Fixes #2603

2025-12-30 19:39:08 +00:00 · 2017-08-28 13:02:08 +02:00
parent c871cedae4
commit cb2258fea4
5 changed files with 27 additions and 8 deletions
--- a/lib/controller/checks.py
+++ b/lib/controller/checks.py
@@ -259,7 +259,13 @@ def checkSqlInjection(place, parameter, value):
                # provided DBMS
                if conf.dbms is not None and not intersect(payloadDbms, conf.dbms, True):
                    debugMsg = "skipping test '%s' because " % title
-                    debugMsg += "the provided DBMS is %s" % conf.dbms
+                    debugMsg += "it is different than provided"
+                    logger.debug(debugMsg)
+                    continue
+
+                if kb.dbmsFilter is not None and not intersect(payloadDbms, kb.dbmsFilter, True):
+                    debugMsg = "skipping test '%s' because " % title
+                    debugMsg += "it is different than provided"
                    logger.debug(debugMsg)
                    continue

@@ -618,7 +624,9 @@ def checkSqlInjection(place, parameter, value):

                            configUnion(test.request.char, test.request.columns)

-                            if not Backend.getIdentifiedDbms():
+                            if len(kb.dbmsFilter or []) == 1:
+                                Backend.forceDbms(kb.dbmsFilter[0])
+                            elif not Backend.getIdentifiedDbms():
                                if kb.heuristicDbms is None:
                                    warnMsg = "using unescaped version of the test "
                                    warnMsg += "because of zero knowledge of the "
--- a/lib/controller/handler.py
+++ b/lib/controller/handler.py
@@ -82,6 +82,10 @@ def setHandler():
            else:
                kb.dbms = conf.dbms = conf.forceDbms = dbms

+        if kb.dbmsFilter:
+            if dbms not in kb.dbmsFilter:
+                continue
+
        handler = Handler()
        conf.dbmsConnector = Connector()

--- a/lib/core/option.py
+++ b/lib/core/option.py
@@ -1700,7 +1700,13 @@ def _cleanupOptions():
        conf.dbms = conf.forceDbms

    if conf.dbms:
-        conf.dbms = conf.dbms.capitalize()
+        kb.dbmsFilter = []
+        for _ in conf.dbms.split(','):
+            for dbms, aliases in DBMS_ALIASES:
+                if _.strip().lower() in aliases:
+                    kb.dbmsFilter.append(dbms)
+                    conf.dbms = dbms if conf.dbms and ',' not in conf.dbms else None
+                    break

    if conf.testFilter:
        conf.testFilter = conf.testFilter.strip('*+')
@@ -1905,6 +1911,7 @@ def _setKnowledgeBaseAttributes(flushAll=True):

    # Active back-end DBMS fingerprint
    kb.dbms = None
+    kb.dbmsFilter = []
    kb.dbmsVersion = [UNKNOWN_DBMS_VERSION]

    kb.delayCandidates = TIME_DELAY_CANDIDATES * [0]
--- a/lib/core/settings.py
+++ b/lib/core/settings.py
@@ -19,7 +19,7 @@ from lib.core.enums import DBMS_DIRECTORY_NAME
 from lib.core.enums import OS

 # sqlmap version (<major>.<minor>.<month>.<monthly commit>)
-VERSION = "1.1.8.14"
+VERSION = "1.1.8.15"
 TYPE = "dev" if VERSION.count('.') > 2 and VERSION.split('.')[-1] != '0' else "stable"
 TYPE_COLORS = {"dev": 33, "stable": 90, "pip": 34}
 VERSION_STRING = "sqlmap/%s#%s" % ('.'.join(VERSION.split('.')[:-1]) if VERSION.count('.') > 2 and VERSION.split('.')[-1] == '0' else VERSION, TYPE)