From b1babeefe51c07a29badaae3a19d1f416ba39426 Mon Sep 17 00:00:00 2001
From: Miroslav Stampar <miroslav.stampar@gmail.com>
Date: Sat, 11 Dec 2010 22:00:16 +0000
Subject: [PATCH] update regarding dumping of tables with blind on Sqlite

---
 lib/core/common.py             | 10 ++++++++++
 plugins/generic/enumeration.py | 20 +++++++++++++-------
 xml/queries.xml                |  1 +
 3 files changed, 24 insertions(+), 7 deletions(-)

diff --git a/lib/core/common.py b/lib/core/common.py
index 95c1dbc4d..96dff8293 100644
--- a/lib/core/common.py
+++ b/lib/core/common.py
@@ -1729,3 +1729,13 @@ def isDBMSVersionAtLeast(version):
         retVal = value >= version
 
     return retVal
+
+def parseSqliteTableSchema(value):
+    table = {}
+    columns = {}
+
+    for match in re.finditer(getCompiledRegex(r"(\w+) ([A-Z]+)[,\r\n]"), value):
+        columns[match.group(1)] = match.group(2)
+
+    table[conf.tbl] = columns
+    kb.data.cachedColumns[conf.db] = table
diff --git a/plugins/generic/enumeration.py b/plugins/generic/enumeration.py
index c864e3598..a101be7f9 100644
--- a/plugins/generic/enumeration.py
+++ b/plugins/generic/enumeration.py
@@ -19,6 +19,7 @@ from lib.core.common import getFileItems
 from lib.core.common import getUnicode
 from lib.core.common import isNumPosStrValue
 from lib.core.common import parsePasswordHash
+from lib.core.common import parseSqliteTableSchema
 from lib.core.common import popValue
 from lib.core.common import pushValue
 from lib.core.common import randomStr
@@ -949,16 +950,14 @@ class Enumeration:
 
             value = inject.getValue(query, blind=False, error=False)
 
-            if value:
+            if kb.dbms == DBMS.SQLITE:
+                parseSqliteTableSchema(value)
+            elif value:
                 table = {}
                 columns = {}
 
-                if kb.dbms == DBMS.SQLITE:
-                    for match in re.finditer(getCompiledRegex(r"(\w+) ([A-Z]+)[,\r\n]"), value):
-                        columns[match.group(1)] = match.group(2)
-                else:
-                    for column, colType in value:
-                        columns[column] = colType
+                for column, colType in value:
+                    columns[column] = colType
 
                 table[conf.tbl] = columns
                 kb.data.cachedColumns[conf.db] = table
@@ -981,6 +980,13 @@ class Enumeration:
             elif kb.dbms == DBMS.FIREBIRD:
                 query = rootQuery.blind.count % (conf.tbl)
                 query += condQuery
+            elif kb.dbms == DBMS.SQLITE:
+                query = rootQuery.blind.query % conf.tbl
+                value = inject.getValue(query, inband=False)
+
+                parseSqliteTableSchema(value)
+
+                return kb.data.cachedColumns
 
             count = inject.getValue(query, inband=False, expected=EXPECTED.INT, charsetType=2)
 
diff --git a/xml/queries.xml b/xml/queries.xml
index 43e4dacee..35be87b00 100644
--- a/xml/queries.xml
+++ b/xml/queries.xml
@@ -320,6 +320,7 @@
         </tables>
         <columns>
             <inband query="SELECT sql FROM sqlite_master WHERE tbl_name='%s'"/>
+            <blind query="SELECT sql FROM sqlite_master WHERE tbl_name='%s'" condition=""/>
         </columns>
         <dump_table>
             <inband query="SELECT %s FROM %s"/>