sqlmap/plugins/dbms/maxdb/enumeration.py

175 lines
6.1 KiB
Python
Raw Normal View History

#!/usr/bin/env python
"""
$Id$
2012-01-11 18:59:46 +04:00
Copyright (c) 2006-2012 sqlmap developers (http://www.sqlmap.org/)
2010-10-15 03:18:29 +04:00
See the file 'doc/COPYING' for copying permission
"""
2011-02-21 01:07:12 +03:00
from lib.core.common import Backend
from lib.core.common import isTechniqueAvailable
from lib.core.common import randomStr
from lib.core.common import safeSQLIdentificatorNaming
from lib.core.common import unsafeSQLIdentificatorNaming
2011-02-21 01:07:12 +03:00
from lib.core.data import conf
from lib.core.data import kb
from lib.core.data import logger
2011-02-21 01:07:12 +03:00
from lib.core.data import queries
from lib.core.enums import PAYLOAD
2011-02-21 01:45:23 +03:00
from lib.core.exception import sqlmapMissingMandatoryOptionException
from lib.core.exception import sqlmapNoneDataException
from plugins.generic.enumeration import Enumeration as GenericEnumeration
class Enumeration(GenericEnumeration):
def __init__(self):
GenericEnumeration.__init__(self)
kb.data.processChar = lambda x: x.replace('_', ' ') if x else x
def getPasswordHashes(self):
warnMsg = "on SAP MaxDB it is not possible to enumerate the user password hashes"
logger.warn(warnMsg)
return {}
def getDbs(self):
if len(kb.data.cachedDbs) > 0:
return kb.data.cachedDbs
2011-02-21 01:07:12 +03:00
infoMsg = "fetching database names"
2011-02-21 01:07:12 +03:00
logger.info(infoMsg)
rootQuery = queries[Backend.getIdentifiedDbms()].dbs
2011-02-21 01:41:42 +03:00
randStr = randomStr()
query = rootQuery.inband.query
retVal = self.__pivotDumpTable("(%s) AS %s" % (query, randStr), ['%s.schemaname' % randStr], blind=True)
2011-02-21 01:41:42 +03:00
if retVal:
kb.data.cachedDbs = retVal[0].values()[0]
2011-02-21 01:41:42 +03:00
2011-10-28 17:16:22 +04:00
if kb.data.cachedDbs:
kb.data.cachedDbs.sort()
return kb.data.cachedDbs
2011-02-21 01:41:42 +03:00
def getTables(self, bruteForce=None):
if len(kb.data.cachedTables) > 0:
return kb.data.cachedTables
2011-02-21 01:41:42 +03:00
self.forceDbmsEnum()
if conf.db == "CD":
conf.db = self.getCurrentDb()
2011-02-21 01:41:42 +03:00
if conf.db:
dbs = conf.db.split(",")
else:
dbs = self.getDbs()
for db in filter(None, dbs):
dbs[dbs.index(db)] = safeSQLIdentificatorNaming(db)
infoMsg = "fetching tables for database"
2012-01-14 01:46:21 +04:00
infoMsg += "%s: %s" % ("s" if len(dbs) > 1 else "", ", ".join(db if isinstance(db, basestring) else db[0] for db in sorted(dbs)))
2011-02-21 01:41:42 +03:00
logger.info(infoMsg)
rootQuery = queries[Backend.getIdentifiedDbms()].tables
for db in dbs:
2012-01-14 01:55:39 +04:00
if isinstance(db, (tuple, list)):
db = db[0] if db else ""
2012-01-14 01:46:21 +04:00
2011-02-21 01:07:12 +03:00
randStr = randomStr()
2011-02-21 01:41:42 +03:00
query = rootQuery.inband.query % (("'%s'" % db) if db != "USER" else 'USER')
retVal = self.__pivotDumpTable("(%s) AS %s" % (query, randStr), ['%s.tablename' % randStr], blind=True)
2011-02-21 01:07:12 +03:00
if retVal:
2011-02-21 01:41:42 +03:00
for table in retVal[0].values()[0]:
if not kb.data.cachedTables.has_key(db):
kb.data.cachedTables[db] = [table]
else:
kb.data.cachedTables[db].append(table)
2011-02-21 01:07:12 +03:00
2011-10-28 17:07:23 +04:00
for db, tables in kb.data.cachedTables.items():
kb.data.cachedTables[db] = sorted(tables) if tables else tables
2011-02-21 01:41:42 +03:00
return kb.data.cachedTables
2011-02-21 01:07:12 +03:00
def getColumns(self, onlyColNames=False):
self.forceDbmsEnum()
2011-02-21 01:07:12 +03:00
if conf.db is None or conf.db == "CD":
if conf.db is None:
warnMsg = "missing database parameter, sqlmap is going "
warnMsg += "to use the current database to enumerate "
warnMsg += "table(s) columns"
logger.warn(warnMsg)
2011-02-21 01:07:12 +03:00
conf.db = self.getCurrentDb()
2011-02-21 01:41:42 +03:00
elif conf.db is not None:
if ',' in conf.db:
errMsg = "only one database name is allowed when enumerating "
errMsg += "the tables' columns"
raise sqlmapMissingMandatoryOptionException, errMsg
2011-02-21 01:41:42 +03:00
conf.db = safeSQLIdentificatorNaming(conf.db)
2011-02-21 01:41:42 +03:00
if conf.tbl:
tblList = conf.tbl.split(",")
else:
self.getTables()
if len(kb.data.cachedTables) > 0:
tblList = kb.data.cachedTables.values()
if isinstance(tblList[0], (set, tuple, list)):
tblList = tblList[0]
else:
errMsg = "unable to retrieve the tables"
errMsg += "on database '%s'" % conf.db
raise sqlmapNoneDataException, errMsg
for tbl in tblList:
2011-06-16 17:41:02 +04:00
tblList[tblList.index(tbl)] = safeSQLIdentificatorNaming(tbl, True)
rootQuery = queries[Backend.getIdentifiedDbms()].columns
for tbl in tblList:
if conf.db is not None and len(kb.data.cachedColumns) > 0 \
2011-06-16 18:27:44 +04:00
and conf.db in kb.data.cachedColumns and tbl in \
kb.data.cachedColumns[conf.db]:
infoMsg = "fetched tables' columns on "
infoMsg += "database '%s'" % conf.db
logger.info(infoMsg)
return { conf.db: kb.data.cachedColumns[conf.db]}
infoMsg = "fetching columns "
infoMsg += "for table '%s' " % tbl
infoMsg += "on database '%s'" % conf.db
logger.info(infoMsg)
randStr = randomStr()
query = rootQuery.inband.query % (unsafeSQLIdentificatorNaming(tbl), ("'%s'" % unsafeSQLIdentificatorNaming(conf.db)) if unsafeSQLIdentificatorNaming(conf.db) != "USER" else 'USER')
retVal = self.__pivotDumpTable("(%s) AS %s" % (query, randStr), ['%s.columnname' % randStr,'%s.datatype' % randStr,'%s.len' % randStr], blind=True)
if retVal:
table = {}
columns = {}
for columnname, datatype, length in zip(retVal[0]["%s.columnname" % randStr], retVal[0]["%s.datatype" % randStr], retVal[0]["%s.len" % randStr]):
2011-06-16 17:41:02 +04:00
columns[safeSQLIdentificatorNaming(columnname)] = "%s(%s)" % (datatype, length)
table[tbl] = columns
kb.data.cachedColumns[conf.db] = table
return kb.data.cachedColumns
def searchDb(self):
warnMsg = "on SAP MaxDB it is not possible to search databases"
logger.warn(warnMsg)
return []