refactoring, cleanup and improvement

lib/core/common.py

@@ -2444,3 +2444,37 @@ def normalizeUnicode(value):
     if isinstance(value, unicode):
         retVal = unicodedata.normalize('NFKD', value).encode('ascii','ignore')
     return retVal
+
+def safeSQLIdentificatorNaming(name, isTable=False):
+    """
+    Returns a safe representation of SQL identificator name
+    """
+    retVal = name
+    if isinstance(name, basestring):
+        if isTable and Backend.getIdentifiedDbms() in (DBMS.MSSQL, DBMS.SYBASE) and '.' not in name:
+            name = "%s.%s" % (DEFAULT_MSSQL_SCHEMA, name)
+
+        parts = name.split('.')
+        for i in range(len(parts)):
+            if not re.match(r"\A[A-Za-z0-9_]+\Z", parts[i]):
+                if Backend.getIdentifiedDbms() in (DBMS.MYSQL, DBMS.ACCESS):
+                    parts[i] = "`%s`" % parts[i].strip("`")
+                elif Backend.getIdentifiedDbms() in (DBMS.MSSQL, DBMS.ORACLE, DBMS.PGSQL):
+                    parts[i] = "\"%s\"" % parts[i].strip("\"")
+        retVal = ".".join(parts)
+
+    return retVal
+
+def unsafeSQLIdentificatorNaming(name):
+    """
+    Extracts identificator's name from it's safe SQL representation
+    """
+    retVal = name
+    if isinstance(name, basestring):
+        if Backend.getIdentifiedDbms() in (DBMS.MYSQL, DBMS.ACCESS):
+            retVal = name.replace("`", "")
+        elif Backend.getIdentifiedDbms() in (DBMS.MSSQL, DBMS.ORACLE, DBMS.PGSQL):
+            retVal = name.replace("\"", "")
+        if Backend.getIdentifiedDbms() in (DBMS.MSSQL, DBMS.SYBASE):
+            retVal = retVal.lstrip("%s." % DEFAULT_MSSQL_SCHEMA)
+    return retVal

lib/core/option.py

@@ -1307,6 +1307,7 @@ def __useWizardInterface():
         map(lambda x: conf.__setitem__(x, True), ['getBanner', 'getCurrentUser', 'getCurrentDb', 'isDba'])
 
     conf.batch = True
+    conf.threads = 4
     print
 
 def __saveCmdline():

lib/techniques/brute/use.py

@@ -22,6 +22,7 @@ from lib.core.common import pushValue
 from lib.core.common import randomInt
 from lib.core.common import readInput
 from lib.core.common import safeStringFormat
+from lib.core.common import safeSQLIdentificatorNaming
 from lib.core.data import conf
 from lib.core.data import kb
 from lib.core.data import logger
@@ -60,7 +61,7 @@ def tableExists(tableFile, regex=None):
     def tableExistsThread():
         while count[0] < length and kb.threadContinue:
             tbllock.acquire()
-            table = tables[count[0]]
+            table = safeSQLIdentificatorNaming(tables[count[0]])
             count[0] += 1
             tbllock.release()
 
@@ -165,6 +166,7 @@ def columnExists(columnFile, regex=None):
         table = "%s%s%s" % (conf.db, '..' if Backend.getIdentifiedDbms() in (DBMS.MSSQL, DBMS.SYBASE) else '.', conf.tbl)
     else:
         table = conf.tbl
+    table = safeSQLIdentificatorNaming(table)
 
     retVal = []
     infoMsg = "checking column existence using items from '%s'" % columnFile
@@ -180,7 +182,7 @@ def columnExists(columnFile, regex=None):
     def columnExistsThread():
         while count[0] < length and kb.threadContinue:
             collock.acquire()
-            column = columns[count[0]]
+            column = safeSQLIdentificatorNaming(columns[count[0]])
             count[0] += 1
             collock.release()