2019-05-08 13:47:52 +03:00
|
|
|
#!/usr/bin/env python
|
2010-10-13 22:55:17 +04:00
|
|
|
|
|
|
|
"""
|
2021-09-08 22:01:41 +03:00
|
|
|
Copyright (c) 2006-2021 sqlmap developers (https://sqlmap.org/)
|
2017-10-11 15:50:46 +03:00
|
|
|
See the file 'LICENSE' for copying permission
|
2010-10-13 22:55:17 +04:00
|
|
|
"""
|
|
|
|
|
2019-11-04 14:53:29 +03:00
|
|
|
import re
|
|
|
|
|
2011-08-09 18:20:25 +04:00
|
|
|
from lib.core.common import filterPairValues
|
2019-05-06 12:41:19 +03:00
|
|
|
from lib.core.common import isListLike
|
2011-02-19 21:04:27 +03:00
|
|
|
from lib.core.common import isTechniqueAvailable
|
2015-12-29 15:19:25 +03:00
|
|
|
from lib.core.common import readInput
|
2011-05-01 02:11:36 +04:00
|
|
|
from lib.core.common import safeSQLIdentificatorNaming
|
2014-12-14 01:37:04 +03:00
|
|
|
from lib.core.common import unArrayizeValue
|
2011-05-01 02:11:36 +04:00
|
|
|
from lib.core.common import unsafeSQLIdentificatorNaming
|
2011-02-19 21:04:27 +03:00
|
|
|
from lib.core.data import conf
|
|
|
|
from lib.core.data import kb
|
|
|
|
from lib.core.data import logger
|
2015-12-29 15:19:25 +03:00
|
|
|
from lib.core.data import paths
|
2011-02-19 21:04:27 +03:00
|
|
|
from lib.core.data import queries
|
2012-08-21 13:30:01 +04:00
|
|
|
from lib.core.dicts import SYBASE_TYPES
|
2016-12-21 12:33:35 +03:00
|
|
|
from lib.core.enums import DBMS
|
2011-02-19 21:04:27 +03:00
|
|
|
from lib.core.enums import PAYLOAD
|
2012-12-06 17:14:19 +04:00
|
|
|
from lib.core.exception import SqlmapMissingMandatoryOptionException
|
|
|
|
from lib.core.exception import SqlmapNoneDataException
|
2015-12-29 15:19:25 +03:00
|
|
|
from lib.core.exception import SqlmapUserQuitException
|
2012-02-16 18:42:28 +04:00
|
|
|
from lib.core.settings import CURRENT_DB
|
2017-04-18 14:53:41 +03:00
|
|
|
from lib.utils.brute import columnExists
|
2012-09-10 21:23:24 +04:00
|
|
|
from lib.utils.pivotdumptable import pivotDumpTable
|
2010-10-13 22:55:17 +04:00
|
|
|
from plugins.generic.enumeration import Enumeration as GenericEnumeration
|
2019-03-28 15:53:54 +03:00
|
|
|
from thirdparty import six
|
2019-05-03 00:51:54 +03:00
|
|
|
from thirdparty.six.moves import zip as _zip
|
2010-10-13 22:55:17 +04:00
|
|
|
|
|
|
|
class Enumeration(GenericEnumeration):
|
2011-02-19 21:04:27 +03:00
|
|
|
def getUsers(self):
|
|
|
|
infoMsg = "fetching database users"
|
|
|
|
logger.info(infoMsg)
|
|
|
|
|
2016-12-21 12:33:35 +03:00
|
|
|
rootQuery = queries[DBMS.SYBASE].users
|
2011-02-19 21:04:27 +03:00
|
|
|
|
|
|
|
query = rootQuery.inband.query
|
|
|
|
|
2012-12-05 13:45:17 +04:00
|
|
|
if any(isTechniqueAvailable(_) for _ in (PAYLOAD.TECHNIQUE.UNION, PAYLOAD.TECHNIQUE.ERROR, PAYLOAD.TECHNIQUE.QUERY)) or conf.direct:
