Thanks to visit codestin.com
Credit goes to github.com

Skip to content

Commit f412706

Browse files
stamparmstamparm
committed
minor update for MSSQL --tables (fallback to other method)
1 parent 13f2afb commit f412706

3 files changed

Lines changed: 6 additions & 6 deletions

File tree

plugins/dbms/mssqlserver/enumeration.py

Lines changed: 5 additions & 2 deletions
Original file line numberDiff line numberDiff line change
@@ -93,8 +93,11 @@ def getTables(self):
9393

9494
continue
9595

96-
query = rootQuery.inband.query.replace("%s", db)
97-
value = inject.getValue(query, blind=False)
96+
for query in (rootQuery.inband.query, rootQuery.inband.query2):
97+
query = query.replace("%s", db)
98+
value = inject.getValue(query, blind=False)
99+
if not isNoneValue(value):
100+
break
98101

99102
if not isNoneValue(value):
100103
kb.data.cachedTables[db] = arrayizeValue(value)

plugins/generic/enumeration.py

Lines changed: 0 additions & 3 deletions
Original file line numberDiff line numberDiff line change
@@ -887,9 +887,6 @@ def getTables(self, bruteForce=None):
887887
if len(dbs) < 2 and ("%s," % condition) in query:
888888
query = query.replace("%s," % condition, "", 1)
889889

890-
if Backend.isDbms(DBMS.MSSQL):
891-
query = safeStringFormat(query, conf.db)
892-
893890
value = inject.getValue(query, blind=False)
894891

895892
if not isNoneValue(value):

xml/queries.xml

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -184,7 +184,7 @@
184184
<blind query="SELECT TOP 1 name FROM master..sysdatabases WHERE name NOT IN (SELECT TOP %d name FROM master..sysdatabases ORDER BY name) ORDER BY name" count="SELECT LTRIM(STR(COUNT(name))) FROM master..sysdatabases"/>
185185
</dbs>
186186
<tables>
187-
<inband query="SELECT %s..sysusers.name+'.'+%s..sysobjects.name FROM %s..sysobjects INNER JOIN %s..sysusers ON %s..sysobjects.uid = %s..sysusers.uid WHERE xtype IN ('u', 'v')"/>
187+
<inband query="SELECT %s..sysusers.name+'.'+%s..sysobjects.name FROM %s..sysobjects INNER JOIN %s..sysusers ON %s..sysobjects.uid = %s..sysusers.uid WHERE xtype IN ('u', 'v')" query2="SELECT table_schema+'.'+table_name FROM information_schema.tables WHERE table_catalog='%s'"/>
188188
<blind query="SELECT TOP 1 %s..sysusers.name+'.'+%s..sysobjects.name FROM %s..sysobjects INNER JOIN %s..sysusers ON %s..sysobjects.uid = %s..sysusers.uid WHERE xtype IN ('u', 'v') AND %s..sysusers.name+'.'+%s..sysobjects.name NOT IN (SELECT TOP %d %s..sysusers.name+'.'+%s..sysobjects.name FROM %s..sysobjects INNER JOIN %s..sysusers ON %s..sysobjects.uid = %s..sysusers.uid WHERE xtype IN ('u', 'v') ORDER BY %s..sysusers.name+'.'+%s..sysobjects.name) ORDER BY %s..sysusers.name+'.'+%s..sysobjects.name" count="SELECT LTRIM(STR(COUNT(name))) FROM %s..sysobjects WHERE xtype IN ('u','v')"/>
189189
</tables>
190190
<columns>

0 commit comments

Comments
 (0)