Important fix (Issue sqlmapproject#489) - we had a bad presumption than only public schema could be used for enumeration (while all schemas inside a current db could be used)

stamparm · stamparm · commit dbb0d7f7002f · 2013-07-19T13:24:35.000+02:00
diff --git a/lib/core/dump.py b/lib/core/dump.py
@@ -143,7 +143,7 @@ def currentUser(self, data):
     def currentDb(self, data):
         if Backend.isDbms(DBMS.MAXDB):
             self.string("current database (no practical usage on %s)" % Backend.getIdentifiedDbms(), data, content_type=CONTENT_TYPE.CURRENT_DB)
-        elif Backend.isDbms(DBMS.ORACLE):
+        elif Backend.getIdentifiedDbms() in (DBMS.ORACLE, DBMS.PGSQL):
             self.string("current schema (equivalent to database on %s)" % Backend.getIdentifiedDbms(), data, content_type=CONTENT_TYPE.CURRENT_DB)
         else:
             self.string("current database", data, content_type=CONTENT_TYPE.CURRENT_DB)
diff --git a/plugins/dbms/postgresql/fingerprint.py b/plugins/dbms/postgresql/fingerprint.py
@@ -171,13 +171,3 @@ def checkDbmsOs(self, detailed=False):
         logger.info(infoMsg)
 
         self.cleanup(onlyFileTbl=True)
-
-    def forceDbmsEnum(self):
-        if conf.db not in PGSQL_SYSTEM_DBS and conf.db != "public":
-            conf.db = "public"
-
-            warnMsg = "on %s it is possible to enumerate " % DBMS.PGSQL
-            warnMsg += "only on the current schema and/or system databases. "
-            warnMsg += "sqlmap is going to use 'public' schema as a "
-            warnMsg += "database name"
-            singleTimeWarnMessage(warnMsg)
diff --git a/plugins/generic/databases.py b/plugins/generic/databases.py
@@ -20,6 +20,7 @@
 from lib.core.common import pushValue
 from lib.core.common import readInput
 from lib.core.common import safeSQLIdentificatorNaming
+from lib.core.common import singleTimeWarnMessage
 from lib.core.common import unArrayizeValue
 from lib.core.common import unsafeSQLIdentificatorNaming
 from lib.core.data import conf
@@ -62,6 +63,12 @@ def getCurrentDb(self):
         if not kb.data.currentDb:
             kb.data.currentDb = unArrayizeValue(inject.getValue(query, safeCharEncode=False))
 
+        if Backend.getIdentifiedDbms() in (DBMS.ORACLE, DBMS.DB2, DBMS.PGSQL):
+            warnMsg = "on %s you'll need to use " % Backend.getIdentifiedDbms()
+            warnMsg += "schema names for enumeration as the counterpart to database "
+            warnMsg += "names on other DBMSes"
+            singleTimeWarnMessage(warnMsg)
+
         return kb.data.currentDb
 
     def getDbs(self):
@@ -76,20 +83,14 @@ def getDbs(self):
             warnMsg += "names will be fetched from 'mysql' database"
             logger.warn(warnMsg)
 
-        elif Backend.isDbms(DBMS.ORACLE):
-            warnMsg = "schema names are going to be used on Oracle "
+        elif Backend.getIdentifiedDbms() in (DBMS.ORACLE, DBMS.DB2, DBMS.PGSQL):
+            warnMsg = "schema names are going to be used on %s " % Backend.getIdentifiedDbms()
             warnMsg += "for enumeration as the counterpart to database "
             warnMsg += "names on other DBMSes"
             logger.warn(warnMsg)
 
             infoMsg = "fetching database (schema) names"
-        elif Backend.isDbms(DBMS.DB2):
-            warnMsg = "schema names are going to be used on IBM DB2 "
-            warnMsg += "for enumeration as the counterpart to database "
-            warnMsg += "names on other DBMSes"
-            logger.warn(warnMsg)
 
-            infoMsg = "fetching database (schema) names"
         else:
             infoMsg = "fetching database names"
 
diff --git a/xml/queries.xml b/xml/queries.xml
@@ -90,7 +90,7 @@
         <inference query="ASCII(SUBSTRING((%s)::text FROM %d FOR 1))>%d"/>
         <banner query="VERSION()"/>
         <current_user query="CURRENT_USER"/>
-        <current_db query="CURRENT_DATABASE()"/>
+        <current_db query="CURRENT_SCHEMA()"/>
         <hostname/>
         <is_dba query="(SELECT usesuper=true FROM pg_user WHERE usename=CURRENT_USER OFFSET 0 LIMIT 1)"/>
         <check_udf query="(SELECT proname='%s' FROM pg_proc WHERE proname='%s' OFFSET 0 LIMIT 1)"/>
@@ -108,8 +108,8 @@
         </privileges>
         <roles/>
         <dbs>
-            <inband query="SELECT datname FROM pg_database"/>
-            <blind query="SELECT DISTINCT(datname) FROM pg_database OFFSET %d LIMIT 1" count="SELECT COUNT(DISTINCT(datname)) FROM pg_database"/>
+            <inband query="SELECT schemaname FROM pg_tables"/>
+            <blind query="SELECT DISTINCT(schemaname) FROM pg_tables OFFSET %d LIMIT 1" count="SELECT COUNT(DISTINCT(schemaname)) FROM pg_tables"/>
         </dbs>
         <tables>
             <inband query="SELECT schemaname,tablename FROM pg_tables" condition="schemaname"/>
