Thanks to visit codestin.com
Credit goes to github.com

Skip to content

Commit e0e2349

Browse files
bdamelebdamele
committed
Refactor to --search -C and minor bug fix - See #190.
1 parent c9ee11e commit e0e2349

5 files changed

Lines changed: 371 additions & 212 deletions

File tree

lib/core/dump.py

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -140,7 +140,7 @@ def dbColumns(self, dbColumns, colConsider, dbs):
140140
for db, tblData in dbs.items():
141141
for tbl, colData in tblData.items():
142142
for col, dataType in colData.items():
143-
if column in col:
143+
if column.lower() in col.lower():
144144
if db in printDbs:
145145
if tbl in printDbs[db]:
146146
printDbs[db][tbl][col] = dataType

plugins/dbms/mssqlserver/enumeration.py

Lines changed: 124 additions & 8 deletions
Original file line numberDiff line numberDiff line change
@@ -28,6 +28,7 @@
2828
from lib.core.data import kb
2929
from lib.core.data import logger
3030
from lib.core.data import queries
31+
from lib.core.dump import dumper
3132
from lib.core.exception import sqlmapNoneDataException
3233
from lib.request import inject
3334

@@ -143,21 +144,19 @@ def searchTable(self):
143144
infoMsg += " '%s'" % tbl
144145
logger.info(infoMsg)
145146

146-
if conf.excludeSysDbs:
147-
exclDbsQuery = "".join(" AND '%s' != %s" % (db, dbCond) for db in self.excludeDbsList)
148-
infoMsg = "skipping system databases '%s'" % ", ".join(db for db in self.excludeDbsList)
149-
logger.info(infoMsg)
150-
else:
151-
exclDbsQuery = ""
152-
153147
tblQuery = "%s%s" % (tblCond, tblCondParam)
154148
tblQuery = tblQuery % tbl
155149

156150
for db in foundTbls.keys():
151+
if conf.excludeSysDbs and db in self.excludeDbsList:
152+
infoMsg = "skipping system database '%s'" % db
153+
logger.info(infoMsg)
154+
155+
continue
156+
157157
if kb.unionPosition or conf.direct:
158158
query = rootQuery["inband"]["query"] % db
159159
query += tblQuery
160-
query += exclDbsQuery
161160
values = inject.getValue(query, blind=False)
162161

163162
if values:
@@ -204,3 +203,120 @@ def searchTable(self):
204203
foundTbls.pop(db)
205204

206205
return foundTbls
206+
207+
def searchColumn(self):
208+
rootQuery = queries[kb.dbms].searchColumn
209+
foundCols = {}
210+
dbs = {}
211+
colList = conf.col.split(",")
212+
colCond = rootQuery["inband"]["condition"]
213+
colConsider, colCondParam = self.likeOrExact("column")
214+
215+
if not len(kb.data.cachedDbs):
216+
enumDbs = self.getDbs()
217+
else:
218+
enumDbs = kb.data.cachedDbs
219+
220+
for db in enumDbs:
221+
dbs[db] = {}
222+
223+
for column in colList:
224+
infoMsg = "searching column"
225+
if colConsider == "1":
226+
infoMsg += "s like"
227+
infoMsg += " '%s'" % column
228+
logger.info(infoMsg)
229+
230+
foundCols[column] = {}
231+
232+
colQuery = "%s%s" % (colCond, colCondParam)
233+
colQuery = colQuery % column
234+
235+
for db in dbs.keys():
236+
if conf.excludeSysDbs and db in self.excludeDbsList:
237+
infoMsg = "skipping system database '%s'" % db
238+
logger.info(infoMsg)
239+
240+
continue
241+
242+
if kb.unionPosition or conf.direct:
243+
query = rootQuery["inband"]["query"] % (db, db, db, db, db)
244+
query += " AND %s" % colQuery.replace("[DB]", db)
245+
values = inject.getValue(query, blind=False)
246+
247+
if values:
248+
if isinstance(values, str):
249+
values = [ values ]
250+
251+
for foundTbl in values:
252+
if foundTbl not in dbs[db]:
253+
dbs[db][foundTbl] = {}
254+
255+
if colConsider == "1":
256+
conf.db = db
257+
conf.tbl = foundTbl
258+
conf.col = column
259+
260+
self.getColumns(onlyColNames=True)
261+
262+
dbs[db][foundTbl].update(kb.data.cachedColumns[db][foundTbl])
263+
kb.data.cachedColumns = {}
264+
else:
265+
dbs[db][foundTbl][column] = None
266+
267+
if db in foundCols[column]:
268+
foundCols[column][db].append(foundTbl)
269+
else:
270+
foundCols[column][db] = [ foundTbl ]
271+
else:
272+
foundCols[column][db] = []
273+
274+
infoMsg = "fetching number of tables containing column"
275+
if colConsider == "1":
276+
infoMsg += "s like"
277+
infoMsg += " '%s' in database '%s'" % (column, db)
278+
logger.info(infoMsg)
279+
280+
query = rootQuery["blind"]["count2"]
281+
query = query % (db, db, db, db, db)
282+
query += " AND %s" % colQuery.replace("[DB]", db)
283+
count = inject.getValue(query, inband=False, expected="int", charsetType=2)
284+
285+
if not count.isdigit() or not len(count) or count == "0":
286+
warnMsg = "no tables contain column"
287+
if colConsider == "1":
288+
warnMsg += "s like"
289+
warnMsg += " '%s' " % column
290+
warnMsg += "in database '%s'" % db
291+
logger.warn(warnMsg)
292+
293+
continue
294+
295+
indexRange = getRange(count)
296+
297+
for index in indexRange:
298+
query = rootQuery["blind"]["query2"]
299+
query = query % (db, db, db, db, db)
300+
query += " AND %s" % colQuery.replace("[DB]", db)
301+
query = agent.limitQuery(index, query, colCond.replace("[DB]", db))
302+
tbl = inject.getValue(query, inband=False)
303+
kb.hintValue = tbl
304+
305+
if tbl not in dbs[db]:
306+
dbs[db][tbl] = {}
307+
308+
if colConsider == "1":
309+
conf.db = db
310+
conf.tbl = tbl
311+
conf.col = column
312+
313+
self.getColumns(onlyColNames=True)
314+
315+
dbs[db][tbl].update(kb.data.cachedColumns[db][tbl])
316+
kb.data.cachedColumns = {}
317+
else:
318+
dbs[db][tbl][column] = None
319+
320+
foundCols[column][db].append(tbl)
321+
322+
self.dumpFoundColumn(dbs, foundCols, colConsider)

