Thanks to visit codestin.com
Credit goes to github.com

Skip to content

Commit ca6f9ac

Browse files
stamparmstamparm
committed
minor fix for resuming in multi threading mode
1 parent cd07139 commit ca6f9ac

2 files changed

Lines changed: 10 additions & 10 deletions

File tree

plugins/dbms/oracle/enumeration.py

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -55,7 +55,7 @@ def getRoles(self, query2=False):
5555
if conf.user:
5656
users = conf.user.split(",")
5757
query += " WHERE "
58-
query += " OR ".join("%s = '%s'" % (condition, user) for user in users)
58+
query += " OR ".join("%s = '%s'" % (condition, user) for user in sorted(users))
5959

6060
values = inject.getValue(query, blind=False)
6161

plugins/generic/enumeration.py

Lines changed: 9 additions & 9 deletions
Original file line numberDiff line numberDiff line change
@@ -253,7 +253,7 @@ def getPasswordHashes(self):
253253

254254
if conf.user:
255255
query += " WHERE "
256-
query += " OR ".join("%s = '%s'" % (condition, user) for user in users)
256+
query += " OR ".join("%s = '%s'" % (condition, user) for user in sorted(users))
257257

258258
if Backend.isDbms(DBMS.SYBASE):
259259
randStr = randomStr()
@@ -456,9 +456,9 @@ def getPrivileges(self, query2=False):
456456
query += " WHERE "
457457

458458
if Backend.isDbms(DBMS.MYSQL) and kb.data.has_information_schema:
459-
query += " OR ".join("%s LIKE '%%%s%%'" % (condition, user) for user in users)
459+
query += " OR ".join("%s LIKE '%%%s%%'" % (condition, user) for user in sorted(users))
460460
else:
461-
query += " OR ".join("%s = '%s'" % (condition, user) for user in users)
461+
query += " OR ".join("%s = '%s'" % (condition, user) for user in sorted(users))
462462

463463
values = inject.getValue(query, blind=False)
464464

@@ -819,7 +819,7 @@ def getTables(self, bruteForce=None):
819819
logger.info(infoMsg)
820820
elif not Backend.isDbms(DBMS.SQLITE):
821821
query += " WHERE "
822-
query += " OR ".join("%s = '%s'" % (condition, unsafeSQLIdentificatorNaming(db)) for db in dbs)
822+
query += " OR ".join("%s = '%s'" % (condition, unsafeSQLIdentificatorNaming(db)) for db in sorted(dbs))
823823

824824
if Backend.isDbms(DBMS.MSSQL):
825825
query = safeStringFormat(query, conf.db)
@@ -1040,12 +1040,12 @@ def getColumns(self, onlyColNames=False):
10401040
if len(colList) > 0:
10411041
colConsider, colCondParam = self.likeOrExact("column")
10421042
condQueryStr = "%%s%s" % colCondParam
1043-
condQuery = " AND (%s)" % " OR ".join(condQueryStr % (condition, unsafeSQLIdentificatorNaming(col)) for col in colList)
1043+
condQuery = " AND (%s)" % " OR ".join(condQueryStr % (condition, unsafeSQLIdentificatorNaming(col)) for col in sorted(colList))
10441044

10451045
if colConsider == "1":
1046-
infoMsg += "LIKE '%s' " % ", ".join(unsafeSQLIdentificatorNaming(col) for col in colList)
1046+
infoMsg += "LIKE '%s' " % ", ".join(unsafeSQLIdentificatorNaming(col) for col in sorted(colList))
10471047
else:
1048-
infoMsg += "'%s' " % ", ".join(unsafeSQLIdentificatorNaming(col) for col in colList)
1048+
infoMsg += "'%s' " % ", ".join(unsafeSQLIdentificatorNaming(col) for col in sorted(colList))
10491049
else:
10501050
condQuery = ""
10511051

@@ -1105,8 +1105,8 @@ def getColumns(self, onlyColNames=False):
11051105
infoMsg = "fetching columns "
11061106

11071107
if len(colList) > 0:
1108-
condQuery = " AND (%s)" % " OR ".join("%s LIKE '%%%s%%'" % (condition, unsafeSQLIdentificatorNaming(col)) for col in colList)
1109-
likeMsg = "like '%s' " % ", ".join(unsafeSQLIdentificatorNaming(col) for col in colList)
1108+
condQuery = " AND (%s)" % " OR ".join("%s LIKE '%%%s%%'" % (condition, unsafeSQLIdentificatorNaming(col)) for col in sorted(colList))
1109+
likeMsg = "like '%s' " % ", ".join(unsafeSQLIdentificatorNaming(col) for col in sorted(colList))
11101110
infoMsg += likeMsg
11111111
else:
11121112
condQuery = ""

0 commit comments

Comments
 (0)