Thanks to visit codestin.com
Credit goes to github.com

Skip to content

Commit f918435

Browse files
bdamelebdamele
committed
Major bug fix when the CU alias (current user) is given (with -U option)
together with --privileges or --password to work properly also on MySQL >= 5.0.
1 parent 8f973ce commit f918435

1 file changed

Lines changed: 18 additions & 1 deletion

File tree

plugins/generic/enumeration.py

Lines changed: 18 additions & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -206,6 +206,12 @@ def getPasswordHashes(self):
206206
query += " WHERE "
207207
query += " OR ".join("%s = '%s'" % (condition, user) for user in users)
208208
else:
209+
if kb.dbms == "MySQL":
210+
parsedUser = re.search("[\047]*(.*?)[\047]*\@", conf.user)
211+
212+
if parsedUser:
213+
conf.user = parsedUser.groups()[0]
214+
209215
query += " WHERE %s = '%s'" % (condition, conf.user)
210216

211217
value = inject.getValue(query, blind=False)
@@ -238,7 +244,7 @@ def getPasswordHashes(self):
238244

239245
for user in users:
240246
if kb.dbms == "MySQL":
241-
parsedUser = re.search("\047(.*?)\047@'", user)
247+
parsedUser = re.search("[\047]*(.*?)[\047]*\@", user)
242248

243249
if parsedUser:
244250
user = parsedUser.groups()[0]
@@ -386,6 +392,12 @@ def getPrivileges(self):
386392
else:
387393
query += " OR ".join("%s = '%s'" % (condition, user) for user in users)
388394
else:
395+
if kb.dbms == "MySQL":
396+
parsedUser = re.search("[\047]*(.*?)[\047]*\@", conf.user)
397+
398+
if parsedUser:
399+
conf.user = parsedUser.groups()[0]
400+
389401
# NOTE: I assume that the user provided is not in
390402
# MySQL >= 5.0 syntax 'user'@'host'
391403
if kb.dbms == "MySQL" and self.has_information_schema:
@@ -449,6 +461,11 @@ def getPrivileges(self):
449461
for user in conf.user.split(","):
450462
users.add("%" + user + "%")
451463
else:
464+
parsedUser = re.search("[\047]*(.*?)[\047]*\@", conf.user)
465+
466+
if parsedUser:
467+
conf.user = parsedUser.groups()[0]
468+
452469
users = [ "%" + conf.user + "%" ]
453470

454471
elif "," in conf.user:

0 commit comments

Comments
 (0)