PenTest/sqlmap
1
0
Fork 0
mirror of https://github.com/sqlmapproject/sqlmap.git synced 2025-12-07 13:11:29 +00:00
Code Issues Projects Releases Wiki Activity

Added support for --privileges on MSSQL to test wheter or not the DBMS users are DBA

Browse Source
This commit is contained in:
Bernardo Damele
2011-02-10 14:24:04 +00:00
parent a2c20acf94
commit c078de894f
3 changed files with 44 additions and 12 deletions
Download Patch File Download Diff File Expand all files Collapse all files

28
plugins/dbms/mssqlserver/enumeration.py
View File

@@ -29,11 +29,33 @@ class Enumeration(GenericEnumeration):
GenericEnumeration.__init__(self)
def getPrivileges(self, *args):
warnMsg = "on Microsoft SQL Server it is not possible to fetch "
warnMsg += "database users privileges"
warnMsg = "on Microsoft SQL Server it is not possible to fetch "
warnMsg += "database users privileges, sqlmap will check whether "
warnMsg += "or not the database users are database administrators"
logger.warn(warnMsg)
return {}
users = []
areAdmins = set()
if conf.user:
users = [ conf.user ]
elif not len(kb.data.cachedUsers):
users = self.getUsers()
else:
users = kb.data.cachedUsers
for user in users:
if user is None:
continue
isDba = self.isDba(user)
if isDba is True:
areAdmins.add(user)
kb.data.cachedUsersPrivileges[user] = None
return ( kb.data.cachedUsersPrivileges, areAdmins )
def getTables(self):
infoMsg = "fetching tables"