2008-10-15 19:38:22 +04:00
|
|
|
#!/usr/bin/env python
|
|
|
|
|
|
|
|
"""
|
2008-10-15 19:56:32 +04:00
|
|
|
$Id$
|
2008-10-15 19:38:22 +04:00
|
|
|
|
2012-01-11 18:59:46 +04:00
|
|
|
Copyright (c) 2006-2012 sqlmap developers (http://www.sqlmap.org/)
|
2010-10-15 03:18:29 +04:00
|
|
|
See the file 'doc/COPYING' for copying permission
|
2008-10-15 19:38:22 +04:00
|
|
|
"""
|
|
|
|
|
2011-01-28 19:36:09 +03:00
|
|
|
from lib.core.common import Backend
|
2010-10-19 02:22:41 +04:00
|
|
|
from lib.core.common import popValue
|
|
|
|
from lib.core.common import pushValue
|
2008-10-15 19:38:22 +04:00
|
|
|
from lib.core.data import conf
|
|
|
|
from lib.core.data import kb
|
|
|
|
from lib.core.data import logger
|
2010-11-08 12:20:02 +03:00
|
|
|
from lib.core.enums import DBMS
|
2008-10-15 19:38:22 +04:00
|
|
|
from lib.core.settings import MSSQL_ALIASES
|
|
|
|
from lib.core.settings import MYSQL_ALIASES
|
|
|
|
from lib.core.settings import ORACLE_ALIASES
|
|
|
|
from lib.core.settings import PGSQL_ALIASES
|
2010-03-18 20:20:54 +03:00
|
|
|
from lib.core.settings import SQLITE_ALIASES
|
|
|
|
from lib.core.settings import ACCESS_ALIASES
|
|
|
|
from lib.core.settings import FIREBIRD_ALIASES
|
2010-08-30 17:29:19 +04:00
|
|
|
from lib.core.settings import MAXDB_ALIASES
|
2010-10-12 23:05:12 +04:00
|
|
|
from lib.core.settings import SYBASE_ALIASES
|
2011-06-25 13:44:24 +04:00
|
|
|
from lib.core.settings import DB2_ALIASES
|
2008-10-15 19:38:22 +04:00
|
|
|
|
|
|
|
from plugins.dbms.mssqlserver import MSSQLServerMap
|
2010-03-27 02:23:25 +03:00
|
|
|
from plugins.dbms.mssqlserver.connector import Connector as MSSQLServerConn
|
2008-10-15 19:38:22 +04:00
|
|
|
from plugins.dbms.mysql import MySQLMap
|
2010-03-27 02:23:25 +03:00
|
|
|
from plugins.dbms.mysql.connector import Connector as MySQLConn
|
2008-10-15 19:38:22 +04:00
|
|
|
from plugins.dbms.oracle import OracleMap
|
2010-03-27 02:23:25 +03:00
|
|
|
from plugins.dbms.oracle.connector import Connector as OracleConn
|
2008-10-15 19:38:22 +04:00
|
|
|
from plugins.dbms.postgresql import PostgreSQLMap
|
2010-03-27 02:23:25 +03:00
|
|
|
from plugins.dbms.postgresql.connector import Connector as PostgreSQLConn
|
2010-03-18 20:20:54 +03:00
|
|
|
from plugins.dbms.sqlite import SQLiteMap
|
2010-03-27 02:23:25 +03:00
|
|
|
from plugins.dbms.sqlite.connector import Connector as SQLiteConn
|
2010-03-18 20:20:54 +03:00
|
|
|
from plugins.dbms.access import AccessMap
|
2010-03-27 02:23:25 +03:00
|
|
|
from plugins.dbms.access.connector import Connector as AccessConn
|
2010-03-18 20:20:54 +03:00
|
|
|
from plugins.dbms.firebird import FirebirdMap
|
2010-03-27 02:23:25 +03:00
|
|
|
from plugins.dbms.firebird.connector import Connector as FirebirdConn
|
2010-08-30 17:29:19 +04:00
|
|
|
from plugins.dbms.maxdb import MaxDBMap
|
|
|
|
from plugins.dbms.maxdb.connector import Connector as MaxDBConn
|
2010-10-13 22:55:17 +04:00
|
|
|
from plugins.dbms.sybase import SybaseMap
|
|
|
|
from plugins.dbms.sybase.connector import Connector as SybaseConn
|
2011-06-25 13:44:24 +04:00
|
|
|
from plugins.dbms.db2 import DB2Map
|
|
|
|
from plugins.dbms.db2.connector import Connector as DB2Conn
|
2008-10-15 19:38:22 +04:00
|
|
|
|
|
|
|
def setHandler():
|
|
|
|
"""
|
|
|
|
Detect which is the target web application back-end database
|
|
|
|
management system.
