sqlmapproject/sqlmap
1
1
Fork 0
mirror of https://github.com/sqlmapproject/sqlmap.git synced 2024-11-22 17:46:37 +03:00
Code Issues Packages Projects Releases Wiki Activity
e7bc57b00b
sqlmap/plugins/generic/databases.py

829 lines
37 KiB
Python
Raw Normal View History

reverted a previous commit as not all distributions create a link file /usr/bin/python2 to the Python interpreter
2013-02-14 15:32:17 +04:00
#!/usr/bin/env python
plugin refactoring - issue #22
2012-07-20 22:17:35 +04:00
"""
updated copyright
2014-01-13 21:24:49 +04:00
Copyright (c) 2006-2014 sqlmap developers (http://sqlmap.org/)
plugin refactoring - issue #22
2012-07-20 22:17:35 +04:00
See the file 'doc/COPYING' for copying permission
"""
from lib.core.agent import agent
from lib.core.common import arrayizeValue
from lib.core.common import Backend
from lib.core.common import filterPairValues
from lib.core.common import getLimitRange
from lib.core.common import isInferenceAvailable
from lib.core.common import isListLike
from lib.core.common import isNoneValue
from lib.core.common import isNumPosStrValue
from lib.core.common import isTechniqueAvailable
from lib.core.common import parseSqliteTableSchema
from lib.core.common import popValue
from lib.core.common import pushValue
from lib.core.common import readInput
from lib.core.common import safeSQLIdentificatorNaming
Important fix (Issue #489) - we had a bad presumption than only public schema could be used for enumeration (while all schemas inside a current db could be used)
2013-07-19 15:24:35 +04:00
from lib.core.common import singleTimeWarnMessage
plugin refactoring - issue #22
2012-07-20 22:17:35 +04:00
from lib.core.common import unArrayizeValue
from lib.core.common import unsafeSQLIdentificatorNaming
from lib.core.data import conf
from lib.core.data import kb
from lib.core.data import logger
from lib.core.data import paths
from lib.core.data import queries
Some more dict refactorings
2012-08-21 13:30:01 +04:00
from lib.core.dicts import FIREBIRD_TYPES
plugin refactoring - issue #22
2012-07-20 22:17:35 +04:00
from lib.core.enums import CHARSET_TYPE
from lib.core.enums import DBMS
from lib.core.enums import EXPECTED
from lib.core.enums import PAYLOAD
Doing some more style updating (capitalization of exception classes; using _ is enough for private members - __ is used in Python specific methods)
2012-12-06 17:14:19 +04:00
from lib.core.exception import SqlmapMissingMandatoryOptionException
from lib.core.exception import SqlmapNoneDataException
from lib.core.exception import SqlmapUserQuitException
plugin refactoring - issue #22
2012-07-20 22:17:35 +04:00
from lib.core.settings import CURRENT_DB
from lib.request import inject
from lib.techniques.brute.use import columnExists
from lib.techniques.brute.use import tableExists
class Databases:
"""
This class defines databases' enumeration functionalities for plugins.
"""
def __init__(self):
kb.data.currentDb = ""
kb.data.cachedDbs = []
kb.data.cachedTables = {}
kb.data.cachedColumns = {}
kb.data.cachedCounts = {}
kb.data.dumpedTable = {}
def getCurrentDb(self):
infoMsg = "fetching current database"
logger.info(infoMsg)
query = queries[Backend.getIdentifiedDbms()].current_db.query
if not kb.data.currentDb:
kb.data.currentDb = unArrayizeValue(inject.getValue(query, safeCharEncode=False))
Important fix (Issue #489) - we had a bad presumption than only public schema could be used for enumeration (while all schemas inside a current db could be used)
2013-07-19 15:24:35 +04:00
if Backend.getIdentifiedDbms() in (DBMS.ORACLE, DBMS.DB2, DBMS.PGSQL):
warnMsg = "on %s you'll need to use " % Backend.getIdentifiedDbms()
warnMsg += "schema names for enumeration as the counterpart to database "
warnMsg += "names on other DBMSes"
singleTimeWarnMessage(warnMsg)
plugin refactoring - issue #22
2012-07-20 22:17:35 +04:00
return kb.data.currentDb
def getDbs(self):
if len(kb.data.cachedDbs) > 0:
return kb.data.cachedDbs
infoMsg = None
if Backend.isDbms(DBMS.MYSQL) and not kb.data.has_information_schema:
warnMsg = "information_schema not available, "
warnMsg += "back-end DBMS is MySQL < 5. database "
warnMsg += "names will be fetched from 'mysql' database"
logger.warn(warnMsg)
Important fix (Issue #489) - we had a bad presumption than only public schema could be used for enumeration (while all schemas inside a current db could be used)
2013-07-19 15:24:35 +04:00
elif Backend.getIdentifiedDbms() in (DBMS.ORACLE, DBMS.DB2, DBMS.PGSQL):
warnMsg = "schema names are going to be used on %s " % Backend.getIdentifiedDbms()
plugin refactoring - issue #22
2012-07-20 22:17:35 +04:00
warnMsg += "for enumeration as the counterpart to database "
warnMsg += "names on other DBMSes"
logger.warn(warnMsg)
infoMsg = "fetching database (schema) names"
else:
infoMsg = "fetching database names"
if infoMsg:
logger.info(infoMsg)
rootQuery = queries[Backend.getIdentifiedDbms()].dbs
Update for an Issue #278
2012-12-05 13:45:17 +04:00
if any(isTechniqueAvailable(_) for _ in (PAYLOAD.TECHNIQUE.UNION, PAYLOAD.TECHNIQUE.ERROR, PAYLOAD.TECHNIQUE.QUERY)) or conf.direct:
