2013-06-24 17:34:25 +04:00
|
|
|
#!/usr/bin/env python
|
|
|
|
|
|
|
|
"""
|
2014-01-13 21:24:49 +04:00
|
|
|
Copyright (c) 2006-2014 sqlmap developers (http://sqlmap.org/)
|
2013-06-24 17:34:25 +04:00
|
|
|
See the file 'doc/COPYING' for copying permission
|
|
|
|
"""
|
|
|
|
|
|
|
|
import re
|
|
|
|
|
|
|
|
from lib.core.common import Backend
|
|
|
|
from lib.core.common import Format
|
|
|
|
from lib.core.common import unArrayizeValue
|
|
|
|
from lib.core.data import conf
|
|
|
|
from lib.core.data import kb
|
|
|
|
from lib.core.data import logger
|
|
|
|
from lib.core.enums import DBMS
|
|
|
|
from lib.core.session import setDbms
|
2013-07-01 13:57:47 +04:00
|
|
|
from lib.core.settings import HSQLDB_ALIASES
|
2013-06-24 17:34:25 +04:00
|
|
|
from lib.core.settings import UNKNOWN_DBMS_VERSION
|
|
|
|
from lib.request import inject
|
|
|
|
from plugins.generic.fingerprint import Fingerprint as GenericFingerprint
|
|
|
|
|
|
|
|
class Fingerprint(GenericFingerprint):
|
|
|
|
def __init__(self):
|
2013-07-01 13:57:47 +04:00
|
|
|
GenericFingerprint.__init__(self, DBMS.HSQLDB)
|
2013-06-24 17:34:25 +04:00
|
|
|
|
|
|
|
def getFingerprint(self):
|
|
|
|
value = ""
|
|
|
|
wsOsFp = Format.getOs("web server", kb.headersFp)
|
|
|
|
|
|
|
|
if wsOsFp and not hasattr(conf, "api"):
|
|
|
|
value += "%s\n" % wsOsFp
|
|
|
|
|
|
|
|
if kb.data.banner:
|
|
|
|
dbmsOsFp = Format.getOs("back-end DBMS", kb.bannerFp)
|
|
|
|
|
|
|
|
if dbmsOsFp and not hasattr(conf, "api"):
|
|
|
|
value += "%s\n" % dbmsOsFp
|
|
|
|
|
|
|
|
value += "back-end DBMS: "
|
|
|
|
actVer = Format.getDbms()
|
|
|
|
|
|
|
|
if not conf.extensiveFp:
|
|
|
|
value += actVer
|
|
|
|
return value
|
|
|
|
|
|
|
|
blank = " " * 15
|
|
|
|
value += "active fingerprint: %s" % actVer
|
|
|
|
|
|
|
|
if kb.bannerFp:
|
|
|
|
banVer = kb.bannerFp["dbmsVersion"] if 'dbmsVersion' in kb.bannerFp else None
|
|
|
|
|
|
|
|
if re.search("-log$", kb.data.banner):
|
|
|
|
banVer += ", logging enabled"
|
|
|
|
|
|
|
|
banVer = Format.getDbms([banVer] if banVer else None)
|
|
|
|
value += "\n%sbanner parsing fingerprint: %s" % (blank, banVer)
|
|
|
|
|
|
|
|
htmlErrorFp = Format.getErrorParsedDBMSes()
|
|
|
|
|
|
|
|
if htmlErrorFp:
|
|
|
|
value += "\n%shtml error message fingerprint: %s" % (blank, htmlErrorFp)
|
|
|
|
|
|
|
|
return value
|
|
|
|
|
|
|
|
def checkDbms(self):
|
|
|
|
"""
|
|
|
|
References for fingerprint:
|
|
|
|
DATABASE_VERSION()
|
|
|
|
version 2.2.6 added two-arg REPLACE functio REPLACE('a','a') compared to REPLACE('a','a','d')
|
|
|
|
version 2.2.5 added SYSTIMESTAMP function
|
|
|
|
version 2.2.3 added REGEXPR_SUBSTRING and REGEXPR_SUBSTRING_ARRAY functions
|
|
|
|
version 2.2.0 added support for ROWNUM() function
|
|
|
|
version 2.1.0 added MEDIAN aggregate function
|
|
|
|
version < 2.0.1 added support for datetime ROUND and TRUNC functions
|
|
|
|
version 2.0.0 added VALUES support
|
2013-07-01 13:57:47 +04:00
|
|
|
version 1.8.0.4 Added org.hsqldbdb.Library function, getDatabaseFullProductVersion to return the
|
2013-06-24 17:34:25 +04:00
|
|
|
full version string, including the 4th digit (e.g 1.8.0.4).
