diff --git a/plugins/dbms/oracle/enumeration.py b/plugins/dbms/oracle/enumeration.py
index ce39df1f7..142a36b02 100644
--- a/plugins/dbms/oracle/enumeration.py
+++ b/plugins/dbms/oracle/enumeration.py
@@ -168,118 +168,3 @@ class Enumeration(GenericEnumeration):
raise sqlmapNoneDataException, errMsg
return ( kb.data.cachedUsersRoles, areAdmins )
-
- def searchColumn(self):
- rootQuery = queries[Backend.getIdentifiedDbms()].search_column
- foundCols = {}
- dbs = { "USERS": {} }
- colList = conf.col.split(",")
- colCond = rootQuery.inband.condition
-
- colConsider, colCondParam = self.likeOrExact("column")
-
- for column in colList:
- column = safeSQLIdentificatorNaming(column)
- column = column.upper()
-
- infoMsg = "searching column"
- if colConsider == "1":
- infoMsg += "s like"
- infoMsg += " '%s'" % unsafeSQLIdentificatorNaming(column)
- logger.info(infoMsg)
-
- foundCols[column] = {}
-
- colQuery = "%s%s" % (colCond, colCondParam)
- colQuery = colQuery % unsafeSQLIdentificatorNaming(column)
-
- for db in dbs.keys():
- db = safeSQLIdentificatorNaming(db)
-
- if isTechniqueAvailable(PAYLOAD.TECHNIQUE.UNION) or isTechniqueAvailable(PAYLOAD.TECHNIQUE.ERROR) or conf.direct:
- query = rootQuery.inband.query
- query += colQuery
- values = inject.getValue(query, blind=False)
-
- if not isNoneValue(values):
- if isinstance(values, basestring):
- values = [ values ]
-
- for foundTbl in values:
- foundTbl = safeSQLIdentificatorNaming(foundTbl, True)
-
- if foundTbl is None:
- continue
-
- if foundTbl not in dbs[db]:
- dbs[db][foundTbl] = {}
-
- if colConsider == "1":
- conf.db = db
- conf.tbl = foundTbl
- conf.col = column
-
- self.getColumns(onlyColNames=True, colTuple=(colConsider, colCondParam))
-
- dbs[db][foundTbl].update(kb.data.cachedColumns[db][foundTbl])
- kb.data.cachedColumns = {}
- else:
- dbs[db][foundTbl][column] = None
-
- if db in foundCols[column]:
- foundCols[column][db].append(foundTbl)
- else:
- foundCols[column][db] = [ foundTbl ]
- else:
- foundCols[column][db] = []
-
- infoMsg = "fetching number of tables containing column"
- if colConsider == "1":
- infoMsg += "s like"
- infoMsg += " '%s' in database '%s'" % (column, db)
- logger.info(infoMsg)
-
- query = rootQuery.blind.count2
- query += " WHERE %s" % colQuery
- count = inject.getValue(query, inband=False, error=False, expected=EXPECTED.INT, charsetType=2)
-
- if not isNumPosStrValue(count):
- warnMsg = "no tables contain column"
- if colConsider == "1":
- warnMsg += "s like"
- warnMsg += " '%s' " % column
- warnMsg += "in database '%s'" % db
- logger.warn(warnMsg)
-
- continue
-
- indexRange = getRange(count)
-
- for index in indexRange:
- query = rootQuery.blind.query2
- query += " WHERE %s" % colQuery
- query = agent.limitQuery(index, query)
- tbl = inject.getValue(query, inband=False, error=False)
- kb.hintValue = tbl
-
- tbl = safeSQLIdentificatorNaming(tbl, True)
-
- if tbl not in dbs[db]:
- dbs[db][tbl] = {}
-
- if colConsider == "1":
- conf.db = db
- conf.tbl = tbl
- conf.col = column
-
- self.getColumns(onlyColNames=True, colTuple=(colConsider, colCondParam))
-
- if db in kb.data.cachedColumns and tbl in kb.data.cachedColumns[db]:
- dbs[db][tbl].update(kb.data.cachedColumns[db][tbl])
- kb.data.cachedColumns = {}