plugin refactoring - issue #22
2012-07-20 22:17:35 +04:00
if Backend.isDbms(DBMS.MYSQL) and not kb.data.has_information_schema:
query = rootQuery.inband.query2
else:
query = rootQuery.inband.query
Minor just in case commit (plural/singular unArrayize())
2012-12-21 13:15:42 +04:00
values = inject.getValue(query, blind=False, time=False)
plugin refactoring - issue #22
2012-07-20 22:17:35 +04:00
Minor just in case commit (plural/singular unArrayize())
2012-12-21 13:15:42 +04:00
if not isNoneValue(values):
kb.data.cachedDbs = arrayizeValue(values)
plugin refactoring - issue #22
2012-07-20 22:17:35 +04:00
if not kb.data.cachedDbs and isInferenceAvailable() and not conf.direct:
infoMsg = "fetching number of databases"
logger.info(infoMsg)
if Backend.isDbms(DBMS.MYSQL) and not kb.data.has_information_schema:
query = rootQuery.blind.count2
else:
query = rootQuery.blind.count
Massive renaming (proper naming is inband = union & error techniques! - query naming stays as they are/in code things like forgeInbandQuery are renamed to forgeUnionQuery)
2012-10-28 02:36:09 +04:00
count = inject.getValue(query, union=False, error=False, expected=EXPECTED.INT, charsetType=CHARSET_TYPE.DIGITS)
plugin refactoring - issue #22
2012-07-20 22:17:35 +04:00
if not isNumPosStrValue(count):
errMsg = "unable to retrieve the number of databases"
logger.error(errMsg)
else:
plusOne = Backend.getIdentifiedDbms() in (DBMS.ORACLE, DBMS.DB2)
indexRange = getLimitRange(count, plusOne=plusOne)
for index in indexRange:
if Backend.isDbms(DBMS.SYBASE):
query = rootQuery.blind.query % (kb.data.cachedDbs[-1] if kb.data.cachedDbs else " ")
elif Backend.isDbms(DBMS.MYSQL) and not kb.data.has_information_schema:
query = rootQuery.blind.query2 % index
else:
query = rootQuery.blind.query % index
Minor just in case commit (plural/singular unArrayize())
2012-12-21 13:15:42 +04:00
db = unArrayizeValue(inject.getValue(query, union=False, error=False))
plugin refactoring - issue #22
2012-07-20 22:17:35 +04:00
if db:
kb.data.cachedDbs.append(safeSQLIdentificatorNaming(db))
if not kb.data.cachedDbs and Backend.isDbms(DBMS.MSSQL):
Update for an Issue #278
2012-12-05 13:45:17 +04:00
if any(isTechniqueAvailable(_) for _ in (PAYLOAD.TECHNIQUE.UNION, PAYLOAD.TECHNIQUE.ERROR, PAYLOAD.TECHNIQUE.QUERY)) or conf.direct:
plugin refactoring - issue #22
2012-07-20 22:17:35 +04:00
blinds = (False, True)
else:
blinds = (True,)
for blind in blinds:
count = 0
kb.data.cachedDbs = []
while True:
query = rootQuery.inband.query2 % count
Infinite loop fix when 'SELECT DB_NAME(...)' method used for --dbs in MsSQL
2012-12-06 18:55:33 +04:00
value = unArrayizeValue(inject.getValue(query, blind=blind))
if not (value or "").strip():
plugin refactoring - issue #22
2012-07-20 22:17:35 +04:00
break
else:
Infinite loop fix when 'SELECT DB_NAME(...)' method used for --dbs in MsSQL
2012-12-06 18:55:33 +04:00
kb.data.cachedDbs.append(value)
plugin refactoring - issue #22
2012-07-20 22:17:35 +04:00
count += 1
if kb.data.cachedDbs:
break
if not kb.data.cachedDbs:
infoMsg = "falling back to current database"
logger.info(infoMsg)
self.getCurrentDb()
if kb.data.currentDb:
kb.data.cachedDbs = [kb.data.currentDb]
else:
errMsg = "unable to retrieve the database names"
Replacing old and deprecated raise Exception style (PEP8)
2013-01-04 02:20:55 +04:00
raise SqlmapNoneDataException(errMsg)
plugin refactoring - issue #22
2012-07-20 22:17:35 +04:00
else:
kb.data.cachedDbs.sort()
Patch for an Issue #300
2012-12-18 12:55:33 +04:00
if kb.data.cachedDbs:
kb.data.cachedDbs = list(set(kb.data.cachedDbs))
plugin refactoring - issue #22
2012-07-20 22:17:35 +04:00
return kb.data.cachedDbs
def getTables(self, bruteForce=None):
if len(kb.data.cachedTables) > 0:
return kb.data.cachedTables
self.forceDbmsEnum()
if bruteForce is None:
if Backend.isDbms(DBMS.MYSQL) and not kb.data.has_information_schema:
errMsg = "information_schema not available, "
errMsg += "back-end DBMS is MySQL < 5.0"
logger.error(errMsg)
bruteForce = True
elif Backend.isDbms(DBMS.ACCESS):
try:
tables = self.getTables(False)
Doing some more style updating (capitalization of exception classes; using _ is enough for private members - __ is used in Python specific methods)
2012-12-06 17:14:19 +04:00
except SqlmapNoneDataException:
plugin refactoring - issue #22
2012-07-20 22:17:35 +04:00
tables = None
if not tables:
errMsg = "cannot retrieve table names, "
errMsg += "back-end DBMS is Access"
logger.error(errMsg)
bruteForce = True
else:
return tables
if conf.db == CURRENT_DB:
conf.db = self.getCurrentDb()
tables and databases names on MSQLDB are capitalized
2013-07-01 14:54:31 +04:00
if conf.db and Backend.getIdentifiedDbms() in (DBMS.ORACLE, DBMS.DB2, DBMS.HSQLDB):
plugin refactoring - issue #22
2012-07-20 22:17:35 +04:00
conf.db = conf.db.upper()
if conf.db:
dbs = conf.db.split(",")
else:
dbs = self.getDbs()
for db in dbs:
dbs[dbs.index(db)] = safeSQLIdentificatorNaming(db)
dbs = filter(None, dbs)
if bruteForce:
resumeAvailable = False
for db, table in kb.brute.tables:
if db == conf.db:
