sqlmapproject/sqlmap
1
1
Fork 0
mirror of https://github.com/sqlmapproject/sqlmap.git synced 2024-11-22 09:36:35 +03:00
Code Issues Packages Projects Releases Wiki Activity

minor cosmetic update

Browse Source
This commit is contained in:
Miroslav Stampar 2010-10-11 13:52:32 +00:00
parent 43892cddbb
commit 1369529103
6 changed files with 65 additions and 56 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

55
lib/request/inject.py
View File

@ -31,6 +31,8 @@ from lib.core.common import cleanQuery
from lib.core.common import dataToSessionFile
from lib.core.common import expandAsteriskForColumns
from lib.core.common import parseUnionPage
from lib.core.common import popValue
from lib.core.common import pushValue
from lib.core.common import readInput
from lib.core.data import conf
from lib.core.data import kb
@ -339,7 +341,7 @@ def __goInband(expression, expected=None, sort=True, resumeValue=True, unpack=Tr
return data
def getValue(expression, blind=True, inband=True, fromUser=False, expected=None, batch=False, unpack=True, sort=True, resumeValue=True, charsetType=None, firstChar=None, lastChar=None, dump=False):
def getValue(expression, blind=True, inband=True, fromUser=False, expected=None, batch=False, unpack=True, sort=True, resumeValue=True, charsetType=None, firstChar=None, lastChar=None, dump=False, suppressOutput=False):
"""
Called each time sqlmap inject a SQL query on the SQL injection
affected parameter. It can call a function to retrieve the output
@ -347,37 +349,44 @@ def getValue(expression, blind=True, inband=True, fromUser=False, expected=None,
(if selected).
"""
if suppressOutput:
pushValue(conf.verbose)
conf.verbose = 0
if conf.direct:
return direct(expression)
value = direct(expression)
else:
expression = cleanQuery(expression)
expression = expandAsteriskForColumns(expression)
value = None
expression = cleanQuery(expression)
expression = expandAsteriskForColumns(expression)
value = None
expression = expression.replace("DISTINCT ", "")
expression = expression.replace("DISTINCT ", "")
if inband and kb.unionPosition:
value = __goInband(expression, expected, sort, resumeValue, unpack, dump)
if inband and kb.unionPosition:
value = __goInband(expression, expected, sort, resumeValue, unpack, dump)
if not value:
warnMsg = "for some reasons it was not possible to retrieve "
warnMsg += "the query output through inband SQL injection "
warnMsg += "technique, sqlmap is going blind"
logger.warn(warnMsg)
if not value:
warnMsg = "for some reasons it was not possible to retrieve "
warnMsg += "the query output through inband SQL injection "
warnMsg += "technique, sqlmap is going blind"
logger.warn(warnMsg)
oldParamFalseCond = kb.unionFalseCond
oldParamNegative = kb.unionNegative
kb.unionFalseCond = False
kb.unionNegative = False
oldParamFalseCond = kb.unionFalseCond
oldParamNegative = kb.unionNegative
kb.unionFalseCond = False
kb.unionNegative = False
if blind and not value:
value = __goInferenceProxy(expression, fromUser, expected, batch, resumeValue, unpack, charsetType, firstChar, lastChar)
if blind and not value:
value = __goInferenceProxy(expression, fromUser, expected, batch, resumeValue, unpack, charsetType, firstChar, lastChar)
kb.unionFalseCond = oldParamFalseCond
kb.unionNegative = oldParamNegative
kb.unionFalseCond = oldParamFalseCond
kb.unionNegative = oldParamNegative
if value and isinstance(value, basestring):
value = value.strip()
if value and isinstance(value, basestring):
value = value.strip()
if suppressOutput:
conf.verbose = popValue()
return value

4
plugins/dbms/mssqlserver/fingerprint.py
View File

@ -194,7 +194,7 @@ class Fingerprint(GenericFingerprint):
query += "LIKE '%Windows NT " + data[0] + "%')>0"
query = agent.forgeCaseStatement(query)
if inject.getValue(query, charsetType=1) == "1":
if inject.getValue(query, charsetType=1, suppressOutput=True) == "1":
kb.osVersion = version
infoMsg += " %s" % kb.osVersion
@ -221,7 +221,7 @@ class Fingerprint(GenericFingerprint):
query += "LIKE '%Service Pack " + getUnicode(sp) + "%')>0"
query = agent.forgeCaseStatement(query)
if inject.getValue(query, charsetType=1) == "1":
if inject.getValue(query, charsetType=1, suppressOutput=True) == "1":
kb.osSP = sp
break