|
|
|
|
"""
|
|
|
|
|
2011-04-30 17:20:05 +04:00
|
|
|
count = 0
|
2011-06-25 13:44:24 +04:00
|
|
|
dbmsNames = ( "MySQL", "Oracle", "PostgreSQL", "Microsoft SQL Server", "SQLite", "Microsoft Access", "Firebird", "SAP MaxDB", "Sybase", "IBM DB2" )
|
2011-04-30 17:20:05 +04:00
|
|
|
dbmsObj = [
|
2010-03-27 02:23:25 +03:00
|
|
|
( MYSQL_ALIASES, MySQLMap, MySQLConn ),
|
|
|
|
( ORACLE_ALIASES, OracleMap, OracleConn ),
|
|
|
|
( PGSQL_ALIASES, PostgreSQLMap, PostgreSQLConn ),
|
|
|
|
( MSSQL_ALIASES, MSSQLServerMap, MSSQLServerConn ),
|
|
|
|
( SQLITE_ALIASES, SQLiteMap, SQLiteConn ),
|
|
|
|
( ACCESS_ALIASES, AccessMap, AccessConn ),
|
|
|
|
( FIREBIRD_ALIASES, FirebirdMap, FirebirdConn ),
|
2010-08-30 17:29:19 +04:00
|
|
|
( MAXDB_ALIASES, MaxDBMap, MaxDBConn ),
|
2010-10-13 22:55:17 +04:00
|
|
|
( SYBASE_ALIASES, SybaseMap, SybaseConn ),
|
2011-06-25 13:44:24 +04:00
|
|
|
( DB2_ALIASES, DB2Map, DB2Conn )
|
2010-10-19 01:47:11 +04:00
|
|
|
]
|
|
|
|
|
2011-01-28 19:36:09 +03:00
|
|
|
if Backend.getIdentifiedDbms() is not None:
|
2010-12-01 01:40:25 +03:00
|
|
|
for i in xrange(len(dbmsObj)):
|
|
|
|
dbmsAliases, _, _ = dbmsObj[i]
|
2010-11-29 00:27:47 +03:00
|
|
|
|
2011-01-28 19:36:09 +03:00
|
|
|
if Backend.getIdentifiedDbms().lower() in dbmsAliases:
|
2010-10-19 01:47:11 +04:00
|
|
|
if i > 0:
|
2010-12-01 01:40:25 +03:00
|
|
|
pushValue(dbmsObj[i])
|
|
|
|
dbmsObj.remove(dbmsObj[i])
|
|
|
|
dbmsObj.insert(0, popValue())
|
2010-10-19 01:47:11 +04:00
|
|
|
|
2010-11-29 00:27:47 +03:00
|
|
|
break
|
2008-10-15 19:38:22 +04:00
|
|
|
|
2010-12-01 01:40:25 +03:00
|
|
|
for dbmsAliases, dbmsMap, dbmsConn in dbmsObj:
|
2008-10-15 19:38:22 +04:00
|
|
|
if conf.dbms and conf.dbms not in dbmsAliases:
|
2011-04-30 17:20:05 +04:00
|
|
|
debugMsg = "skipping test for %s" % dbmsNames[count]
|
2008-10-15 19:38:22 +04:00
|
|
|
logger.debug(debugMsg)
|
2009-04-22 15:48:07 +04:00
|
|
|
|
2008-10-15 19:38:22 +04:00
|
|
|
count += 1
|
2009-04-22 15:48:07 +04:00
|
|
|
|
2008-10-15 19:38:22 +04:00
|
|
|
continue
|
|
|
|
|
2010-12-03 19:11:13 +03:00
|
|
|
handler = dbmsMap()
|
2010-03-27 02:23:25 +03:00
|
|
|
conf.dbmsConnector = dbmsConn()
|
2010-10-20 13:54:17 +04:00
|
|
|
|
2010-03-30 17:23:20 +04:00
|
|
|
if conf.direct:
|
2010-03-31 14:50:47 +04:00
|
|
|
logger.debug("forcing timeout to 10 seconds")
|
|
|
|
conf.timeout = 10
|
|
|
|
|
2010-03-30 17:23:20 +04:00
|
|
|
conf.dbmsConnector.connect()
|
2008-10-15 19:38:22 +04:00
|
|
|
|
2010-03-21 03:39:44 +03:00
|
|
|
if handler.checkDbms():
|
2011-01-14 15:47:07 +03:00
|
|
|
conf.dbmsHandler = handler
|
2008-10-15 19:38:22 +04:00
|
|
|
|
2011-01-14 15:47:07 +03:00
|
|
|
break
|
2010-03-27 02:23:25 +03:00
|
|
|
else:
|
|
|
|
conf.dbmsConnector = None
|
2011-01-14 14:55:20 +03:00
|
|
|
|
2011-01-20 02:06:15 +03:00
|
|
|
# At this point back-end DBMS is correctly fingerprinted, no need
|
|
|
|
# to enforce it anymore
|
2011-01-28 19:36:09 +03:00
|
|
|
Backend.flushForcedDbms()
|