|
2012-07-03 22:15:17 +04:00
|
|
|
blinds = (False, True)
|
2011-02-19 21:04:27 +03:00
|
|
|
else:
|
2012-07-03 22:15:17 +04:00
|
|
|
blinds = (True,)
|
2011-02-19 21:04:27 +03:00
|
|
|
|
|
|
|
for blind in blinds:
|
2018-09-22 00:06:45 +03:00
|
|
|
retVal = pivotDumpTable("(%s) AS %s" % (query, kb.aliasName), ['%s.name' % kb.aliasName], blind=blind, alias=kb.aliasName)
|
2011-02-19 21:04:27 +03:00
|
|
|
|
|
|
|
if retVal:
|
2019-05-06 12:41:19 +03:00
|
|
|
kb.data.cachedUsers = list(retVal[0].values())[0]
|
2011-02-19 21:04:27 +03:00
|
|
|
break
|
|
|
|
|
|
|
|
return kb.data.cachedUsers
|
|
|
|
|
2019-05-30 23:55:54 +03:00
|
|
|
def getPrivileges(self, *args, **kwargs):
|
2011-05-01 02:11:36 +04:00
|
|
|
warnMsg = "on Sybase it is not possible to fetch "
|
|
|
|
warnMsg += "database users privileges, sqlmap will check whether "
|
|
|
|
warnMsg += "or not the database users are database administrators"
|
|
|
|
logger.warn(warnMsg)
|
2011-04-29 04:02:28 +04:00
|
|
|
|
2011-05-01 02:11:36 +04:00
|
|
|
users = []
|
|
|
|
areAdmins = set()
|
2011-02-21 01:45:23 +03:00
|
|
|
|
2011-05-01 02:11:36 +04:00
|
|
|
if conf.user:
|
2013-01-10 14:54:07 +04:00
|
|
|
users = [conf.user]
|
2011-05-01 02:11:36 +04:00
|
|
|
elif not len(kb.data.cachedUsers):
|
|
|
|
users = self.getUsers()
|
|
|
|
else:
|
|
|
|
users = kb.data.cachedUsers
|
2011-02-19 21:04:27 +03:00
|
|
|
|
2011-05-01 02:11:36 +04:00
|
|
|
for user in users:
|
2014-12-14 01:37:04 +03:00
|
|
|
user = unArrayizeValue(user)
|
|
|
|
|
2011-05-01 02:11:36 +04:00
|
|
|
if user is None:
|
|
|
|
continue
|
2011-02-19 21:04:27 +03:00
|
|
|
|
2011-05-01 02:11:36 +04:00
|
|
|
isDba = self.isDba(user)
|
2011-02-19 21:04:27 +03:00
|
|
|
|
2011-05-01 02:11:36 +04:00
|
|
|
if isDba is True:
|
|
|
|
areAdmins.add(user)
|
|
|
|
|
|
|
|
kb.data.cachedUsersPrivileges[user] = None
|
|
|
|
|
2013-01-09 18:38:41 +04:00
|
|
|
return (kb.data.cachedUsersPrivileges, areAdmins)
|
2011-02-19 21:04:27 +03:00
|
|
|
|
2011-05-01 02:11:36 +04:00
|
|
|
def getDbs(self):
|
|
|
|
if len(kb.data.cachedDbs) > 0:
|
|
|
|
return kb.data.cachedDbs
|
|
|
|
|
|
|
|
infoMsg = "fetching database names"
|
2011-02-19 21:04:27 +03:00
|
|
|
logger.info(infoMsg)
|
|
|
|
|
2016-12-21 12:33:35 +03:00
|
|
|
rootQuery = queries[DBMS.SYBASE].dbs
|
2011-05-01 02:11:36 +04:00
|
|
|
query = rootQuery.inband.query
|
|
|
|
|
2012-12-05 13:45:17 +04:00
|
|
|
if any(isTechniqueAvailable(_) for _ in (PAYLOAD.TECHNIQUE.UNION, PAYLOAD.TECHNIQUE.ERROR, PAYLOAD.TECHNIQUE.QUERY)) or conf.direct:
|
2011-02-19 21:04:27 +03:00
|
|
|
blinds = [False, True]
|
|
|
|
else:
|
|
|
|
blinds = [True]
|
|
|
|
|
|
|
|
for blind in blinds:
|
2018-09-22 00:06:45 +03:00
|
|
|