32
plugins/dbms/mysql/fingerprint.py
View File

@ -187,7 +187,7 @@ class Fingerprint(GenericFingerprint):
return False
# Determine if it is MySQL >= 5.0.0
if inject.getValue("SELECT %s FROM information_schema.TABLES LIMIT 0, 1" % randInt, charsetType=2) == randInt:
if inject.getValue("SELECT %s FROM information_schema.TABLES LIMIT 0, 1" % randInt, charsetType=2, suppressOutput=True) == randInt:
kb.data.has_information_schema = True
kb.dbmsVersion = [">= 5.0.0"]
@ -199,28 +199,28 @@ class Fingerprint(GenericFingerprint):
return True
# Check if it is MySQL >= 5.5.0
if inject.getValue("SELECT MID(TO_SECONDS(950501), 1, 1)", unpack=False, charsetType=2) == "6":
if inject.getValue("SELECT MID(TO_SECONDS(950501), 1, 1)", unpack=False, charsetType=2, suppressOutput=True) == "6":
kb.dbmsVersion = [">= 5.5.0"]
# Check if it is MySQL >= 5.1.2 and < 5.5.0
elif inject.getValue("SELECT MID(@@table_open_cache, 1, 1)", unpack=False):
if inject.getValue("SELECT %s FROM information_schema.GLOBAL_STATUS LIMIT 0, 1" % randInt, unpack=False, charsetType=2) == randInt:
if inject.getValue("SELECT %s FROM information_schema.GLOBAL_STATUS LIMIT 0, 1" % randInt, unpack=False, charsetType=2, suppressOutput=True) == randInt:
kb.dbmsVersion = [">= 5.1.12", "< 5.5.0"]
elif inject.getValue("SELECT %s FROM information_schema.PROCESSLIST LIMIT 0, 1" % randInt, unpack=False, charsetType=2) == randInt:
elif inject.getValue("SELECT %s FROM information_schema.PROCESSLIST LIMIT 0, 1" % randInt, unpack=False, charsetType=2, suppressOutput=True) == randInt:
kb.dbmsVersion = [">= 5.1.7", "< 5.1.12"]
elif inject.getValue("SELECT %s FROM information_schema.PARTITIONS LIMIT 0, 1" % randInt, unpack=False, charsetType=2) == randInt:
elif inject.getValue("SELECT %s FROM information_schema.PARTITIONS LIMIT 0, 1" % randInt, unpack=False, charsetType=2, suppressOutput=True) == randInt:
kb.dbmsVersion = ["= 5.1.6"]
elif inject.getValue("SELECT %s FROM information_schema.PLUGINS LIMIT 0, 1" % randInt, unpack=False, charsetType=2) == randInt:
elif inject.getValue("SELECT %s FROM information_schema.PLUGINS LIMIT 0, 1" % randInt, unpack=False, charsetType=2, suppressOutput=True) == randInt:
kb.dbmsVersion = [">= 5.1.5", "< 5.1.6"]
else:
kb.dbmsVersion = [">= 5.1.2", "< 5.1.5"]
# Check if it is MySQL >= 5.0.0 and < 5.1.2
elif inject.getValue("SELECT MID(@@hostname, 1, 1)", unpack=False):
elif inject.getValue("SELECT MID(@@hostname, 1, 1)", unpack=False, suppressOutput=True):
kb.dbmsVersion = [">= 5.0.38", "< 5.1.2"]
elif inject.getValue("SELECT 1 FROM DUAL", charsetType=1) == "1":
elif inject.getValue("SELECT 1 FROM DUAL", charsetType=1, suppressOutput=True) == "1":
kb.dbmsVersion = [">= 5.0.11", "< 5.0.38"]
elif inject.getValue("SELECT DATABASE() LIKE SCHEMA()"):
elif inject.getValue("SELECT DATABASE() LIKE SCHEMA()", suppressOutput=True):
kb.dbmsVersion = [">= 5.0.2", "< 5.0.11"]
else:
kb.dbmsVersion = [">= 5.0.0", "<= 5.0.1"]
@ -237,24 +237,24 @@ class Fingerprint(GenericFingerprint):
return True
# Check which version of MySQL < 5.0.0 it is
coercibility = inject.getValue("SELECT COERCIBILITY(USER())")
coercibility = inject.getValue("SELECT COERCIBILITY(USER())", suppressOutput=True)
if coercibility == "3":
kb.dbmsVersion = [">= 4.1.11", "< 5.0.0"]
elif coercibility == "2":
kb.dbmsVersion = [">= 4.1.1", "< 4.1.11"]
elif inject.getValue("SELECT CURRENT_USER()"):
elif inject.getValue("SELECT CURRENT_USER()", suppressOutput=True):
kb.dbmsVersion = [">= 4.0.6", "< 4.1.1"]
if inject.getValue("SELECT CHARSET(CURRENT_USER())") == "utf8":
if inject.getValue("SELECT CHARSET(CURRENT_USER())", suppressOutput=True) == "utf8":
kb.dbmsVersion = ["= 4.1.0"]
else:
kb.dbmsVersion = [">= 4.0.6", "< 4.1.0"]
elif inject.getValue("SELECT FOUND_ROWS()", charsetType=1) == "0":
elif inject.getValue("SELECT FOUND_ROWS()", charsetType=1, suppressOutput=True) == "0":
kb.dbmsVersion = [">= 4.0.0", "< 4.0.6"]
elif inject.getValue("SELECT CONNECTION_ID()"):
elif inject.getValue("SELECT CONNECTION_ID()", suppressOutput=True):
kb.dbmsVersion = [">= 3.23.14", "< 4.0.0"]
elif re.search("@[\w\.\-\_]+", inject.getValue("SELECT USER()")):
elif re.search("@[\w\.\-\_]+", inject.getValue("SELECT USER()", suppressOutput=True)):
kb.dbmsVersion = [">= 3.22.11", "< 3.23.14"]
else:
kb.dbmsVersion = ["< 3.22.11"]
@ -273,7 +273,7 @@ class Fingerprint(GenericFingerprint):
infoMsg = "fingerprinting the back-end DBMS operating system"
logger.info(infoMsg)
datadirSubstr = inject.getValue("SELECT MID(@@datadir, 1, 1)", unpack=False)
datadirSubstr = inject.getValue("SELECT MID(@@datadir, 1, 1)", unpack=False, suppressOutput=True)
if datadirSubstr == "/":
kb.os = "Linux"

