PenTest/sqlmap
1
0
Fork 0
mirror of https://github.com/sqlmapproject/sqlmap.git synced 2025-12-06 20:51:31 +00:00
Code Issues Projects Releases Wiki Activity

fix for --search on Oracle

Browse Source
This commit is contained in:
Miroslav Stampar
2011-12-02 18:13:27 +00:00
parent b9ae28dd5e
commit 39b406c5c1
3 changed files with 45 additions and 149 deletions
Download Patch File Download Diff File Expand all files Collapse all files

115
plugins/dbms/oracle/enumeration.py
View File

@@ -168,118 +168,3 @@ class Enumeration(GenericEnumeration):
raise sqlmapNoneDataException, errMsg
return ( kb.data.cachedUsersRoles, areAdmins )
def searchColumn(self):
rootQuery = queries[Backend.getIdentifiedDbms()].search_column
foundCols = {}
dbs = { "USERS": {} }
colList = conf.col.split(",")
colCond = rootQuery.inband.condition
colConsider, colCondParam = self.likeOrExact("column")
for column in colList:
column = safeSQLIdentificatorNaming(column)
column = column.upper()
infoMsg = "searching column"
if colConsider == "1":
infoMsg += "s like"
infoMsg += " '%s'" % unsafeSQLIdentificatorNaming(column)
logger.info(infoMsg)
foundCols[column] = {}
colQuery = "%s%s" % (colCond, colCondParam)
colQuery = colQuery % unsafeSQLIdentificatorNaming(column)
for db in dbs.keys():
db = safeSQLIdentificatorNaming(db)
if isTechniqueAvailable(PAYLOAD.TECHNIQUE.UNION) or isTechniqueAvailable(PAYLOAD.TECHNIQUE.ERROR) or conf.direct:
query = rootQuery.inband.query
query += colQuery
values = inject.getValue(query, blind=False)
if not isNoneValue(values):
if isinstance(values, basestring):
values = [ values ]
for foundTbl in values:
foundTbl = safeSQLIdentificatorNaming(foundTbl, True)
if foundTbl is None:
continue
if foundTbl not in dbs[db]:
dbs[db][foundTbl] = {}
if colConsider == "1":
conf.db = db
conf.tbl = foundTbl
conf.col = column
self.getColumns(onlyColNames=True, colTuple=(colConsider, colCondParam))
dbs[db][foundTbl].update(kb.data.cachedColumns[db][foundTbl])
kb.data.cachedColumns = {}
else:
dbs[db][foundTbl][column] = None
if db in foundCols[column]:
foundCols[column][db].append(foundTbl)
else:
foundCols[column][db] = [ foundTbl ]
else:
foundCols[column][db] = []
infoMsg = "fetching number of tables containing column"
if colConsider == "1":
infoMsg += "s like"
infoMsg += " '%s' in database '%s'" % (column, db)
logger.info(infoMsg)
query = rootQuery.blind.count2
query += " WHERE %s" % colQuery
count = inject.getValue(query, inband=False, error=False, expected=EXPECTED.INT, charsetType=2)
if not isNumPosStrValue(count):
warnMsg = "no tables contain column"
if colConsider == "1":
warnMsg += "s like"
warnMsg += " '%s' " % column
warnMsg += "in database '%s'" % db
logger.warn(warnMsg)
continue
indexRange = getRange(count)
for index in indexRange:
query = rootQuery.blind.query2
query += " WHERE %s" % colQuery
query = agent.limitQuery(index, query)
tbl = inject.getValue(query, inband=False, error=False)
kb.hintValue = tbl
tbl = safeSQLIdentificatorNaming(tbl, True)
if tbl not in dbs[db]:
dbs[db][tbl] = {}
if colConsider == "1":
conf.db = db
conf.tbl = tbl
conf.col = column
self.getColumns(onlyColNames=True, colTuple=(colConsider, colCondParam))
if db in kb.data.cachedColumns and tbl in kb.data.cachedColumns[db]:
dbs[db][tbl].update(kb.data.cachedColumns[db][tbl])
kb.data.cachedColumns = {}
else:
dbs[db][tbl][column] = None
foundCols[column][db].append(tbl)
self.dumpFoundColumn(dbs, foundCols, colConsider)