resumeAvailable = True
break
Fix for an Issue #601
2014-02-05 18:11:39 +04:00
if resumeAvailable and not conf.freshQueries:
plugin refactoring - issue #22
2012-07-20 22:17:35 +04:00
for db, table in kb.brute.tables:
if db == conf.db:
if conf.db not in kb.data.cachedTables:
kb.data.cachedTables[conf.db] = [table]
else:
kb.data.cachedTables[conf.db].append(table)
return kb.data.cachedTables
message = "do you want to use common table existence check? %s" % ("[Y/n/q]" if Backend.getIdentifiedDbms() in (DBMS.ACCESS,) else "[y/N/q]")
test = readInput(message, default="Y" if "Y" in message else "N")
if test[0] in ("n", "N"):
return
elif test[0] in ("q", "Q"):
Doing some more style updating (capitalization of exception classes; using _ is enough for private members - __ is used in Python specific methods)
2012-12-06 17:14:19 +04:00
raise SqlmapUserQuitException
plugin refactoring - issue #22
2012-07-20 22:17:35 +04:00
else:
return tableExists(paths.COMMON_TABLES)
infoMsg = "fetching tables for database"
Minor fixes
2013-02-15 19:48:58 +04:00
infoMsg += "%s: '%s'" % ("s" if len(dbs) > 1 else "", ", ".join(unsafeSQLIdentificatorNaming(unArrayizeValue(db)) for db in sorted(dbs)))
plugin refactoring - issue #22
2012-07-20 22:17:35 +04:00
logger.info(infoMsg)
rootQuery = queries[Backend.getIdentifiedDbms()].tables
Update for an Issue #278
2012-12-05 13:45:17 +04:00
if any(isTechniqueAvailable(_) for _ in (PAYLOAD.TECHNIQUE.UNION, PAYLOAD.TECHNIQUE.ERROR, PAYLOAD.TECHNIQUE.QUERY)) or conf.direct:
plugin refactoring - issue #22
2012-07-20 22:17:35 +04:00
query = rootQuery.inband.query
condition = rootQuery.inband.condition if 'condition' in rootQuery.inband else None
if condition:
WHERE condition for error-based technique for --tables with --exclude-sysdbs was logically wrong, fixed now
2012-12-17 18:06:12 +04:00
if not Backend.isDbms(DBMS.SQLITE):
query += " WHERE %s" % condition
refactoring
2012-12-17 18:07:28 +04:00
if conf.excludeSysDbs:
Minor fixes
2013-02-15 19:48:58 +04:00
infoMsg = "skipping system database%s '%s'" % ("s" if len(self.excludeDbsList) > 1 else "", ", ".join(unsafeSQLIdentificatorNaming(db) for db in self.excludeDbsList))
refactoring
2012-12-17 18:07:28 +04:00
logger.info(infoMsg)
Bug fix (--dbms=mysql --tables -D testdb --exclude-sysdbs --technique=E was not working)
2013-01-30 14:36:04 +04:00
query += " IN (%s)" % ",".join("'%s'" % unsafeSQLIdentificatorNaming(db) for db in sorted(dbs) if db not in self.excludeDbsList)
else:
query += " IN (%s)" % ",".join("'%s'" % unsafeSQLIdentificatorNaming(db) for db in sorted(dbs))
plugin refactoring - issue #22
2012-07-20 22:17:35 +04:00
if len(dbs) < 2 and ("%s," % condition) in query:
query = query.replace("%s," % condition, "", 1)
Minor just in case commit (plural/singular unArrayize())
2012-12-21 13:15:42 +04:00
values = inject.getValue(query, blind=False, time=False)
plugin refactoring - issue #22
2012-07-20 22:17:35 +04:00
Minor just in case commit (plural/singular unArrayize())
2012-12-21 13:15:42 +04:00
if not isNoneValue(values):
values = filter(None, arrayizeValue(values))
plugin refactoring - issue #22
2012-07-20 22:17:35 +04:00
Minor just in case commit (plural/singular unArrayize())
2012-12-21 13:15:42 +04:00
if len(values) > 0 and not isListLike(values[0]):
Implementation for an Issue #332
2013-01-11 14:17:41 +04:00
values = [(dbs[0], _) for _ in values]
plugin refactoring - issue #22
2012-07-20 22:17:35 +04:00
Minor just in case commit (plural/singular unArrayize())
2012-12-21 13:15:42 +04:00
for db, table in filterPairValues(values):
plugin refactoring - issue #22
2012-07-20 22:17:35 +04:00
db = safeSQLIdentificatorNaming(db)
Fix for an Issue #597
2014-01-15 13:29:53 +04:00
table = safeSQLIdentificatorNaming(unArrayizeValue(table), True)
plugin refactoring - issue #22
2012-07-20 22:17:35 +04:00
if db not in kb.data.cachedTables:
kb.data.cachedTables[db] = [table]
else:
kb.data.cachedTables[db].append(table)
if not kb.data.cachedTables and isInferenceAvailable() and not conf.direct:
for db in dbs:
if conf.excludeSysDbs and db in self.excludeDbsList:
Minor fixes
2013-02-15 19:48:58 +04:00
infoMsg = "skipping system database '%s'" % unsafeSQLIdentificatorNaming(db)
plugin refactoring - issue #22
2012-07-20 22:17:35 +04:00
logger.info(infoMsg)
continue
infoMsg = "fetching number of tables for "
infoMsg += "database '%s'" % unsafeSQLIdentificatorNaming(db)
logger.info(infoMsg)
if Backend.getIdentifiedDbms() in (DBMS.SQLITE, DBMS.FIREBIRD, DBMS.MAXDB, DBMS.ACCESS):
query = rootQuery.blind.count
else:
query = rootQuery.blind.count % unsafeSQLIdentificatorNaming(db)
Massive renaming (proper naming is inband = union & error techniques! - query naming stays as they are/in code things like forgeInbandQuery are renamed to forgeUnionQuery)
2012-10-28 02:36:09 +04:00
count = inject.getValue(query, union=False, error=False, expected=EXPECTED.INT, charsetType=CHARSET_TYPE.DIGITS)
plugin refactoring - issue #22
2012-07-20 22:17:35 +04:00
Minor fix
2012-10-23 12:33:30 +04:00
if count == 0:
