Thanks to visit codestin.com
Credit goes to github.com

Skip to content

Commit ddfae39

Browse files
bdamelebdamele
committed
Minor bug fixes for --search with -C
1 parent eaa2a42 commit ddfae39

1 file changed

Lines changed: 23 additions & 23 deletions

File tree

plugins/generic/enumeration.py

Lines changed: 23 additions & 23 deletions
Original file line numberDiff line numberDiff line change
@@ -915,7 +915,7 @@ def getTables(self, bruteForce=None):
915915

916916
return kb.data.cachedTables
917917

918-
def getColumns(self, onlyColNames=False):
918+
def getColumns(self, onlyColNames=False, colTuple=None):
919919
self.forceDbmsEnum()
920920

921921
if conf.db is None or conf.db == "CD":
@@ -1038,7 +1038,10 @@ def getColumns(self, onlyColNames=False):
10381038
infoMsg = "fetching columns "
10391039

10401040
if len(colList) > 0:
1041-
colConsider, colCondParam = self.likeOrExact("column")
1041+
if colTuple is None:
1042+
colConsider, colCondParam = self.likeOrExact("column")
1043+
else:
1044+
colConsider, colCondParam = colTuple
10421045
condQueryStr = "%%s%s" % colCondParam
10431046
condQuery = " AND (%s)" % " OR ".join(condQueryStr % (condition, unsafeSQLIdentificatorNaming(col)) for col in sorted(colList))
10441047

@@ -1060,10 +1063,8 @@ def getColumns(self, onlyColNames=False):
10601063
query = rootQuery.inband.query % unsafeSQLIdentificatorNaming(tbl.upper())
10611064
query += condQuery
10621065
elif Backend.isDbms(DBMS.MSSQL):
1063-
query = rootQuery.inband.query % (conf.db, conf.db,
1064-
conf.db, conf.db,
1065-
conf.db, conf.db,
1066-
conf.db, unsafeSQLIdentificatorNaming(tbl))
1066+
query = rootQuery.inband.query % (conf.db, conf.db, conf.db, conf.db,
1067+
conf.db, conf.db, conf.db, unsafeSQLIdentificatorNaming(tbl))
10671068
query += condQuery.replace("[DB]", conf.db)
10681069
elif Backend.isDbms(DBMS.SQLITE):
10691070
query = rootQuery.inband.query % tbl
@@ -1169,10 +1170,8 @@ def getColumns(self, onlyColNames=False):
11691170
query += condQuery
11701171
field = None
11711172
elif Backend.getIdentifiedDbms() in (DBMS.MSSQL, DBMS.SYBASE):
1172-
query = rootQuery.blind.query % (conf.db, conf.db,
1173-
conf.db, conf.db,
1174-
conf.db, conf.db,
1175-
unsafeSQLIdentificatorNaming(tbl))
1173+
query = rootQuery.blind.query % (conf.db, conf.db, conf.db, conf.db,
1174+
conf.db, conf.db, unsafeSQLIdentificatorNaming(tbl))
11761175
query += condQuery.replace("[DB]", conf.db)
11771176
field = condition.replace("[DB]", conf.db)
11781177
elif Backend.isDbms(DBMS.FIREBIRD):
@@ -1189,9 +1188,8 @@ def getColumns(self, onlyColNames=False):
11891188
elif Backend.isDbms(DBMS.ORACLE):
11901189
query = rootQuery.blind.query2 % (unsafeSQLIdentificatorNaming(tbl.upper()), column)
11911190
elif Backend.isDbms(DBMS.MSSQL):
1192-
query = rootQuery.blind.query2 % (conf.db, conf.db, conf.db,
1193-
conf.db, column, conf.db,
1194-
conf.db, conf.db, unsafeSQLIdentificatorNaming(tbl))
1191+
query = rootQuery.blind.query2 % (conf.db, conf.db, conf.db, conf.db, column, conf.db,
1192+
conf.db, conf.db, unsafeSQLIdentificatorNaming(tbl))
11951193
elif Backend.isDbms(DBMS.FIREBIRD):
11961194
query = rootQuery.blind.query2 % (tbl, column)
11971195

@@ -1429,7 +1427,7 @@ def __pivotDumpTable(self, table, colList, count=None, blind=True):
14291427

14301428
return entries, lengths
14311429

1432-
def dumpTable(self):
1430+
def dumpTable(self, foundData=None):
14331431
self.forceDbmsEnum()
14341432

14351433
if conf.db is None or conf.db == "CD":
@@ -1475,10 +1473,14 @@ def dumpTable(self):
14751473

14761474
for tbl in tblList:
14771475
conf.tbl = tbl
1478-
kb.data.cachedColumns = {}
14791476
kb.data.dumpedTable = {}
14801477

1481-
self.getColumns(onlyColNames=True)
1478+
1479+
if foundData is None:
1480+
kb.data.cachedColumns = {}
1481+
self.getColumns(onlyColNames=True)
1482+
else:
1483+
kb.data.cachedColumns = foundData
14821484

14831485
try:
14841486
if not safeSQLIdentificatorNaming(conf.db) in kb.data.cachedColumns \
@@ -1651,8 +1653,7 @@ def dumpTable(self):
16511653
entries[column] = []
16521654

16531655
if Backend.getIdentifiedDbms() in ( DBMS.MYSQL, DBMS.PGSQL ):
1654-
query = rootQuery.blind.query % (column, conf.db,
1655-
conf.tbl, index)
1656+
query = rootQuery.blind.query % (column, conf.db, conf.tbl, index)
16561657
elif Backend.isDbms(DBMS.ORACLE):
16571658
query = rootQuery.blind.query % (column, column,
16581659
tbl.upper() if not conf.db else ("%s.%s" % (conf.db.upper(), tbl.upper())),
@@ -1671,8 +1672,7 @@ def dumpTable(self):
16711672
for column, columnEntries in entries.items():
16721673
length = max(lengths[column], len(column))
16731674

1674-
kb.data.dumpedTable[column] = { "length": length,
1675-
"values": columnEntries }
1675+
kb.data.dumpedTable[column] = { "length": length, "values": columnEntries }
16761676

16771677
entriesCount = len(columnEntries)
16781678

@@ -1802,7 +1802,7 @@ def dumpFoundColumn(self, dbs, foundCols, colConsider):
18021802
kb.data.cachedColumns = {}
18031803
kb.data.dumpedTable = {}
18041804

1805-
data = self.dumpTable()
1805+
data = self.dumpTable(dbs)
18061806

18071807
if data:
18081808
conf.dumper.dbTableValues(data)
@@ -2142,7 +2142,7 @@ def searchColumn(self):
21422142
conf.tbl = foundTbl
21432143
conf.col = column
21442144

2145-
self.getColumns(onlyColNames=True)
2145+
self.getColumns(onlyColNames=True, colTuple=(colConsider, colCondParam))
21462146

21472147
if foundDb in kb.data.cachedColumns and foundTbl in kb.data.cachedColumns[foundDb]:
21482148
dbs[foundDb][foundTbl].update(kb.data.cachedColumns[foundDb][foundTbl])
@@ -2239,7 +2239,7 @@ def searchColumn(self):
22392239
conf.tbl = tbl
22402240
conf.col = column
22412241

2242-
self.getColumns(onlyColNames=True)
2242+
self.getColumns(onlyColNames=True, colTuple=(colConsider, colCondParam))
22432243

22442244
if db in kb.data.cachedColumns and tbl in kb.data.cachedColumns[db]:
22452245
dbs[db][tbl].update(kb.data.cachedColumns[db][tbl])

0 commit comments

Comments
 (0)