plugins/dbms/oracle/enumeration.py

Lines changed: 104 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -22,6 +22,7 @@
2222
Franklin St, Fifth Floor, Boston, MA 02110-1301 USA
2323
"""
2424

25+
from lib.core.agent import agent
2526
from lib.core.common import getRange
2627
from lib.core.data import conf
2728
from lib.core.data import kb
@@ -186,3 +187,106 @@ def searchDb(self):
186187
logger.warn(warnMsg)
187188

188189
return []
190+
191+
def searchColumn(self):
192+
rootQuery = queries[kb.dbms].searchColumn
193+
foundCols = {}
194+
dbs = { "USERS": {} }
195+
colList = conf.col.split(",")
196+
colCond = rootQuery["inband"]["condition"]
197+
colConsider, colCondParam = self.likeOrExact("column")
198+
199+
for column in colList:
200+
column = column.upper()
201+
202+
infoMsg = "searching column"
203+
if colConsider == "1":
204+
infoMsg += "s like"
205+
infoMsg += " '%s'" % column
206+
logger.info(infoMsg)
207+
208+
foundCols[column] = {}
209+
210+
colQuery = "%s%s" % (colCond, colCondParam)
211+
colQuery = colQuery % column
212+
213+
for db in dbs.keys():
214+
if kb.unionPosition or conf.direct:
215+
query = rootQuery["inband"]["query"]
216+
query += colQuery
217+
values = inject.getValue(query, blind=False)
218+
219+
if values:
220+
if isinstance(values, str):
221+
values = [ values ]
222+
223+
for foundTbl in values:
224+
if foundTbl not in dbs[db]:
225+
dbs[db][foundTbl] = {}
226+
227+
if colConsider == "1":
228+
conf.db = db
229+
conf.tbl = foundTbl
230+
conf.col = column
231+
232+
self.getColumns(onlyColNames=True)
233+
234+
dbs[db][foundTbl].update(kb.data.cachedColumns[db][foundTbl])
235+
kb.data.cachedColumns = {}
236+
else:
237+
dbs[db][foundTbl][column] = None
238+
239+
if db in foundCols[column]:
240+
foundCols[column][db].append(foundTbl)
241+
else:
242+
foundCols[column][db] = [ foundTbl ]
243+
else:
244+
foundCols[column][db] = []
245+
246+
infoMsg = "fetching number of tables containing column"
247+
if colConsider == "1":
248+
infoMsg += "s like"
249+
infoMsg += " '%s' in database '%s'" % (column, db)
250+
logger.info(infoMsg)
251+
252+
query = rootQuery["blind"]["count2"]
253+
query += " WHERE %s" % colQuery
254+
count = inject.getValue(query, inband=False, expected="int", charsetType=2)
255+
256+
if not count.isdigit() or not len(count) or count == "0":
257+
warnMsg = "no tables contain column"
258+
if colConsider == "1":
259+
warnMsg += "s like"
260+
warnMsg += " '%s' " % column
261+
warnMsg += "in database '%s'" % db
262+
logger.warn(warnMsg)
263+
264+
continue
265+
266+
indexRange = getRange(count)
267+
268+
for index in indexRange:
269+
query = rootQuery["blind"]["query2"]
270+
query += " WHERE %s" % colQuery
271+
query = agent.limitQuery(index, query)
272+
tbl = inject.getValue(query, inband=False)
273+
kb.hintValue = tbl
274+
275+
if tbl not in dbs[db]:
276+
dbs[db][tbl] = {}
277+
278+
if colConsider == "1":
279+
conf.db = db
280+
conf.tbl = tbl
281+
conf.col = column
282+
283+
self.getColumns(onlyColNames=True)
284+
285+
dbs[db][tbl].update(kb.data.cachedColumns[db][tbl])
286+
kb.data.cachedColumns = {}
287+
else:
288+
dbs[db][tbl][column] = None
289+
290+
foundCols[column][db].append(tbl)
291+
292+
self.dumpFoundColumn(dbs, foundCols, colConsider)

0 commit comments

Comments
 (0)