warnMsg = "database '%s' " % unsafeSQLIdentificatorNaming(db)
warnMsg += "appears to be empty"
logger.warn(warnMsg)
continue
elif not isNumPosStrValue(count):
plugin refactoring - issue #22
2012-07-20 22:17:35 +04:00
warnMsg = "unable to retrieve the number of "
warnMsg += "tables for database '%s'" % unsafeSQLIdentificatorNaming(db)
logger.warn(warnMsg)
continue
tables = []
plusOne = Backend.getIdentifiedDbms() in (DBMS.ORACLE, DBMS.DB2)
indexRange = getLimitRange(count, plusOne=plusOne)
for index in indexRange:
if Backend.isDbms(DBMS.SYBASE):
query = rootQuery.blind.query % (db, (kb.data.cachedTables[-1] if kb.data.cachedTables else " "))
elif Backend.getIdentifiedDbms() in (DBMS.MAXDB, DBMS.ACCESS):
query = rootQuery.blind.query % (kb.data.cachedTables[-1] if kb.data.cachedTables else " ")
elif Backend.getIdentifiedDbms() in (DBMS.SQLITE, DBMS.FIREBIRD):
query = rootQuery.blind.query % index
Fix for --tables on HSQLDB
2014-03-07 18:57:41 +04:00
elif Backend.isDbms(DBMS.HSQLDB):
query = rootQuery.blind.query % (index, unsafeSQLIdentificatorNaming(db))
plugin refactoring - issue #22
2012-07-20 22:17:35 +04:00
else:
query = rootQuery.blind.query % (unsafeSQLIdentificatorNaming(db), index)
Minor just in case commit (plural/singular unArrayize())
2012-12-21 13:15:42 +04:00
table = unArrayizeValue(inject.getValue(query, union=False, error=False))
plugin refactoring - issue #22
2012-07-20 22:17:35 +04:00
if not isNoneValue(table):
kb.hintValue = table
table = safeSQLIdentificatorNaming(table, True)
tables.append(table)
if tables:
kb.data.cachedTables[db] = tables
else:
warnMsg = "unable to retrieve the table names "
warnMsg += "for database '%s'" % unsafeSQLIdentificatorNaming(db)
logger.warn(warnMsg)
if isNoneValue(kb.data.cachedTables):
kb.data.cachedTables.clear()
if not kb.data.cachedTables:
errMsg = "unable to retrieve the table names for any database"
if bruteForce is None:
logger.error(errMsg)
return self.getTables(bruteForce=True)
else:
Replacing old and deprecated raise Exception style (PEP8)
2013-01-04 02:20:55 +04:00
raise SqlmapNoneDataException(errMsg)
plugin refactoring - issue #22
2012-07-20 22:17:35 +04:00
else:
for db, tables in kb.data.cachedTables.items():
kb.data.cachedTables[db] = sorted(tables) if tables else tables
Patch for an Issue #300
2012-12-18 12:55:33 +04:00
if kb.data.cachedTables:
for db in kb.data.cachedTables.keys():
kb.data.cachedTables[db] = list(set(kb.data.cachedTables[db]))
plugin refactoring - issue #22
2012-07-20 22:17:35 +04:00
return kb.data.cachedTables
def getColumns(self, onlyColNames=False, colTuple=None, bruteForce=None):
self.forceDbmsEnum()
if conf.db is None or conf.db == CURRENT_DB:
if conf.db is None:
Minor language cleanup
2012-10-04 20:28:36 +04:00
warnMsg = "missing database parameter. sqlmap is going "
plugin refactoring - issue #22
2012-07-20 22:17:35 +04:00
warnMsg += "to use the current database to enumerate "
warnMsg += "table(s) columns"
logger.warn(warnMsg)
conf.db = self.getCurrentDb()
Fix for a NoneType/--columns issue reported over ML
2013-07-02 17:01:49 +04:00
if not conf.db:
errMsg = "unable to retrieve the current "
errMsg += "database name"
raise SqlmapNoneDataException(errMsg)
plugin refactoring - issue #22
2012-07-20 22:17:35 +04:00
elif conf.db is not None:
tables and databases names on MSQLDB are capitalized
2013-07-01 14:54:31 +04:00
if Backend.getIdentifiedDbms() in (DBMS.ORACLE, DBMS.DB2, DBMS.HSQLDB):
plugin refactoring - issue #22
2012-07-20 22:17:35 +04:00
conf.db = conf.db.upper()
if ',' in conf.db:
errMsg = "only one database name is allowed when enumerating "
errMsg += "the tables' columns"
Replacing old and deprecated raise Exception style (PEP8)
2013-01-04 02:20:55 +04:00
raise SqlmapMissingMandatoryOptionException(errMsg)
plugin refactoring - issue #22
2012-07-20 22:17:35 +04:00
conf.db = safeSQLIdentificatorNaming(conf.db)
if conf.col:
if Backend.getIdentifiedDbms() in (DBMS.ORACLE, DBMS.DB2):
conf.col = conf.col.upper()
Implementation for an Issue #596
2014-01-13 13:05:49 +04:00
colList = conf.col.split(',')
plugin refactoring - issue #22
2012-07-20 22:17:35 +04:00
else:
colList = []
Implementation for an Issue #596
2014-01-13 13:05:49 +04:00
if conf.excludeCol:
colList = [_ for _ in colList if _ not in conf.excludeCol.split(',')]
plugin refactoring - issue #22
2012-07-20 22:17:35 +04:00
for col in colList:
colList[colList.index(col)] = safeSQLIdentificatorNaming(col)
colList = filter(None, colList)
if conf.tbl:
if Backend.getIdentifiedDbms() in (DBMS.ORACLE, DBMS.DB2):
conf.tbl = conf.tbl.upper()
tblList = conf.tbl.split(",")
else:
self.getTables()
if len(kb.data.cachedTables) > 0:
if conf.db in kb.data.cachedTables:
tblList = kb.data.cachedTables[conf.db]
else:
tblList = kb.data.cachedTables.values()
if isinstance(tblList[0], (set, tuple, list)):
tblList = tblList[0]
tblList = list(tblList)
else:
errMsg = "unable to retrieve the tables "
errMsg += "in database '%s'" % unsafeSQLIdentificatorNaming(conf.db)
Replacing old and deprecated raise Exception style (PEP8)
2013-01-04 02:20:55 +04:00
