
+        query = agent.forgeCaseStatement(query)
 
         kb.data.isDba = inject.getValue(query, unpack=False, charsetType=1)
 
diff --git a/xml/queries.xml b/xml/queries.xml
@@ -28,7 +28,7 @@
         <banner query="VERSION()"/>
         <current_user query="CURRENT_USER()"/>
         <current_db query="DATABASE()"/>
-        <is_dba query="(SELECT super_priv FROM mysql.user WHERE user=(SUBSTRING_INDEX(CURRENT_USER(), '@', 1)) LIMIT 0, 1)='Y'"/>
+        <is_dba query="(SELECT super_priv FROM mysql.user WHERE user='%s' LIMIT 0, 1)='Y'"/>
         <check_udf query="(SELECT name FROM mysql.func WHERE name='%s' LIMIT 0, 1)='%s'"/>
         <users>
             <inband query="SELECT grantee FROM information_schema.USER_PRIVILEGES ORDER BY 1" query2="SELECT user FROM mysql.user ORDER BY 1"/>
