(self, query2=False)
| 375 | return kb.data.cachedUsersPasswords |
| 376 | |
| 377 | def getPrivileges(self, query2=False): |
| 378 | infoMsg = "fetching database users privileges" |
| 379 | |
| 380 | rootQuery = queries[Backend.getIdentifiedDbms()].privileges |
| 381 | |
| 382 | if conf.user == CURRENT_USER: |
| 383 | infoMsg += " for current user" |
| 384 | conf.user = self.getCurrentUser() |
| 385 | |
| 386 | logger.info(infoMsg) |
| 387 | |
| 388 | if conf.user and Backend.getIdentifiedDbms() in (DBMS.ORACLE, DBMS.DB2): |
| 389 | conf.user = conf.user.upper() |
| 390 | |
| 391 | if conf.user: |
| 392 | users = conf.user.split(',') |
| 393 | |
| 394 | if Backend.isDbms(DBMS.MYSQL): |
| 395 | for user in users: |
| 396 | parsedUser = re.search(r"['\"]?(.*?)['\"]?\@", user) |
| 397 | |
| 398 | if parsedUser: |
| 399 | users[users.index(user)] = parsedUser.groups()[0] |
| 400 | else: |
| 401 | users = [] |
| 402 | |
| 403 | users = [_ for _ in users if _] |
| 404 | |
| 405 | # Set containing the list of DBMS administrators |
| 406 | areAdmins = set() |
| 407 | |
| 408 | if not kb.data.cachedUsersPrivileges and any(isTechniqueAvailable(_) for _ in (PAYLOAD.TECHNIQUE.UNION, PAYLOAD.TECHNIQUE.ERROR, PAYLOAD.TECHNIQUE.QUERY)) or conf.direct: |
| 409 | if Backend.isDbms(DBMS.MYSQL) and not kb.data.has_information_schema: |
| 410 | query = rootQuery.inband.query2 |
| 411 | condition = rootQuery.inband.condition2 |
| 412 | elif Backend.isDbms(DBMS.ORACLE) and query2: |
| 413 | query = rootQuery.inband.query2 |
| 414 | condition = rootQuery.inband.condition2 |
| 415 | else: |
| 416 | query = rootQuery.inband.query |
| 417 | condition = rootQuery.inband.condition |
| 418 | |
| 419 | if conf.user: |
| 420 | query += " WHERE " |
| 421 | |
| 422 | if Backend.isDbms(DBMS.MYSQL) and kb.data.has_information_schema: |
| 423 | query += " OR ".join("%s LIKE '%%%s%%'" % (condition, user) for user in sorted(users)) |
| 424 | else: |
| 425 | query += " OR ".join("%s = '%s'" % (condition, user) for user in sorted(users)) |
| 426 | |
| 427 | values = inject.getValue(query, blind=False, time=False) |
| 428 | |
| 429 | if not values and Backend.isDbms(DBMS.ORACLE) and not query2: |
| 430 | infoMsg = "trying with table 'USER_SYS_PRIVS'" |
| 431 | logger.info(infoMsg) |
| 432 | |
| 433 | return self.getPrivileges(query2=True) |
| 434 |
no test coverage detected