raise SqlmapNoneDataException(errMsg)
plugin refactoring - issue #22
2012-07-20 22:17:35 +04:00
Fix for a NoneType/--columns issue reported over ML
2013-07-02 17:01:49 +04:00
tblList = filter(None, (safeSQLIdentificatorNaming(_, True) for _ in tblList))
plugin refactoring - issue #22
2012-07-20 22:17:35 +04:00
if bruteForce is None:
if Backend.isDbms(DBMS.MYSQL) and not kb.data.has_information_schema:
errMsg = "information_schema not available, "
errMsg += "back-end DBMS is MySQL < 5.0"
logger.error(errMsg)
bruteForce = True
elif Backend.isDbms(DBMS.ACCESS):
errMsg = "cannot retrieve column names, "
errMsg += "back-end DBMS is Access"
logger.error(errMsg)
bruteForce = True
proper fix for #306
2012-12-18 19:31:30 +04:00
if bruteForce:
plugin refactoring - issue #22
2012-07-20 22:17:35 +04:00
resumeAvailable = False
for tbl in tblList:
for db, table, colName, colType in kb.brute.columns:
if db == conf.db and table == tbl:
resumeAvailable = True
break
Fix for an Issue #601
2014-02-05 18:11:39 +04:00
if resumeAvailable and not conf.freshQueries or colList:
plugin refactoring - issue #22
2012-07-20 22:17:35 +04:00
columns = {}
for column in colList:
columns[column] = None
for tbl in tblList:
for db, table, colName, colType in kb.brute.columns:
if db == conf.db and table == tbl:
columns[colName] = colType
if conf.db in kb.data.cachedColumns:
kb.data.cachedColumns[safeSQLIdentificatorNaming(conf.db)][safeSQLIdentificatorNaming(tbl, True)] = columns
else:
kb.data.cachedColumns[safeSQLIdentificatorNaming(conf.db)] = {safeSQLIdentificatorNaming(tbl, True): columns}
return kb.data.cachedColumns
message = "do you want to use common column existence check? %s" % ("[Y/n/q]" if Backend.getIdentifiedDbms() in (DBMS.ACCESS,) else "[y/N/q]")
test = readInput(message, default="Y" if "Y" in message else "N")
if test[0] in ("n", "N"):
return
elif test[0] in ("q", "Q"):
Doing some more style updating (capitalization of exception classes; using _ is enough for private members - __ is used in Python specific methods)
2012-12-06 17:14:19 +04:00
raise SqlmapUserQuitException
plugin refactoring - issue #22
2012-07-20 22:17:35 +04:00
else:
return columnExists(paths.COMMON_COLUMNS)
rootQuery = queries[Backend.getIdentifiedDbms()].columns
condition = rootQuery.blind.condition if 'condition' in rootQuery.blind else None
Update for an Issue #278
2012-12-05 13:45:17 +04:00
if any(isTechniqueAvailable(_) for _ in (PAYLOAD.TECHNIQUE.UNION, PAYLOAD.TECHNIQUE.ERROR, PAYLOAD.TECHNIQUE.QUERY)) or conf.direct:
plugin refactoring - issue #22
2012-07-20 22:17:35 +04:00
for tbl in tblList:
if conf.db is not None and len(kb.data.cachedColumns) > 0 \
and conf.db in kb.data.cachedColumns and tbl in \
kb.data.cachedColumns[conf.db]:
infoMsg = "fetched tables' columns on "
infoMsg += "database '%s'" % unsafeSQLIdentificatorNaming(conf.db)
logger.info(infoMsg)
return {conf.db: kb.data.cachedColumns[conf.db]}
infoMsg = "fetching columns "
proper fix for #306
2012-12-18 19:31:30 +04:00
condQuery = ""
plugin refactoring - issue #22
2012-07-20 22:17:35 +04:00
if len(colList) > 0:
proper fix for #306
2012-12-18 19:31:30 +04:00
if colTuple:
_, colCondParam = colTuple
plugin refactoring - issue #22
2012-07-20 22:17:35 +04:00
infoMsg += "like '%s' " % ", ".join(unsafeSQLIdentificatorNaming(col) for col in sorted(colList))
else:
proper fix for #306
2012-12-18 19:31:30 +04:00
colCondParam = "='%s'"
plugin refactoring - issue #22
2012-07-20 22:17:35 +04:00
infoMsg += "'%s' " % ", ".join(unsafeSQLIdentificatorNaming(col) for col in sorted(colList))
proper fix for #306
2012-12-18 19:31:30 +04:00
condQueryStr = "%%s%s" % colCondParam
condQuery = " AND (%s)" % " OR ".join(condQueryStr % (condition, unsafeSQLIdentificatorNaming(col)) for col in sorted(colList))
plugin refactoring - issue #22
2012-07-20 22:17:35 +04:00
infoMsg += "for table '%s' " % unsafeSQLIdentificatorNaming(tbl)
infoMsg += "in database '%s'" % unsafeSQLIdentificatorNaming(conf.db)
logger.info(infoMsg)
Official naming is HSQLDB (and/or HyperSQL)
2013-07-01 13:57:47 +04:00
if Backend.getIdentifiedDbms() in (DBMS.MYSQL, DBMS.PGSQL, DBMS.HSQLDB):
plugin refactoring - issue #22
2012-07-20 22:17:35 +04:00
query = rootQuery.inband.query % (unsafeSQLIdentificatorNaming(tbl), unsafeSQLIdentificatorNaming(conf.db))
query += condQuery
elif Backend.getIdentifiedDbms() in (DBMS.ORACLE, DBMS.DB2):
more adjustments for #353
2013-01-19 00:44:56 +04:00
query = rootQuery.inband.query % (unsafeSQLIdentificatorNaming(tbl.upper()), unsafeSQLIdentificatorNaming(conf.db.upper()))
plugin refactoring - issue #22
2012-07-20 22:17:35 +04:00
query += condQuery
elif Backend.isDbms(DBMS.MSSQL):
query = rootQuery.inband.query % (conf.db, conf.db, conf.db, conf.db,
conf.db, conf.db, conf.db, unsafeSQLIdentificatorNaming(tbl).split(".")[-1])
query += condQuery.replace("[DB]", conf.db)
bug fix for #355
2013-01-19 02:10:10 +04:00
elif Backend.getIdentifiedDbms() in (DBMS.SQLITE, DBMS.FIREBIRD):
plugin refactoring - issue #22
2012-07-20 22:17:35 +04:00
query = rootQuery.inband.query % tbl
