sqlmapproject/sqlmap
1
1
Fork 0
mirror of https://github.com/sqlmapproject/sqlmap.git synced 2025-02-16 19:40:37 +03:00
Code Issues Packages Projects Releases Wiki Activity

Refactoring MySQL fingeprint.py (those payloads are now stored into session file too)

Browse Source
This commit is contained in:
Miroslav Stampar 2013-02-04 15:12:03 +01:00
parent 5a8f94a1e1
commit 0cc6e68be2
1 changed files with 9 additions and 13 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

22
plugins/dbms/mysql/fingerprint.py
View File

@ -30,8 +30,7 @@ class Fingerprint(GenericFingerprint):
infoMsg = "executing %s comment injection fingerprint" % DBMS.MYSQL infoMsg = "executing %s comment injection fingerprint" % DBMS.MYSQL
logger.info(infoMsg) logger.info(infoMsg)
randInt = randomInt() result = inject.checkBooleanExpression("[RANDNUM]=[RANDNUM]/* NoValue */")
result = inject.checkBooleanExpression("%d=%d/* NoValue */" % (randInt, randInt))
if not result: if not result:
warnMsg = "unable to perform %s comment injection" % DBMS.MYSQL warnMsg = "unable to perform %s comment injection" % DBMS.MYSQL
@ -57,9 +56,8 @@ class Fingerprint(GenericFingerprint):
for i in xrange(len(versions)): for i in xrange(len(versions)):
element = versions[i] element = versions[i]
version = element[0] version = element[0]
randInt = randomInt()
version = getUnicode(version) version = getUnicode(version)
result = inject.checkBooleanExpression("%d=%d/*!%s AND %d=%d*/" % (randInt, randInt, version, randInt, randInt + 1)) result = inject.checkBooleanExpression("[RANDNUM]=[RANDNUM]/*!%s AND [RANDNUM1]=[RANDNUM2]*/" % version)
if result: if result:
break break
@ -70,9 +68,8 @@ class Fingerprint(GenericFingerprint):
prevVer = None prevVer = None
for version in xrange(versions[index][0], versions[index][1] + 1): for version in xrange(versions[index][0], versions[index][1] + 1):
randInt = randomInt()
version = getUnicode(version) version = getUnicode(version)
result = inject.checkBooleanExpression("%d=%d/*!%s AND %d=%d*/" % (randInt, randInt, version, randInt, randInt + 1)) result = inject.checkBooleanExpression("[RANDNUM]=[RANDNUM]/*!%s AND [RANDNUM1]=[RANDNUM2]*/" % version)
if result: if result:
if not prevVer: if not prevVer:
@ -167,7 +164,6 @@ class Fingerprint(GenericFingerprint):
infoMsg = "testing %s" % DBMS.MYSQL infoMsg = "testing %s" % DBMS.MYSQL
logger.info(infoMsg) logger.info(infoMsg)
randInt = getUnicode(randomInt(1))
result = inject.checkBooleanExpression("QUARTER(NULL) IS NULL") result = inject.checkBooleanExpression("QUARTER(NULL) IS NULL")
if result: if result:
@ -186,7 +182,7 @@ class Fingerprint(GenericFingerprint):
# Reference: http://bugs.mysql.com/bug.php?id=15855 # Reference: http://bugs.mysql.com/bug.php?id=15855
# Determine if it is MySQL >= 5.0.0 # Determine if it is MySQL >= 5.0.0
if inject.checkBooleanExpression("ISNULL(TIMESTAMPADD(MINUTE,%s,%s))" % (randInt, randInt)): if inject.checkBooleanExpression("ISNULL(TIMESTAMPADD(MINUTE,[RANDNUM],[RANDNUM]))"):