retVal = pivotDumpTable("(%s) AS %s" % (query, kb.aliasName), ['%s.name' % kb.aliasName], blind=blind, alias=kb.aliasName)
|
2011-02-19 21:04:27 +03:00
|
|
|
|
|
|
|
if retVal:
|
2019-05-28 15:02:44 +03:00
|
|
|
kb.data.cachedDbs = next(six.itervalues(retVal[0]))
|
2011-02-19 21:04:27 +03:00
|
|
|
break
|
|
|
|
|
2011-10-28 17:16:22 +04:00
|
|
|
if kb.data.cachedDbs:
|
|
|
|
kb.data.cachedDbs.sort()
|
|
|
|
|
2011-05-01 02:11:36 +04:00
|
|
|
return kb.data.cachedDbs
|
2011-02-19 21:36:26 +03:00
|
|
|
|
|
|
|
def getTables(self, bruteForce=None):
|
2011-05-01 02:11:36 +04:00
|
|
|
if len(kb.data.cachedTables) > 0:
|
|
|
|
return kb.data.cachedTables
|
2011-02-19 21:36:26 +03:00
|
|
|
|
2011-05-01 02:11:36 +04:00
|
|
|
self.forceDbmsEnum()
|
2011-02-19 21:36:26 +03:00
|
|
|
|
2012-02-16 18:42:28 +04:00
|
|
|
if conf.db == CURRENT_DB:
|
2011-05-01 02:11:36 +04:00
|
|
|
conf.db = self.getCurrentDb()
|
2011-02-19 21:36:26 +03:00
|
|
|
|
|
|
|
if conf.db:
|
2017-04-18 16:56:24 +03:00
|
|
|
dbs = conf.db.split(',')
|
2011-02-19 21:36:26 +03:00
|
|
|
else:
|
2011-05-01 02:11:36 +04:00
|
|
|
dbs = self.getDbs()
|
|
|
|
|
|
|
|
for db in dbs:
|
|
|
|
dbs[dbs.index(db)] = safeSQLIdentificatorNaming(db)
|
|
|
|
|
2019-01-22 05:14:23 +03:00
|
|
|
dbs = [_ for _ in dbs if _]
|
2011-07-30 17:01:37 +04:00
|
|
|
|
2011-05-01 02:11:36 +04:00
|
|
|
infoMsg = "fetching tables for database"
|
2019-03-28 15:53:54 +03:00
|
|
|
infoMsg += "%s: %s" % ("s" if len(dbs) > 1 else "", ", ".join(db if isinstance(db, six.string_types) else db[0] for db in sorted(dbs)))
|
2011-05-01 02:11:36 +04:00
|
|
|
logger.info(infoMsg)
|
2011-02-19 21:36:26 +03:00
|
|
|
|
2012-12-05 13:45:17 +04:00
|
|
|
if any(isTechniqueAvailable(_) for _ in (PAYLOAD.TECHNIQUE.UNION, PAYLOAD.TECHNIQUE.ERROR, PAYLOAD.TECHNIQUE.QUERY)) or conf.direct:
|
2011-02-19 21:36:26 +03:00
|
|
|
blinds = [False, True]
|
|
|
|
else:
|
|
|
|
blinds = [True]
|
|
|
|
|
2016-12-21 12:33:35 +03:00
|
|
|
rootQuery = queries[DBMS.SYBASE].tables
|
2011-05-09 20:09:18 +04:00
|
|
|
|
2011-02-19 21:36:26 +03:00
|
|
|
for db in dbs:
|
|
|
|
for blind in blinds:
|
|
|
|
query = rootQuery.inband.query % db
|
2018-09-22 00:06:45 +03:00
|
|
|
retVal = pivotDumpTable("(%s) AS %s" % (query, kb.aliasName), ['%s.name' % kb.aliasName], blind=blind, alias=kb.aliasName)
|
2011-02-19 21:36:26 +03:00
|
|
|
|
|
|
|
if retVal:
|
2019-05-28 15:02:44 +03:00
|
|
|
for table in next(six.itervalues(retVal[0])):
|
2013-01-04 02:28:07 +04:00
|
|
|
if db not in kb.data.cachedTables:
|
2011-02-19 21:36:26 +03:00
|
|
|
kb.data.cachedTables[db] = [table]
|
|
|
|
else:
|
|
|
|
kb.data.cachedTables[db].append(table)
|
|
|
|
break
|
|
|
|
|
2011-10-28 17:07:23 +04:00
|
|
|
for db, tables in kb.data.cachedTables.items():