Remote whitespace in databases.py
2013-06-24 18:03:08 +04:00
Minor just in case commit (plural/singular unArrayize())
2012-12-21 13:15:42 +04:00
values = inject.getValue(query, blind=False, time=False)
plugin refactoring - issue #22
2012-07-20 22:17:35 +04:00
Implementation for an Issue #332
2013-01-11 14:17:41 +04:00
if Backend.isDbms(DBMS.MSSQL) and isNoneValue(values):
index, values = 1, []
fix for #353
2013-01-19 00:40:38 +04:00
Implementation for an Issue #332
2013-01-11 14:17:41 +04:00
while True:
query = rootQuery.inband.query2 % (conf.db, tbl, index)
value = unArrayizeValue(inject.getValue(query, blind=False, time=False))
fix for #353
2013-01-19 00:40:38 +04:00
Implementation for an Issue #332
2013-01-11 14:17:41 +04:00
if isNoneValue(value) or value == " ":
break
else:
values.append((value,))
index += 1
plugin refactoring - issue #22
2012-07-20 22:17:35 +04:00
if Backend.isDbms(DBMS.SQLITE):
Minor just in case commit (plural/singular unArrayize())
2012-12-21 13:15:42 +04:00
parseSqliteTableSchema(unArrayizeValue(values))
elif not isNoneValue(values):
plugin refactoring - issue #22
2012-07-20 22:17:35 +04:00
table = {}
columns = {}
Minor just in case commit (plural/singular unArrayize())
2012-12-21 13:15:42 +04:00
for columnData in values:
plugin refactoring - issue #22
2012-07-20 22:17:35 +04:00
if not isNoneValue(columnData):
name = safeSQLIdentificatorNaming(columnData[0])
if name:
Update for an Issue #481
2013-07-29 20:25:27 +04:00
if conf.getComments:
_ = queries[Backend.getIdentifiedDbms()].column_comment
if hasattr(_, "query"):
if Backend.getIdentifiedDbms() in (DBMS.ORACLE, DBMS.DB2):
query = _.query % (unsafeSQLIdentificatorNaming(conf.db.upper()), unsafeSQLIdentificatorNaming(tbl.upper()), unsafeSQLIdentificatorNaming(name.upper()))
else:
query = _.query % (unsafeSQLIdentificatorNaming(conf.db), unsafeSQLIdentificatorNaming(tbl), unsafeSQLIdentificatorNaming(name))
comment = unArrayizeValue(inject.getValue(query, blind=False, time=False))
else:
warnMsg = "on %s it is not " % Backend.getIdentifiedDbms()
warnMsg += "possible to get column comments"
singleTimeWarnMessage(warnMsg)
plugin refactoring - issue #22
2012-07-20 22:17:35 +04:00
if len(columnData) == 1:
Implementation for an Issue #332
2013-01-11 14:17:41 +04:00
columns[name] = None
plugin refactoring - issue #22
2012-07-20 22:17:35 +04:00
else:
Fix for that Firebird column data types issue (tec=EU)
2013-01-21 20:20:46 +04:00
if Backend.isDbms(DBMS.FIREBIRD):
columnData[1] = FIREBIRD_TYPES.get(columnData[1], columnData[1])
plugin refactoring - issue #22
2012-07-20 22:17:35 +04:00
columns[name] = columnData[1]
if conf.db in kb.data.cachedColumns:
kb.data.cachedColumns[safeSQLIdentificatorNaming(conf.db)][safeSQLIdentificatorNaming(tbl, True)] = columns
else:
table[safeSQLIdentificatorNaming(tbl, True)] = columns
kb.data.cachedColumns[safeSQLIdentificatorNaming(conf.db)] = table
elif isInferenceAvailable() and not conf.direct:
for tbl in tblList:
if conf.db is not None and len(kb.data.cachedColumns) > 0 \
and conf.db in kb.data.cachedColumns and tbl in \
kb.data.cachedColumns[conf.db]:
infoMsg = "fetched tables' columns on "
Minor fixes
2013-02-15 19:48:58 +04:00
infoMsg += "database '%s'" % unsafeSQLIdentificatorNaming(conf.db)
plugin refactoring - issue #22
2012-07-20 22:17:35 +04:00
logger.info(infoMsg)
return {conf.db: kb.data.cachedColumns[conf.db]}
infoMsg = "fetching columns "
proper fix for #306
2012-12-18 19:31:30 +04:00
condQuery = ""
plugin refactoring - issue #22
2012-07-20 22:17:35 +04:00
if len(colList) > 0:
proper fix for #306
2012-12-18 19:31:30 +04:00
if colTuple:
_, colCondParam = colTuple
plugin refactoring - issue #22
2012-07-20 22:17:35 +04:00
infoMsg += "like '%s' " % ", ".join(unsafeSQLIdentificatorNaming(col) for col in sorted(colList))
else:
proper fix for #306
2012-12-18 19:31:30 +04:00
colCondParam = "='%s'"
plugin refactoring - issue #22
2012-07-20 22:17:35 +04:00
infoMsg += "'%s' " % ", ".join(unsafeSQLIdentificatorNaming(col) for col in sorted(colList))
proper fix for #306
2012-12-18 19:31:30 +04:00
condQueryStr = "%%s%s" % colCondParam
condQuery = " AND (%s)" % " OR ".join(condQueryStr % (condition, unsafeSQLIdentificatorNaming(col)) for col in sorted(colList))
plugin refactoring - issue #22
2012-07-20 22:17:35 +04:00
infoMsg += "for table '%s' " % unsafeSQLIdentificatorNaming(tbl)
infoMsg += "in database '%s'" % unsafeSQLIdentificatorNaming(conf.db)
logger.info(infoMsg)
Fix for an Issue #683
2014-05-04 22:44:11 +04:00
if Backend.getIdentifiedDbms() in (DBMS.MYSQL, DBMS.PGSQL, DBMS.HSQLDB):
plugin refactoring - issue #22
2012-07-20 22:17:35 +04:00
query = rootQuery.blind.count % (unsafeSQLIdentificatorNaming(tbl), unsafeSQLIdentificatorNaming(conf.db))
query += condQuery
elif Backend.getIdentifiedDbms() in (DBMS.ORACLE, DBMS.DB2):
more adjustments for #353
2013-01-19 00:44:56 +04:00
query = rootQuery.blind.count % (unsafeSQLIdentificatorNaming(tbl.upper()), unsafeSQLIdentificatorNaming(conf.db.upper()))
plugin refactoring - issue #22
2012-07-20 22:17:35 +04:00
