File tree Expand file tree Collapse file tree
Expand file tree Collapse file tree Original file line number Diff line number Diff line change @@ -266,7 +266,7 @@ def runCase(switches=None, parse=None):
266266 tback = traceback .format_exc ()
267267 retVal = False
268268 elif result is False : # if None, ignore
269- logger .error ("the test did not run " )
269+ logger .error ("the test did not identify the SQL injection " )
270270 retVal = False
271271
272272 console = getUnicode (console , system = True )
Original file line number Diff line number Diff line change @@ -79,9 +79,6 @@ def getRoles(self, query2=False):
7979 # In Oracle we get the list of roles as string
8080 roles .add (role )
8181
82- if isAdminFromPrivileges (roles ):
83- areAdmins .add (user )
84-
8582 if user in kb .data .cachedUsersRoles :
8683 kb .data .cachedUsersRoles [user ] = list (roles .union (kb .data .cachedUsersRoles [user ]))
8784 else :
@@ -162,4 +159,8 @@ def getRoles(self, query2=False):
162159 errMsg += "for the database users"
163160 raise SqlmapNoneDataException (errMsg )
164161
162+ for user , privileges in kb .data .cachedUsersRoles .items ():
163+ if isAdminFromPrivileges (privileges ):
164+ areAdmins .add (user )
165+
165166 return kb .data .cachedUsersRoles , areAdmins
Original file line number Diff line number Diff line change 736736 <item value =" current user is DBA: True"
737737 <item value =" r'database management system users \[.+DB2INST1'"
738738 <item value =" r'database management system users privileges:.+DB2INST1.+privilege: DB2INST1.USERS.+privilege: SYSTOOLS.POLICY'"
739- <item value =" r'database management system users roles:.+DB2INST1.+privilege : DB2INST1.USERS.+privilege : SYSTOOLS.POLICY'"
739+ <item value =" r'database management system users roles:.+DB2INST1.+role : DB2INST1.USERS.+role : SYSTOOLS.POLICY'"
740740 <item value =" r'available databases \[.+DB2INST1.+SYSIBM.+SYSTOOLS'"
741741 <item value =" r'Database: DB2INST1.+1 table.+USERS'"
742742 <item value =" r'Database: DB2INST1.+Table: USERS.+3 columns.+SURNAME.+VARCHAR\(1000\)'"
10071007 <excludeSysDbs value =" True"
10081008 </switches >
10091009 <parse >
1010- <item value =" r'Database: SYS .+Table: USERS.+3 columns.+SURNAME.+VARCHAR2 '"
1010+ <item value =" r'Database: HR .+Table: JOBS.+4 columns.+MIN_SALARY.+NUMBER '"
10111011 <item value =" r'Database: SYS.+Table: USERS.+3 entries.+fluffy.+bunny.+wu.+ming'"
10121012 </parse >
10131013 </case >
10251025 <excludeSysDbs value =" True"
10261026 </switches >
10271027 <parse >
1028- <item value =" r'Database: SYS .+Table: USERS.+3 columns.+SURNAME.+VARCHAR2 '"
1028+ <item value =" r'Database: HR .+Table: JOBS.+4 columns.+MIN_SALARY.+NUMBER '"
10291029 <item value =" r'Database: SYS.+Table: USERS.+3 entries.+fluffy.+bunny.+wu.+ming'"
10301030 </parse >
10311031 </case >
20982098 <level value =" 3"
20992099 </switches >
21002100 <parse >
2101- <item value =" MySQL boolean-based blind - WHERE, HAVING, ORDER BY or GROUP BY clause (RLIKE)"
2101+ <item value =" Title: MySQL boolean-based blind - WHERE, HAVING, ORDER BY or GROUP BY clause (RLIKE)"
21022102 </parse >
21032103 </case >
21042104 <case name =" International data"
You can’t perform that action at this time.
0 commit comments