|
|
|
|
kb.data.cachedTables[db] = sorted(tables) if tables else tables
|
|
|
|
|
2011-02-19 21:36:26 +03:00
|
|
|
return kb.data.cachedTables
|
|
|
|
|
2015-12-29 15:19:25 +03:00
|
|
|
def getColumns(self, onlyColNames=False, colTuple=None, bruteForce=None, dumpMode=False):
|
2011-05-01 02:11:36 +04:00
|
|
|
self.forceDbmsEnum()
|
2011-02-19 21:36:26 +03:00
|
|
|
|
2012-02-16 18:42:28 +04:00
|
|
|
if conf.db is None or conf.db == CURRENT_DB:
|
2011-05-01 02:11:36 +04:00
|
|
|
if conf.db is None:
|
2012-10-04 20:28:36 +04:00
|
|
|
warnMsg = "missing database parameter. sqlmap is going "
|
2011-05-01 02:11:36 +04:00
|
|
|
warnMsg += "to use the current database to enumerate "
|
|
|
|
warnMsg += "table(s) columns"
|
|
|
|
logger.warn(warnMsg)
|
2011-02-19 21:36:26 +03:00
|
|
|
|
2011-05-01 02:11:36 +04:00
|
|
|
conf.db = self.getCurrentDb()
|
|
|
|
|
|
|
|
elif conf.db is not None:
|
2018-03-13 15:45:42 +03:00
|
|
|
if ',' in conf.db:
|
2011-05-01 02:11:36 +04:00
|
|
|
errMsg = "only one database name is allowed when enumerating "
|
|
|
|
errMsg += "the tables' columns"
|
2013-01-04 02:20:55 +04:00
|
|
|
raise SqlmapMissingMandatoryOptionException(errMsg)
|
2011-05-01 02:11:36 +04:00
|
|
|
|
|
|
|
conf.db = safeSQLIdentificatorNaming(conf.db)
|
|
|
|
|
2011-06-15 22:49:35 +04:00
|
|
|
if conf.col:
|
2017-04-18 16:56:24 +03:00
|
|
|
colList = conf.col.split(',')
|
2011-06-15 22:49:35 +04:00
|
|
|
else:
|
|
|
|
colList = []
|
|
|
|
|
2018-02-13 17:53:50 +03:00
|
|
|
if conf.exclude:
|
2019-11-04 14:53:29 +03:00
|
|
|
colList = [_ for _ in colList if re.search(conf.exclude, _, re.I) is None]
|
2014-01-13 13:05:49 +04:00
|
|
|
|
2011-06-15 22:49:35 +04:00
|
|
|
for col in colList:
|
|
|
|
colList[colList.index(col)] = safeSQLIdentificatorNaming(col)
|
|
|
|
|
2011-05-01 02:11:36 +04:00
|
|
|
if conf.tbl:
|
2017-04-18 16:56:24 +03:00
|
|
|
tblList = conf.tbl.split(',')
|
2011-05-01 02:11:36 +04:00
|
|
|
else:
|
|
|
|
self.getTables()
|
|
|
|
|
|
|
|
if len(kb.data.cachedTables) > 0:
|
2019-05-15 11:30:47 +03:00
|
|
|
tblList = list(six.itervalues(kb.data.cachedTables))
|
2011-05-01 02:11:36 +04:00
|
|
|
|
2019-05-15 11:30:47 +03:00
|
|
|
if tblList and isListLike(tblList[0]):
|
2011-05-01 02:11:36 +04:00
|
|
|
tblList = tblList[0]
|
|
|
|
else:
|
2012-02-01 13:17:38 +04:00
|
|
|
errMsg = "unable to retrieve the tables "
|
2012-03-01 15:52:30 +04:00
|
|
|
errMsg += "on database '%s'" % unsafeSQLIdentificatorNaming(conf.db)
|
2013-01-04 02:20:55 +04:00
|
|
|
raise SqlmapNoneDataException(errMsg)
|
2011-05-01 02:11:36 +04:00
|
|
|
|
|
|
|
for tbl in tblList:
|
2018-09-22 00:25:25 +03:00
|
|
|
tblList[tblList.index(tbl)] = safeSQLIdentificatorNaming(tbl, True)
|
2011-05-01 02:11:36 +04:00