query += condQuery
elif Backend.isDbms(DBMS.MSSQL):
query = rootQuery.blind.count % (conf.db, conf.db, \
unsafeSQLIdentificatorNaming(tbl).split(".")[-1])
query += condQuery.replace("[DB]", conf.db)
elif Backend.isDbms(DBMS.FIREBIRD):
query = rootQuery.blind.count % (tbl)
query += condQuery
elif Backend.isDbms(DBMS.SQLITE):
query = rootQuery.blind.query % tbl
Minor just in case commit (plural/singular unArrayize())
2012-12-21 13:15:42 +04:00
value = unArrayizeValue(inject.getValue(query, union=False, error=False))
plugin refactoring - issue #22
2012-07-20 22:17:35 +04:00
parseSqliteTableSchema(value)
return kb.data.cachedColumns
Massive renaming (proper naming is inband = union & error techniques! - query naming stays as they are/in code things like forgeInbandQuery are renamed to forgeUnionQuery)
2012-10-28 02:36:09 +04:00
count = inject.getValue(query, union=False, error=False, expected=EXPECTED.INT, charsetType=CHARSET_TYPE.DIGITS)
plugin refactoring - issue #22
2012-07-20 22:17:35 +04:00
table = {}
columns = {}
Implementation for an Issue #332
2013-01-11 14:17:41 +04:00
if not isNumPosStrValue(count):
if Backend.isDbms(DBMS.MSSQL):
count, index, values = 0, 1, []
while True:
query = rootQuery.blind.query3 % (conf.db, tbl, index)
value = unArrayizeValue(inject.getValue(query, union=False, error=False))
if isNoneValue(value) or value == " ":
break
else:
columns[safeSQLIdentificatorNaming(value)] = None
index += 1
if not columns:
errMsg = "unable to retrieve the %scolumns " % ("number of " if not Backend.isDbms(DBMS.MSSQL) else "")
errMsg += "for table '%s' " % unsafeSQLIdentificatorNaming(tbl)
errMsg += "in database '%s'" % unsafeSQLIdentificatorNaming(conf.db)
logger.error(errMsg)
continue
Fix for an Issue #175
2012-09-07 19:06:38 +04:00
for index in getLimitRange(count):
plugin refactoring - issue #22
2012-07-20 22:17:35 +04:00
if Backend.getIdentifiedDbms() in (DBMS.MYSQL, DBMS.PGSQL):
query = rootQuery.blind.query % (unsafeSQLIdentificatorNaming(tbl), unsafeSQLIdentificatorNaming(conf.db))
query += condQuery
field = None
elif Backend.getIdentifiedDbms() in (DBMS.ORACLE, DBMS.DB2):
more adjustments for #353
2013-01-19 00:44:56 +04:00
query = rootQuery.blind.query % (unsafeSQLIdentificatorNaming(tbl.upper()), unsafeSQLIdentificatorNaming(conf.db.upper()))
plugin refactoring - issue #22
2012-07-20 22:17:35 +04:00
query += condQuery
field = None
elif Backend.isDbms(DBMS.MSSQL):
Fix for an Issue #175
2012-09-07 19:06:38 +04:00
query = rootQuery.blind.query.replace("'%s'", "'%s'" % unsafeSQLIdentificatorNaming(tbl).split(".")[-1]).replace("%s", conf.db).replace("%d", str(index))
plugin refactoring - issue #22
2012-07-20 22:17:35 +04:00
query += condQuery.replace("[DB]", conf.db)
field = condition.replace("[DB]", conf.db)
elif Backend.isDbms(DBMS.FIREBIRD):
query = rootQuery.blind.query % (tbl)
query += condQuery
field = None
Fix for an Issue #175
2012-09-07 19:06:38 +04:00
query = agent.limitQuery(index, query, field, field)
Minor just in case commit (plural/singular unArrayize())
2012-12-21 13:15:42 +04:00
column = unArrayizeValue(inject.getValue(query, union=False, error=False))
plugin refactoring - issue #22
2012-07-20 22:17:35 +04:00
if not isNoneValue(column):
Update for an Issue #481
2013-07-29 20:25:27 +04:00
if conf.getComments:
_ = queries[Backend.getIdentifiedDbms()].column_comment
if hasattr(_, "query"):
if Backend.getIdentifiedDbms() in (DBMS.ORACLE, DBMS.DB2):
query = _.query % (unsafeSQLIdentificatorNaming(conf.db.upper()), unsafeSQLIdentificatorNaming(tbl.upper()), unsafeSQLIdentificatorNaming(column.upper()))
else:
query = _.query % (unsafeSQLIdentificatorNaming(conf.db), unsafeSQLIdentificatorNaming(tbl), unsafeSQLIdentificatorNaming(column))
comment = unArrayizeValue(inject.getValue(query, union=False, error=False))
else:
warnMsg = "on %s it is not " % Backend.getIdentifiedDbms()
warnMsg += "possible to get column comments"
singleTimeWarnMessage(warnMsg)
plugin refactoring - issue #22
2012-07-20 22:17:35 +04:00
if not onlyColNames:
if Backend.getIdentifiedDbms() in (DBMS.MYSQL, DBMS.PGSQL):
query = rootQuery.blind.query2 % (unsafeSQLIdentificatorNaming(tbl), column, unsafeSQLIdentificatorNaming(conf.db))
elif Backend.getIdentifiedDbms() in (DBMS.ORACLE, DBMS.DB2):
more adjustments for #353
2013-01-19 00:44:56 +04:00
query = rootQuery.blind.query2 % (unsafeSQLIdentificatorNaming(tbl.upper()), column, unsafeSQLIdentificatorNaming(conf.db.upper()))
plugin refactoring - issue #22
2012-07-20 22:17:35 +04:00
elif Backend.isDbms(DBMS.MSSQL):
query = rootQuery.blind.query2 % (conf.db, conf.db, conf.db, conf.db, column, conf.db,
conf.db, conf.db, unsafeSQLIdentificatorNaming(tbl).split(".")[-1])
elif Backend.isDbms(DBMS.FIREBIRD):
query = rootQuery.blind.query2 % (tbl, column)
Minor just in case commit (plural/singular unArrayize())
2012-12-21 13:15:42 +04:00
colType = unArrayizeValue(inject.getValue(query, union=False, error=False))
plugin refactoring - issue #22
2012-07-20 22:17:35 +04:00
if Backend.isDbms(DBMS.FIREBIRD):
Minor fix