|
|
|
|
version 1.7.2 CASE statements added and INFORMATION_SCHEMA
|
2014-08-20 23:07:19 +04:00
|
|
|
|
2013-06-24 17:34:25 +04:00
|
|
|
"""
|
|
|
|
|
2013-07-01 13:57:47 +04:00
|
|
|
if not conf.extensiveFp and (Backend.isDbmsWithin(HSQLDB_ALIASES) \
|
2014-08-30 23:53:09 +04:00
|
|
|
or (conf.dbms or "").lower() in HSQLDB_ALIASES) and Backend.getVersion() and \
|
2013-06-24 17:34:25 +04:00
|
|
|
Backend.getVersion() != UNKNOWN_DBMS_VERSION:
|
|
|
|
v = Backend.getVersion().replace(">", "")
|
|
|
|
v = v.replace("=", "")
|
|
|
|
v = v.replace(" ", "")
|
|
|
|
|
|
|
|
Backend.setVersion(v)
|
|
|
|
|
2013-07-01 13:57:47 +04:00
|
|
|
setDbms("%s %s" % (DBMS.HSQLDB, Backend.getVersion()))
|
2013-06-24 17:34:25 +04:00
|
|
|
|
|
|
|
if Backend.isVersionGreaterOrEqualThan("1.7.2"):
|
|
|
|
kb.data.has_information_schema = True
|
|
|
|
|
|
|
|
self.getBanner()
|
|
|
|
|
|
|
|
return True
|
|
|
|
|
2013-07-01 13:57:47 +04:00
|
|
|
infoMsg = "testing %s" % DBMS.HSQLDB
|
2013-06-24 17:34:25 +04:00
|
|
|
logger.info(infoMsg)
|
|
|
|
|
2013-07-01 14:05:02 +04:00
|
|
|
result = inject.checkBooleanExpression("CASEWHEN(1=1,1,0)=1")
|
2013-06-24 17:34:25 +04:00
|
|
|
|
|
|
|
if result:
|
2013-07-01 13:57:47 +04:00
|
|
|
infoMsg = "confirming %s" % DBMS.HSQLDB
|
2013-06-24 17:34:25 +04:00
|
|
|
logger.info(infoMsg)
|
|
|
|
|
|
|
|
result = inject.checkBooleanExpression("ROUNDMAGIC(PI())>=3")
|
|
|
|
|
|
|
|
if not result:
|
2013-07-01 13:57:47 +04:00
|
|
|
warnMsg = "the back-end DBMS is not %s" % DBMS.HSQLDB
|
2013-06-24 17:34:25 +04:00
|
|
|
logger.warn(warnMsg)
|
|
|
|
|
|
|
|
return False
|
|
|
|
else:
|
|
|
|
kb.data.has_information_schema = True
|
|
|
|
Backend.setVersion(">= 1.7.2")
|
2013-07-01 13:57:47 +04:00
|
|
|
setDbms("%s 1.7.2" % DBMS.HSQLDB)
|
2013-06-24 17:34:25 +04:00
|
|
|
|
|
|
|
banner = self.getBanner()
|
|
|
|
if banner:
|
|
|
|
Backend.setVersion("= %s" % banner)
|
|
|
|
else:
|
|
|
|
if inject.checkBooleanExpression("(SELECT [RANDNUM] FROM (VALUES(0)))=[RANDNUM]"):
|
2013-06-24 18:12:37 +04:00
|
|
|
Backend.setVersionList([">= 2.0.0", "< 2.3.0"])
|
2013-06-24 17:34:25 +04:00
|
|
|
else:
|
2013-07-01 13:57:47 +04:00
|
|
|
banner = unArrayizeValue(inject.getValue("\"org.hsqldbdb.Library.getDatabaseFullProductVersion\"()", safeCharEncode=True))
|
2013-06-24 17:34:25 +04:00
|
|
|
if banner:
|
|
|
|
Backend.setVersion("= %s" % banner)
|
|
|
|
else:
|
|
|
|
Backend.setVersionList([">= 1.7.2", "< 1.8.0"])
|
|
|
|
|
|
|
|
return True
|
|
|
|
else:
|
2014-09-04 01:09:10 +04:00
|
|
|
warnMsg = "the back-end DBMS is not %s or version is < 1.7.2" % DBMS.HSQLDB
|
2013-06-24 17:34:25 +04:00
|
|
|
logger.warn(warnMsg)
|
|
|
|
|
|
|
|
return False
|
2013-07-01 14:05:02 +04:00
|
|
|
|
|
|
|
def getHostname(self):
|
2013-07-01 15:01:53 +04:00
|
|
|
warnMsg = "on HSQLDB it is not possible to enumerate the hostname"
|
2013-07-01 14:05:02 +04:00
|
|
|
logger.warn(warnMsg)
|