- else:
- dbs[db][tbl][column] = None
-
- foundCols[column][db].append(tbl)
-
- self.dumpFoundColumn(dbs, foundCols, colConsider)
diff --git a/plugins/generic/enumeration.py b/plugins/generic/enumeration.py
index 73c86c5b3..d3f1d4526 100644
--- a/plugins/generic/enumeration.py
+++ b/plugins/generic/enumeration.py
@@ -2193,7 +2193,7 @@ class Enumeration:
for column in colList:
column = safeSQLIdentificatorNaming(column)
- if Backend.isDbms(DBMS.DB2):
+ if Backend.getIdentifiedDbms() in (DBMS.ORACLE, DBMS.DB2):
column = column.upper()
infoMsg = "searching column"
@@ -2259,43 +2259,49 @@ class Enumeration:
else:
foundCols[column][foundDb] = [ foundTbl ]
else:
- infoMsg = "fetching number of databases with tables containing column"
- if colConsider == "1":
- infoMsg += "s like"
- infoMsg += " '%s'" % column
- logger.info(infoMsg)
-
- query = rootQuery.blind.count
- query += colQuery
- query += whereDbsQuery
- count = inject.getValue(query, inband=False, error=False, expected=EXPECTED.INT, charsetType=2)
-
- if not isNumPosStrValue(count):
- warnMsg = "no databases have tables containing column"
+ if not conf.db:
+ infoMsg = "fetching number of databases with tables containing column"
if colConsider == "1":
- warnMsg += "s like"
- warnMsg += " '%s'" % column
- logger.warn(warnMsg)
+ infoMsg += "s like"
+ infoMsg += " '%s'" % column
+ logger.info(infoMsg)
- continue
-
- indexRange = getRange(count)
-
- for index in indexRange:
- query = rootQuery.blind.query
+ query = rootQuery.blind.count
query += colQuery
query += whereDbsQuery
- if Backend.isDbms(DBMS.DB2):
- query += ") AS foobar"
- query = agent.limitQuery(index, query)
- db = inject.getValue(query, inband=False, error=False)
- db = safeSQLIdentificatorNaming(db)
+ count = inject.getValue(query, inband=False, error=False, expected=EXPECTED.INT, charsetType=2)
- if db not in dbs:
+ if not isNumPosStrValue(count):
+ warnMsg = "no databases have tables containing column"
+ if colConsider == "1":
+ warnMsg += "s like"
+ warnMsg += " '%s'" % column
+ logger.warn(warnMsg)
+
+ continue
+
+ indexRange = getRange(count)
+
+ for index in indexRange:
+ query = rootQuery.blind.query
+ query += colQuery
+ query += whereDbsQuery
+ if Backend.isDbms(DBMS.DB2):
+ query += ") AS foobar"
+ query = agent.limitQuery(index, query)
+ db = inject.getValue(query, inband=False, error=False)
+ db = safeSQLIdentificatorNaming(db)
+
+ if db not in dbs:
+ dbs[db] = {}
+
+ if db not in foundCols[column]:
+ foundCols[column][db] = []
+ else:
+ for db in conf.db.split(","):
dbs[db] = {}
-
- if db not in foundCols[column]:
- foundCols[column][db] = []
+ if db not in foundCols[column]:
+ foundCols[column][db] = []
for column, dbData in foundCols.items():
colQuery = "%s%s" % (colCond, colCondParam)
@@ -2358,6 +2364,11 @@ class Enumeration:
self.dumpFoundColumn(dbs, foundCols, colConsider)
def search(self):
+ if conf.db and Backend.getIdentifiedDbms() in (DBMS.ORACLE, DBMS.DB2):
+ for item in ('db', 'tbl', 'col'):
+ if getattr(conf, item, None):
+ setattr(conf, item, getattr(conf, item).upper())
+
if conf.col:
self.searchColumn()
diff --git a/xml/queries.xml b/xml/queries.xml
index b0bbe7330..9bb183b31 100644
--- a/xml/queries.xml
+++ b/xml/queries.xml
@@ -290,8 +290,8 @@
-
-
+
+