MCPcopy Index your code
hub / github.com/sqlmapproject/sqlmap / getUsers

Method getUsers

plugins/generic/users.py:100–168  ·  view source on GitHub ↗
(self)

Source from the content-addressed store, hash-verified

98 return kb.data.isDba
99
100 def getUsers(self):
101 infoMsg = "fetching database users"
102 logger.info(infoMsg)
103
104 rootQuery = queries[Backend.getIdentifiedDbms()].users
105
106 condition = (Backend.isDbms(DBMS.MSSQL) and Backend.isVersionWithin(("2005", "2008")))
107 condition |= (Backend.isDbms(DBMS.MYSQL) and not kb.data.has_information_schema)
108 condition |= (Backend.isDbms(DBMS.H2) and not isDBMSVersionAtLeast("2"))
109
110 if any(isTechniqueAvailable(_) for _ in (PAYLOAD.TECHNIQUE.UNION, PAYLOAD.TECHNIQUE.ERROR, PAYLOAD.TECHNIQUE.QUERY)) or conf.direct:
111 if Backend.isDbms(DBMS.MYSQL) and Backend.isFork(FORK.DRIZZLE):
112 query = rootQuery.inband.query3
113 elif condition:
114 query = rootQuery.inband.query2
115 else:
116 query = rootQuery.inband.query
117
118 values = inject.getValue(query, blind=False, time=False)
119
120 if not isNoneValue(values):
121 kb.data.cachedUsers = []
122 for value in arrayizeValue(values):
123 value = unArrayizeValue(value)
124 if not isNoneValue(value):
125 kb.data.cachedUsers.append(value)
126
127 if not kb.data.cachedUsers and isInferenceAvailable() and not conf.direct:
128 infoMsg = "fetching number of database users"
129 logger.info(infoMsg)
130
131 if Backend.isDbms(DBMS.MYSQL) and Backend.isFork(FORK.DRIZZLE):
132 query = rootQuery.blind.count3
133 elif condition:
134 query = rootQuery.blind.count2
135 else:
136 query = rootQuery.blind.count
137
138 count = inject.getValue(query, union=False, error=False, expected=EXPECTED.INT, charsetType=CHARSET_TYPE.DIGITS)
139
140 if count == 0:
141 return kb.data.cachedUsers
142 elif not isNumPosStrValue(count):
143 errMsg = "unable to retrieve the number of database users"
144 raise SqlmapNoneDataException(errMsg)
145
146 plusOne = Backend.getIdentifiedDbms() in PLUS_ONE_DBMSES
147 indexRange = getLimitRange(count, plusOne=plusOne)
148
149 for index in indexRange:
150 if Backend.getIdentifiedDbms() in (DBMS.SYBASE, DBMS.MAXDB):
151 query = rootQuery.blind.query % (kb.data.cachedUsers[-1] if kb.data.cachedUsers else " ")
152 elif Backend.isDbms(DBMS.MYSQL) and Backend.isFork(FORK.DRIZZLE):
153 query = rootQuery.blind.query3 % index
154 elif condition:
155 query = rootQuery.blind.query2 % index
156 else:
157 query = rootQuery.blind.query % index

Callers 3

getPasswordHashesMethod · 0.95
getPrivilegesMethod · 0.95
actionFunction · 0.45

Calls 15

isDBMSVersionAtLeastFunction · 0.90
isTechniqueAvailableFunction · 0.90
isNoneValueFunction · 0.90
arrayizeValueFunction · 0.90
unArrayizeValueFunction · 0.90
isInferenceAvailableFunction · 0.90
isNumPosStrValueFunction · 0.90
getLimitRangeFunction · 0.90
infoMethod · 0.80
getIdentifiedDbmsMethod · 0.80
isDbmsMethod · 0.80

Tested by

no test coverage detected