diff --git a/lib/core/common.py b/lib/core/common.py index 7d70c9262..8461ee0c5 100644 --- a/lib/core/common.py +++ b/lib/core/common.py @@ -829,6 +829,10 @@ def readInput(message, default=None, checkBatch=True): elif message[-1] == ']': message += " " + if kb.prependFlag: + message = "\n%s" % message + kb.prependFlag = False + if conf.answers: for item in conf.answers.split(','): question = item.split('=')[0].strip() @@ -2814,7 +2818,7 @@ def safeSQLIdentificatorNaming(name, isTable=False): if retVal.upper() in kb.keywords or not re.match(r"\A[A-Za-z0-9_@%s\$]+\Z" % ("." if _ else ""), retVal): # MsSQL is the only DBMS where we automatically prepend schema to table name (dot is normal) if Backend.getIdentifiedDbms() in (DBMS.MYSQL, DBMS.ACCESS): retVal = "`%s`" % retVal.strip("`") - elif Backend.getIdentifiedDbms() in (DBMS.ORACLE, DBMS.PGSQL, DBMS.DB2): + elif Backend.getIdentifiedDbms() in (DBMS.PGSQL, DBMS.DB2): retVal = "\"%s\"" % retVal.strip("\"") elif Backend.getIdentifiedDbms() in (DBMS.MSSQL,): retVal = "[%s]" % retVal.strip("[]") diff --git a/lib/core/dump.py b/lib/core/dump.py index 1d46e22c7..85c00b886 100644 --- a/lib/core/dump.py +++ b/lib/core/dump.py @@ -579,9 +579,9 @@ class Dump(object): for column in dbColumnsDict.keys(): if colConsider == "1": - colConsiderStr = "s like '" + column + "' were" + colConsiderStr = "s like '%s' were" % unsafeSQLIdentificatorNaming(column) else: - colConsiderStr = " '%s' was" % column + colConsiderStr = " '%s' was" % unsafeSQLIdentificatorNaming(column) msg = "Column%s found in the " % colConsiderStr msg += "following databases:" diff --git a/plugins/generic/databases.py b/plugins/generic/databases.py index edba26c2e..c37fad3b3 100644 --- a/plugins/generic/databases.py +++ b/plugins/generic/databases.py @@ -247,7 +247,7 @@ class Databases: return tableExists(paths.COMMON_TABLES) infoMsg = "fetching tables for database" - infoMsg += "%s: '%s'" % ("s" if len(dbs) > 1 else "", ", ".join(db if isinstance(db, basestring) else db[0] for db in sorted(dbs))) + infoMsg += "%s: '%s'" % ("s" if len(dbs) > 1 else "", ", ".join(unsafeSQLIdentificatorNaming(unArrayizeValue(db)) for db in sorted(dbs))) logger.info(infoMsg) rootQuery = queries[Backend.getIdentifiedDbms()].tables @@ -261,7 +261,7 @@ class Databases: query += " WHERE %s" % condition if conf.excludeSysDbs: - infoMsg = "skipping system database%s '%s'" % ("s" if len(self.excludeDbsList) > 1 else "", ", ".join(db for db in self.excludeDbsList)) + infoMsg = "skipping system database%s '%s'" % ("s" if len(self.excludeDbsList) > 1 else "", ", ".join(unsafeSQLIdentificatorNaming(db) for db in self.excludeDbsList)) logger.info(infoMsg) query += " IN (%s)" % ",".join("'%s'" % unsafeSQLIdentificatorNaming(db) for db in sorted(dbs) if db not in self.excludeDbsList) else: @@ -290,7 +290,7 @@ class Databases: if not kb.data.cachedTables and isInferenceAvailable() and not conf.direct: for db in dbs: if conf.excludeSysDbs and db in self.excludeDbsList: - infoMsg = "skipping system database '%s'" % db + infoMsg = "skipping system database '%s'" % unsafeSQLIdentificatorNaming(db) logger.info(infoMsg) continue @@ -569,7 +569,7 @@ class Databases: and conf.db in kb.data.cachedColumns and tbl in \ kb.data.cachedColumns[conf.db]: infoMsg = "fetched tables' columns on " - infoMsg += "database '%s'" % conf.db + infoMsg += "database '%s'" % unsafeSQLIdentificatorNaming(conf.db) logger.info(infoMsg) return {conf.db: kb.data.cachedColumns[conf.db]} @@ -692,7 +692,7 @@ class Databases: if not kb.data.cachedColumns: warnMsg = "unable to retrieve column names for " - warnMsg += ("table '%s' " % tblList[0]) if len(tblList) == 1 else "any table " + warnMsg += ("table '%s' " % unsafeSQLIdentificatorNaming(unArrayizeValue(tblList))) if len(tblList) == 1 else "any table " warnMsg += "in database '%s'" % unsafeSQLIdentificatorNaming(conf.db) logger.warn(warnMsg) diff --git a/plugins/generic/entries.py b/plugins/generic/entries.py index 1db68a1d7..b381f1e97 100644 --- a/plugins/generic/entries.py +++ b/plugins/generic/entries.py @@ -363,7 +363,7 @@ class Entries: self.dumpTable() except SqlmapNoneDataException: - infoMsg = "skipping table '%s'" % table + infoMsg = "skipping table '%s'" % unsafeSQLIdentificatorNaming(table) logger.info(infoMsg) def dumpFoundColumn(self, dbs, foundCols, colConsider): @@ -378,7 +378,7 @@ class Entries: for db, tblData in dbs.items(): if tblData: - message += "[%s]\n" % db + message += "[%s]\n" % unsafeSQLIdentificatorNaming(db) message += "[q]uit" test = readInput(message, default="a") @@ -396,7 +396,7 @@ class Entries: conf.db = db dumpFromTbls = [] - message = "which table(s) of database '%s'?\n" % db + message = "which table(s) of database '%s'?\n" % unsafeSQLIdentificatorNaming(db) message += "[a]ll (default)\n" for tbl in tblData: @@ -441,7 +441,7 @@ class Entries: for db, tablesList in tables.items(): if tablesList: - message += "[%s]\n" % db + message += "[%s]\n" % unsafeSQLIdentificatorNaming(db) message += "[q]uit" test = readInput(message, default="a") @@ -459,11 +459,11 @@ class Entries: conf.db = db dumpFromTbls = [] - message = "which table(s) of database '%s'?\n" % db + message = "which table(s) of database '%s'?\n" % unsafeSQLIdentificatorNaming(db) message += "[a]ll (default)\n" for tbl in tablesList: - message += "[%s]\n" % tbl + message += "[%s]\n" % unsafeSQLIdentificatorNaming(tbl) message += "[s]kip\n" message += "[q]uit" diff --git a/plugins/generic/search.py b/plugins/generic/search.py index 0e89a27cf..02b661144 100644 --- a/plugins/generic/search.py +++ b/plugins/generic/search.py @@ -508,7 +508,6 @@ class Search: colQuery = colQuery % unsafeSQLIdentificatorNaming(column) for db in dbData: - db = safeSQLIdentificatorNaming(db) conf.db = origDb conf.tbl = origTbl @@ -519,7 +518,7 @@ class Search: logger.info(infoMsg) query = rootQuery.blind.count2 - query = query % db + query = query % unsafeSQLIdentificatorNaming(db) query += " AND %s" % colQuery query += whereTblsQuery @@ -545,7 +544,7 @@ class Search: else: query += " AND %s" % (colQuery + whereTblsQuery) - query = safeStringFormat(query, db) + query = safeStringFormat(query, unsafeSQLIdentificatorNaming(db)) query = agent.limitQuery(index, query) tbl = unArrayizeValue(inject.getValue(query, union=False, error=False))