2012-09-10 21:28:15 +04:00
colType = FIREBIRD_TYPES.get(colType, colType)
plugin refactoring - issue #22
2012-07-20 22:17:35 +04:00
column = safeSQLIdentificatorNaming(column)
columns[column] = colType
else:
column = safeSQLIdentificatorNaming(column)
columns[column] = None
if columns:
if conf.db in kb.data.cachedColumns:
kb.data.cachedColumns[safeSQLIdentificatorNaming(conf.db)][safeSQLIdentificatorNaming(tbl, True)] = columns
else:
table[safeSQLIdentificatorNaming(tbl, True)] = columns
kb.data.cachedColumns[safeSQLIdentificatorNaming(conf.db)] = table
if not kb.data.cachedColumns:
lowered gravity
2012-12-18 20:42:03 +04:00
warnMsg = "unable to retrieve column names for "
Minor fixes
2013-02-15 19:48:58 +04:00
warnMsg += ("table '%s' " % unsafeSQLIdentificatorNaming(unArrayizeValue(tblList))) if len(tblList) == 1 else "any table "
lowered gravity
2012-12-18 20:42:03 +04:00
warnMsg += "in database '%s'" % unsafeSQLIdentificatorNaming(conf.db)
logger.warn(warnMsg)
plugin refactoring - issue #22
2012-07-20 22:17:35 +04:00
if bruteForce is None:
return self.getColumns(onlyColNames=onlyColNames, colTuple=colTuple, bruteForce=True)
return kb.data.cachedColumns
def getSchema(self):
infoMsg = "enumerating database management system schema"
logger.info(infoMsg)
pushValue(conf.db)
pushValue(conf.tbl)
pushValue(conf.col)
conf.db = None
conf.tbl = None
conf.col = None
kb.data.cachedTables = {}
kb.data.cachedColumns = {}
self.getTables()
infoMsg = "fetched tables: "
infoMsg += ", ".join(["%s" % ", ".join("%s%s%s" % (unsafeSQLIdentificatorNaming(db), ".." if \
Backend.isDbms(DBMS.MSSQL) or Backend.isDbms(DBMS.SYBASE) \
else ".", unsafeSQLIdentificatorNaming(t)) for t in tbl) for db, tbl in \
kb.data.cachedTables.items()])
logger.info(infoMsg)
for db, tables in kb.data.cachedTables.items():
for tbl in tables:
conf.db = db
conf.tbl = tbl
self.getColumns()
conf.col = popValue()
conf.tbl = popValue()
conf.db = popValue()
return kb.data.cachedColumns
Doing some more style updating (capitalization of exception classes; using _ is enough for private members - __ is used in Python specific methods)
2012-12-06 17:14:19 +04:00
def _tableGetCount(self, db, table):
fixed --count on DB2
2013-01-18 02:13:59 +04:00
if Backend.getIdentifiedDbms() in (DBMS.ORACLE, DBMS.DB2):
db = db.upper()
table = table.upper()
plugin refactoring - issue #22
2012-07-20 22:17:35 +04:00
fixed --count for DBMSes that are single-database
2013-01-19 03:07:16 +04:00
if Backend.getIdentifiedDbms() in (DBMS.SQLITE, DBMS.ACCESS, DBMS.FIREBIRD):
query = "SELECT %s FROM %s" % (queries[Backend.getIdentifiedDbms()].count.query % '*', safeSQLIdentificatorNaming(table, True))
else:
query = "SELECT %s FROM %s.%s" % (queries[Backend.getIdentifiedDbms()].count.query % '*', safeSQLIdentificatorNaming(db), safeSQLIdentificatorNaming(table, True))
plugin refactoring - issue #22
2012-07-20 22:17:35 +04:00
count = inject.getValue(query, expected=EXPECTED.INT, charsetType=CHARSET_TYPE.DIGITS)
if isNumPosStrValue(count):
if safeSQLIdentificatorNaming(db) not in kb.data.cachedCounts:
kb.data.cachedCounts[safeSQLIdentificatorNaming(db)] = {}
if int(count) in kb.data.cachedCounts[safeSQLIdentificatorNaming(db)]:
kb.data.cachedCounts[safeSQLIdentificatorNaming(db)][int(count)].append(safeSQLIdentificatorNaming(table, True))
else:
kb.data.cachedCounts[safeSQLIdentificatorNaming(db)][int(count)] = [safeSQLIdentificatorNaming(table, True)]
def getCount(self):
if not conf.tbl:
warnMsg = "missing table parameter, sqlmap will retrieve "
warnMsg += "the number of entries for all database "
warnMsg += "management system databases' tables"
logger.warn(warnMsg)
elif "." in conf.tbl:
if not conf.db:
conf.db, conf.tbl = conf.tbl.split(".")
no point enumerating current database for --count on some DBMSes
2013-01-19 03:04:28 +04:00
if conf.tbl is not None and conf.db is None and Backend.getIdentifiedDbms() not in (DBMS.SQLITE, DBMS.ACCESS, DBMS.FIREBIRD):
Minor language cleanup
2012-10-04 20:28:36 +04:00
warnMsg = "missing database parameter. sqlmap is going to "
plugin refactoring - issue #22
2012-07-20 22:17:35 +04:00
warnMsg += "use the current database to retrieve the "
warnMsg += "number of entries for table '%s'" % unsafeSQLIdentificatorNaming(conf.tbl)
logger.warn(warnMsg)
conf.db = self.getCurrentDb()
self.forceDbmsEnum()
if conf.tbl:
for table in conf.tbl.split(","):
Doing some more style updating (capitalization of exception classes; using _ is enough for private members - __ is used in Python specific methods)
2012-12-06 17:14:19 +04:00
self._tableGetCount(conf.db, table)
plugin refactoring - issue #22
2012-07-20 22:17:35 +04:00
else:
self.getTables()
for db, tables in kb.data.cachedTables.items():
for table in tables:
Doing some more style updating (capitalization of exception classes; using _ is enough for private members - __ is used in Python specific methods)
2012-12-06 17:14:19 +04:00
self._tableGetCount(db, table)
plugin refactoring - issue #22
2012-07-20 22:17:35 +04:00
return kb.data.cachedCounts
Reference in New Issue Copy Permalink