|
|
|
|
2015-12-29 15:19:25 +03:00
|
|
|
if bruteForce:
|
|
|
|
resumeAvailable = False
|
|
|
|
|
|
|
|
for tbl in tblList:
|
|
|
|
for db, table, colName, colType in kb.brute.columns:
|
|
|
|
if db == conf.db and table == tbl:
|
|
|
|
resumeAvailable = True
|
|
|
|
break
|
|
|
|
|
|
|
|
if resumeAvailable and not conf.freshQueries or colList:
|
|
|
|
columns = {}
|
|
|
|
|
|
|
|
for column in colList:
|
|
|
|
columns[column] = None
|
|
|
|
|
|
|
|
for tbl in tblList:
|
|
|
|
for db, table, colName, colType in kb.brute.columns:
|
|
|
|
if db == conf.db and table == tbl:
|
|
|
|
columns[colName] = colType
|
|
|
|
|
|
|
|
if conf.db in kb.data.cachedColumns:
|
|
|
|
kb.data.cachedColumns[safeSQLIdentificatorNaming(conf.db)][safeSQLIdentificatorNaming(tbl, True)] = columns
|
|
|
|
else:
|
|
|
|
kb.data.cachedColumns[safeSQLIdentificatorNaming(conf.db)] = {safeSQLIdentificatorNaming(tbl, True): columns}
|
|
|
|
|
|
|
|
return kb.data.cachedColumns
|
|
|
|
|
|
|
|
message = "do you want to use common column existence check? [y/N/q] "
|
2017-04-19 15:46:27 +03:00
|
|
|
choice = readInput(message, default='Y' if 'Y' in message else 'N').upper()
|
2015-12-29 15:19:25 +03:00
|
|
|
|
2017-04-18 16:48:05 +03:00
|
|
|
if choice == 'N':
|
2015-12-29 15:19:25 +03:00
|
|
|
return
|
2017-04-18 16:48:05 +03:00
|
|
|
elif choice == 'Q':
|
2015-12-29 15:19:25 +03:00
|
|
|
raise SqlmapUserQuitException
|
|
|
|
else:
|
|
|
|
return columnExists(paths.COMMON_COLUMNS)
|
|
|
|
|
2016-12-21 12:33:35 +03:00
|
|
|
rootQuery = queries[DBMS.SYBASE].columns
|
2011-02-19 21:36:26 +03:00
|
|
|
|
2012-12-05 13:45:17 +04:00
|
|
|
if any(isTechniqueAvailable(_) for _ in (PAYLOAD.TECHNIQUE.UNION, PAYLOAD.TECHNIQUE.ERROR, PAYLOAD.TECHNIQUE.QUERY)) or conf.direct:
|
2011-02-19 21:36:26 +03:00
|
|
|
blinds = [False, True]
|
|
|
|
else:
|
|
|
|
blinds = [True]
|
|
|
|
|
2011-05-01 02:11:36 +04:00
|
|
|
for tbl in tblList:
|
|
|
|
if conf.db is not None and len(kb.data.cachedColumns) > 0 \
|
|
|
|
and conf.db in kb.data.cachedColumns and tbl in \
|
|
|
|
kb.data.cachedColumns[conf.db]:
|
|
|
|
infoMsg = "fetched tables' columns on "
|
2012-03-01 15:52:30 +04:00
|
|
|
infoMsg += "database '%s'" % unsafeSQLIdentificatorNaming(conf.db)
|
2011-05-01 02:11:36 +04:00
|
|
|
logger.info(infoMsg)
|
2011-02-20 19:28:48 +03:00
|
|
|
|
2012-07-13 14:22:37 +04:00
|
|
|
return {conf.db: kb.data.cachedColumns[conf.db]}
|
2011-02-20 19:28:48 +03:00
|
|
|
|
2015-12-29 15:19:25 +03:00
|
|
|
if dumpMode and colList:
|
2011-06-15 22:49:35 +04:00
|
|
|
table = {}
|
2018-09-22 00:25:25 +03:00
|
|
|
table[safeSQLIdentificatorNaming(tbl, True)] = dict((_, None) for _ in colList)
|
2011-06-16 17:41:02 +04:00
|
|
|
