(self)
| 49 | pass |
| 50 | |
| 51 | def searchDb(self): |
| 52 | foundDbs = [] |
| 53 | rootQuery = queries[Backend.getIdentifiedDbms()].search_db |
| 54 | dbList = conf.db.split(',') |
| 55 | |
| 56 | if Backend.isDbms(DBMS.MYSQL) and not kb.data.has_information_schema: |
| 57 | dbCond = rootQuery.inband.condition2 |
| 58 | else: |
| 59 | dbCond = rootQuery.inband.condition |
| 60 | |
| 61 | dbConsider, dbCondParam = self.likeOrExact("database") |
| 62 | |
| 63 | for db in dbList: |
| 64 | values = [] |
| 65 | db = safeSQLIdentificatorNaming(db) |
| 66 | |
| 67 | if Backend.getIdentifiedDbms() in UPPER_CASE_DBMSES: |
| 68 | db = db.upper() |
| 69 | |
| 70 | infoMsg = "searching database" |
| 71 | if dbConsider == "1": |
| 72 | infoMsg += "s LIKE" |
| 73 | infoMsg += " '%s'" % unsafeSQLIdentificatorNaming(db) |
| 74 | logger.info(infoMsg) |
| 75 | |
| 76 | if conf.excludeSysDbs: |
| 77 | exclDbsQuery = "".join(" AND '%s' != %s" % (unsafeSQLIdentificatorNaming(db), dbCond) for db in self.excludeDbsList) |
| 78 | infoMsg = "skipping system database%s '%s'" % ("s" if len(self.excludeDbsList) > 1 else "", ", ".join(db for db in self.excludeDbsList)) |
| 79 | logger.info(infoMsg) |
| 80 | else: |
| 81 | exclDbsQuery = "" |
| 82 | |
| 83 | dbQuery = "%s%s" % (dbCond, dbCondParam) |
| 84 | dbQuery = dbQuery % unsafeSQLIdentificatorNaming(db) |
| 85 | |
| 86 | if any(isTechniqueAvailable(_) for _ in (PAYLOAD.TECHNIQUE.UNION, PAYLOAD.TECHNIQUE.ERROR, PAYLOAD.TECHNIQUE.QUERY)) or conf.direct: |
| 87 | if Backend.isDbms(DBMS.MYSQL) and not kb.data.has_information_schema: |
| 88 | query = rootQuery.inband.query2 |
| 89 | else: |
| 90 | query = rootQuery.inband.query |
| 91 | |
| 92 | query = query % (dbQuery + exclDbsQuery) |
| 93 | values = inject.getValue(query, blind=False, time=False) |
| 94 | |
| 95 | if not isNoneValue(values): |
| 96 | values = arrayizeValue(values) |
| 97 | |
| 98 | for value in values: |
| 99 | value = safeSQLIdentificatorNaming(value) |
| 100 | foundDbs.append(value) |
| 101 | |
| 102 | if not values and isInferenceAvailable() and not conf.direct: |
| 103 | infoMsg = "fetching number of database" |
| 104 | if dbConsider == "1": |
| 105 | infoMsg += "s LIKE" |
| 106 | infoMsg += " '%s'" % unsafeSQLIdentificatorNaming(db) |
| 107 | logger.info(infoMsg) |
| 108 |
no test coverage detected