kb.data.has_information_schema = True kb.data.has_information_schema = True
Backend.setVersion(">= 5.0.0") Backend.setVersion(">= 5.0.0")
setDbms("%s 5" % DBMS.MYSQL) setDbms("%s 5" % DBMS.MYSQL)
@ -204,13 +200,13 @@ class Fingerprint(GenericFingerprint):
# Check if it is MySQL >= 5.1.2 and < 5.5.0 # Check if it is MySQL >= 5.1.2 and < 5.5.0
elif inject.checkBooleanExpression("@@table_open_cache=@@table_open_cache"): elif inject.checkBooleanExpression("@@table_open_cache=@@table_open_cache"):
if inject.checkBooleanExpression("%s=(SELECT %s FROM information_schema.GLOBAL_STATUS LIMIT 0, 1)" % (randInt, randInt)): if inject.checkBooleanExpression("[RANDNUM]=(SELECT [RANDNUM] FROM information_schema.GLOBAL_STATUS LIMIT 0, 1)"):
Backend.setVersionList([">= 5.1.12", "< 5.5.0"]) Backend.setVersionList([">= 5.1.12", "< 5.5.0"])
elif inject.checkBooleanExpression("%s=(SELECT %s FROM information_schema.PROCESSLIST LIMIT 0, 1)" % (randInt, randInt)): elif inject.checkBooleanExpression("[RANDNUM]=(SELECT [RANDNUM] FROM information_schema.PROCESSLIST LIMIT 0, 1)"):
Backend.setVersionList([">= 5.1.7", "< 5.1.12"]) Backend.setVersionList([">= 5.1.7", "< 5.1.12"])
elif inject.checkBooleanExpression("%s=(SELECT %s FROM information_schema.PARTITIONS LIMIT 0, 1)" % (randInt, randInt)): elif inject.checkBooleanExpression("[RANDNUM]=(SELECT [RANDNUM] FROM information_schema.PARTITIONS LIMIT 0, 1)"):
Backend.setVersion("= 5.1.6") Backend.setVersion("= 5.1.6")
elif inject.checkBooleanExpression("%s=(SELECT %s FROM information_schema.PLUGINS LIMIT 0, 1)" % (randInt, randInt)): elif inject.checkBooleanExpression("[RANDNUM]=(SELECT [RANDNUM] FROM information_schema.PLUGINS LIMIT 0, 1)"):
Backend.setVersionList([">= 5.1.5", "< 5.1.6"]) Backend.setVersionList([">= 5.1.5", "< 5.1.6"])
else: else:
Backend.setVersionList([">= 5.1.2", "< 5.1.5"]) Backend.setVersionList([">= 5.1.2", "< 5.1.5"])
@ -220,7 +216,7 @@ class Fingerprint(GenericFingerprint):
Backend.setVersionList([">= 5.0.38", "< 5.1.2"]) Backend.setVersionList([">= 5.0.38", "< 5.1.2"])
elif inject.checkBooleanExpression("@@character_set_filesystem=@@character_set_filesystem"): elif inject.checkBooleanExpression("@@character_set_filesystem=@@character_set_filesystem"):
Backend.setVersionList([">= 5.0.19", "< 5.0.38"]) Backend.setVersionList([">= 5.0.19", "< 5.0.38"])
elif not inject.checkBooleanExpression("%s=(SELECT %s FROM DUAL WHERE %s!=%s)" % (randInt, randInt, randInt, randInt)): elif not inject.checkBooleanExpression("[RANDNUM]=(SELECT [RANDNUM] FROM DUAL WHERE [RANDNUM1]!=[RANDNUM2])"):
Backend.setVersionList([">= 5.0.11", "< 5.0.19"]) Backend.setVersionList([">= 5.0.11", "< 5.0.19"])
elif inject.checkBooleanExpression("@@div_precision_increment=@@div_precision_increment"): elif inject.checkBooleanExpression("@@div_precision_increment=@@div_precision_increment"):
Backend.setVersionList([">= 5.0.6", "< 5.0.11"]) Backend.setVersionList([">= 5.0.6", "< 5.0.11"])