Added support to search for tables (--search with -T). See #190.

plugins/dbms/mssqlserver/enumeration.py

@@ -22,6 +22,8 @@ with sqlmap; if not, write to the Free Software Foundation, Inc., 51
 Franklin St, Fifth Floor, Boston, MA  02110-1301  USA
 """
 
+from lib.core.agent import agent
+from lib.core.common import getRange
 from lib.core.data import conf
 from lib.core.data import kb
 from lib.core.data import logger
@@ -116,3 +118,89 @@ class Enumeration(GenericEnumeration):
             raise sqlmapNoneDataException(errMsg)
 
         return kb.data.cachedTables
+
+    def searchTable(self):
+        rootQuery = queries[kb.dbms].searchTable
+        foundTbls = {}
+        tblList = conf.tbl.split(",")
+        tblCond = rootQuery["inband"]["condition"]
+        dbCond = rootQuery["inband"]["condition2"]
+
+        tblConsider, tblCondParam = self.likeOrExact("table")
+
+        if not len(kb.data.cachedDbs):
+            enumDbs = self.getDbs()
+        else:
+            enumDbs = kb.data.cachedDbs
+
+        for db in enumDbs:
+            foundTbls[db] = []
+
+        for tbl in tblList:
+            infoMsg = "searching table"
+            if tblConsider == "1":
+                infoMsg += "s like"
+            infoMsg += " '%s'" % tbl
+            logger.info(infoMsg)
+
+            if conf.excludeSysDbs:
+                exclDbsQuery = "".join(" AND '%s' != %s" % (db, dbCond) for db in self.excludeDbsList)
+                infoMsg = "skipping system databases '%s'" % ", ".join(db for db in self.excludeDbsList)
+                logger.info(infoMsg)
+            else:
+                exclDbsQuery = ""
+
+            tblQuery = "%s%s" % (tblCond, tblCondParam)
+            tblQuery = tblQuery % tbl
+
+            for db in foundTbls.keys():
+                if kb.unionPosition or conf.direct:
+                    query = rootQuery["inband"]["query"] % db
+                    query += tblQuery
+                    query += exclDbsQuery
+                    values = inject.getValue(query, blind=False)
+
+                    if values:
+                        if isinstance(values, str):
+                            values = [ values ]
+
+                        for foundTbl in values:
+                            foundTbls[db].append(foundTbl)
+                else:
+                    infoMsg = "fetching number of table"
+                    if tblConsider == "1":
+                        infoMsg += "s like"
+                    infoMsg += " '%s' in database '%s'" % (tbl, db)
+                    logger.info(infoMsg)
+
+                    query = rootQuery["blind"]["count2"]
+                    query = query % db
+                    query += " AND %s" % tblQuery
+                    count = inject.getValue(query, inband=False, expected="int", charsetType=2)
+
+                    if not count.isdigit() or not len(count) or count == "0":
+                        warnMsg = "no table"
+                        if tblConsider == "1":
+                            warnMsg += "s like"
+                        warnMsg += " '%s' " % tbl
+                        warnMsg += "in database '%s'" % db
+                        logger.warn(warnMsg)
+
+                        continue
+
+                    indexRange = getRange(count)
+
+                    for index in indexRange:
+                        query = rootQuery["blind"]["query2"]
+                        query = query % db
+                        query += " AND %s" % tblQuery
+                        query = agent.limitQuery(index, query, tblCond)
+                        tbl = inject.getValue(query, inband=False)
+                        kb.hintValue = tbl
+                        foundTbls[db].append(tbl)
+
+        for db, tbls in foundTbls.items():
+            if len(tbls) == 0:
+                foundTbls.pop(db)
+
+        return foundTbls