2
plugins/dbms/oracle/fingerprint.py
View File

@ -123,7 +123,7 @@ class Fingerprint(GenericFingerprint):
return True
query = "SELECT SUBSTR((VERSION), 1, 2) FROM SYS.PRODUCT_COMPONENT_VERSION WHERE ROWNUM=1"
version = inject.getValue(query, unpack=False)
version = inject.getValue(query, unpack=False, suppressOutput=True)
if re.search("^11", version):
kb.dbmsVersion = ["11i"]

26
plugins/dbms/postgresql/fingerprint.py
View File

@ -123,33 +123,33 @@ class Fingerprint(GenericFingerprint):
if not conf.extensiveFp:
return True
if inject.getValue("SELECT DIV(6, 3)", unpack=False, charsetType=2) == "2":
if inject.getValue("SELECT DIV(6, 3)", unpack=False, charsetType=2, suppressOutput=True) == "2":
kb.dbmsVersion = [">= 8.4.0"]
elif inject.getValue("SELECT SUBSTR(TRANSACTION_TIMESTAMP()::text, 1, 1)", unpack=False, charsetType=2) in ( "1", "2" ) and not inject.getValue("SELECT SUBSTR(TRANSACTION_TIMESTAMP(), 1, 1)", unpack=False, charsetType=2) in ( "1", "2" ):
elif inject.getValue("SELECT SUBSTR(TRANSACTION_TIMESTAMP()::text, 1, 1)", unpack=False, charsetType=2, suppressOutput=True) in ( "1", "2" ) and not inject.getValue("SELECT SUBSTR(TRANSACTION_TIMESTAMP(), 1, 1)", unpack=False, charsetType=2, suppressOutput=True) in ( "1", "2" ):
kb.dbmsVersion = [">= 8.3.0", "< 8.4"]
elif inject.getValue("SELECT SUBSTR(TRANSACTION_TIMESTAMP(), 1, 1)", unpack=False, charsetType=2):
elif inject.getValue("SELECT SUBSTR(TRANSACTION_TIMESTAMP(), 1, 1)", unpack=False, charsetType=2, suppressOutput=True):
kb.dbmsVersion = [">= 8.2.0", "< 8.3.0"]
elif inject.getValue("SELECT GREATEST(5, 9, 1)", unpack=False, charsetType=2) == "9":
elif inject.getValue("SELECT GREATEST(5, 9, 1)", unpack=False, charsetType=2, suppressOutput=True) == "9":
kb.dbmsVersion = [">= 8.1.0", "< 8.2.0"]
elif inject.getValue("SELECT WIDTH_BUCKET(5.35, 0.024, 10.06, 5)", unpack=False, charsetType=2) == "3":
elif inject.getValue("SELECT WIDTH_BUCKET(5.35, 0.024, 10.06, 5)", unpack=False, charsetType=2, suppressOutput=True) == "3":
kb.dbmsVersion = [">= 8.0.0", "< 8.1.0"]
elif inject.getValue("SELECT SUBSTR(MD5('sqlmap'), 1, 1)", unpack=False):
elif inject.getValue("SELECT SUBSTR(MD5('sqlmap'), 1, 1)", unpack=False, suppressOutput=True):
kb.dbmsVersion = [">= 7.4.0", "< 8.0.0"]