kb.data.cachedColumns[safeSQLIdentificatorNaming(conf.db)] = table
|
2011-06-15 22:49:35 +04:00
|
|
|
continue
|
|
|
|
|
2011-05-01 02:11:36 +04:00
|
|
|
infoMsg = "fetching columns "
|
2012-03-01 15:52:30 +04:00
|
|
|
infoMsg += "for table '%s' " % unsafeSQLIdentificatorNaming(tbl)
|
|
|
|
infoMsg += "on database '%s'" % unsafeSQLIdentificatorNaming(conf.db)
|
2011-05-01 02:11:36 +04:00
|
|
|
logger.info(infoMsg)
|
2011-02-20 19:28:48 +03:00
|
|
|
|
2011-05-01 02:11:36 +04:00
|
|
|
for blind in blinds:
|
|
|
|
query = rootQuery.inband.query % (conf.db, conf.db, conf.db, conf.db, conf.db, conf.db, conf.db, unsafeSQLIdentificatorNaming(tbl))
|
2018-09-22 00:06:45 +03:00
|
|
|
retVal = pivotDumpTable("(%s) AS %s" % (query, kb.aliasName), ['%s.name' % kb.aliasName, '%s.usertype' % kb.aliasName], blind=blind, alias=kb.aliasName)
|
2011-02-20 19:28:48 +03:00
|
|
|
|
2011-05-01 02:11:36 +04:00
|
|
|
if retVal:
|
|
|
|
table = {}
|
|
|
|
columns = {}
|
2011-02-20 19:28:48 +03:00
|
|
|
|
2019-05-03 00:51:54 +03:00
|
|
|
for name, type_ in filterPairValues(_zip(retVal[0]["%s.name" % kb.aliasName], retVal[0]["%s.usertype" % kb.aliasName])):
|
2019-03-28 15:53:54 +03:00
|
|
|
columns[name] = SYBASE_TYPES.get(int(type_) if hasattr(type_, "isdigit") and type_.isdigit() else type_, type_)
|
2011-02-20 19:28:48 +03:00
|
|
|
|
2018-09-22 00:25:25 +03:00
|
|
|
table[safeSQLIdentificatorNaming(tbl, True)] = columns
|
2011-06-16 17:41:02 +04:00
|
|
|
kb.data.cachedColumns[safeSQLIdentificatorNaming(conf.db)] = table
|
2011-02-20 19:28:48 +03:00
|
|
|
|
2011-05-01 02:11:36 +04:00
|
|
|
break
|
2011-02-20 19:28:48 +03:00
|
|
|
|
2011-05-01 02:11:36 +04:00
|
|
|
return kb.data.cachedColumns
|
2011-02-20 19:28:48 +03:00
|
|
|
|
|
|
|
def searchDb(self):
|
|
|
|
warnMsg = "on Sybase searching of databases is not implemented"
|
|
|
|
logger.warn(warnMsg)
|
|
|
|
|
|
|
|
return []
|
|
|
|
|
|
|
|
def searchTable(self):
|
|
|
|
warnMsg = "on Sybase searching of tables is not implemented"
|
|
|
|
logger.warn(warnMsg)
|
|
|
|
|
|
|
|
return []
|
|
|
|
|
|
|
|
def searchColumn(self):
|
|
|
|
warnMsg = "on Sybase searching of columns is not implemented"
|
|
|
|
logger.warn(warnMsg)
|
|
|
|
|
|
|
|
return []
|
2012-03-08 19:51:30 +04:00
|
|
|
|
|
|
|
def search(self):
|
|
|
|
warnMsg = "on Sybase search option is not available"
|
|
|
|
logger.warn(warnMsg)
|
2012-10-14 19:53:55 +04:00
|
|
|
|
|
|
|
def getHostname(self):
|
|
|
|
warnMsg = "on Sybase it is not possible to enumerate the hostname"
|
|
|
|
logger.warn(warnMsg)
|
2019-05-29 16:52:33 +03:00
|
|
|
|
|
|
|
def getStatements(self):
|
|
|
|
warnMsg = "on Sybase it is not possible to enumerate the SQL statements"
|
|
|
|
logger.warn(warnMsg)
|
|
|
|
|
|
|
|
return []
|