elif inject.getValue("SELECT SUBSTR(CURRENT_SCHEMA(), 1, 1)", unpack=False) == "p":
elif inject.getValue("SELECT SUBSTR(CURRENT_SCHEMA(), 1, 1)", unpack=False, suppressOutput=True) == "p":
kb.dbmsVersion = [">= 7.3.0", "< 7.4.0"]
elif inject.getValue("SELECT BIT_LENGTH(1)") == "8":
kb.dbmsVersion = [">= 7.2.0", "< 7.3.0"]
elif inject.getValue("SELECT SUBSTR(QUOTE_LITERAL('a'), 2, 1)", unpack=False) == "a":
elif inject.getValue("SELECT SUBSTR(QUOTE_LITERAL('a'), 2, 1)", unpack=False, suppressOutput=True) == "a":
kb.dbmsVersion = [">= 7.1.0", "< 7.2.0"]
elif inject.getValue("SELECT POW(2, 3)", unpack=False, charsetType=2) == "8":
elif inject.getValue("SELECT POW(2, 3)", unpack=False, charsetType=2, suppressOutput=True) == "8":
kb.dbmsVersion = [">= 7.0.0", "< 7.1.0"]
elif inject.getValue("SELECT MAX('a')") == "a":
kb.dbmsVersion = [">= 6.5.0", "< 6.5.3"]
elif re.search("([\d\.]+)", inject.getValue("SELECT SUBSTR(VERSION(), 12, 5)", unpack=False)):
elif re.search("([\d\.]+)", inject.getValue("SELECT SUBSTR(VERSION(), 12, 5)", unpack=False, suppressOutput=True)):
kb.dbmsVersion = [">= 6.4.0", "< 6.5.0"]
elif inject.getValue("SELECT SUBSTR(CURRENT_DATE, 1, 1)", unpack=False, charsetType=2) == "2":
elif inject.getValue("SELECT SUBSTR(CURRENT_DATE, 1, 1)", unpack=False, charsetType=2, suppressOutput=True) == "2":
kb.dbmsVersion = [">= 6.3.0", "< 6.4.0"]
elif inject.getValue("SELECT SUBSTRING('sqlmap', 1, 1)", unpack=False) == "s":
elif inject.getValue("SELECT SUBSTRING('sqlmap', 1, 1)", unpack=False, suppressOutput=True) == "s":
kb.dbmsVersion = [">= 6.2.0", "< 6.3.0"]
else:
kb.dbmsVersion = ["< 6.2.0"]
@ -180,7 +180,7 @@ class Fingerprint(GenericFingerprint):
query += "LIKE '%" + osPattern + "%')>0"
query = agent.forgeCaseStatement(query)
if inject.getValue(query, charsetType=1) == "1":
if inject.getValue(query, charsetType=1, suppressOutput=True) == "1":
kb.os = "Windows"
break

2
plugins/dbms/sqlite/fingerprint.py
View File

@ -117,7 +117,7 @@ class Fingerprint(GenericFingerprint):
if not conf.extensiveFp:
return True
version = inject.getValue("SELECT SUBSTR((SQLITE_VERSION()), 1, 1)", unpack=False, charsetType=2)
version = inject.getValue("SELECT SUBSTR((SQLITE_VERSION()), 1, 1)", unpack=False, charsetType=2, suppressOutput=True)
kb.dbmsVersion = [ version ]
return True