diff --git a/data/txt/sha256sums.txt b/data/txt/sha256sums.txt index 747504173..c12ca4c71 100644 --- a/data/txt/sha256sums.txt +++ b/data/txt/sha256sums.txt @@ -161,18 +161,18 @@ eed1db5da17eca4c65a8f999166e2246eef84397687ae820bbe4984ef65a09df extra/vulnserv 96a39b4e3a9178e4e8285d5acd00115460cc1098ef430ab7573fc8194368da5c lib/controller/action.py fad6640f60eac8ad1b65895cbccc39154864843a2a0b0f2ac596d3227edcd4f6 lib/controller/checks.py 34e9cf166e21ce991b61ca7695c43c892e8425f7e1228daec8cadd38f786acc6 lib/controller/controller.py -1947e6c69fbc2bdce91d2836e5c9c9535e397e9271ae4b4ef922f7a01857df5e lib/controller/handler.py +25e9781a4285f1161a39a17bb1746ddd0e28cdf9d4c6744235c619e7b8352afe lib/controller/handler.py 4608f21a4333c162ab3c266c903fda4793cc5834de30d06affe9b7566dd09811 lib/controller/__init__.py 216c9399853b7454d36dcb552baf9f1169ec7942897ddc46504684325cb6ce00 lib/core/agent.py 440cbab6161f466158c63f0ee97873254655f670ca990fa26bdd0a6e54c42c2a lib/core/bigarray.py -8920eb3115ecd25933084af986f453362aa55a4bd15bfb9e75673239bd206acc lib/core/common.py +e3b8f8cf9607d12f3de5e6bcd5031f21f50d4b331844b8e921493dfde2efe0f7 lib/core/common.py d53a8aecab8af8b8da4dc1c74d868f70a38770d34b1fa50cae4532cae7ce1c87 lib/core/compat.py ebe518089733722879f5a13e73020ebe55d46fb7410cacf292ca4ea1d9d1c56a lib/core/convert.py ae500647c4074681749735a4f3b17b7eca44868dd3f39f9cab0a575888ba04a1 lib/core/data.py a051955f483b281344ae16ecc1d26f77ea915db0a77a7b62c1a5b80feb2d4d87 lib/core/datatype.py 1e4e4cb64c0102a6ef07813c5a6b6c74d50f27d1a084f47067d01e382cf32190 lib/core/decorators.py d573a37bb00c8b65f75b275aa92549683180fb209b75fd0ff3870e3848939900 lib/core/defaults.py -1ad21a1e631f26b2ecc9c73f93218e9765de8d1a9dcc6d3c3ffe9f78ab8446d8 lib/core/dicts.py +ce6e1c1766acd95168f7708ddcacaa4a586c21ffc9e92024c4715611c802b60c lib/core/dicts.py c9d1f64648062d7962caf02c4e2e7d84e8feb2a14451146f627112aae889afcd lib/core/dump.py 9187819a6fd55f4b9a64c6df1a9b4094718d453906fc6eeda541c8880b3b62c4 lib/core/enums.py 00a9b29caa81fe4a5ef145202f9c92e6081f90b2a85cd76c878d520d900ad856 lib/core/exception.py @@ -187,7 +187,7 @@ c4bfb493a03caf84dd362aec7c248097841de804b7413d0e1ecb8a90c8550bc0 lib/core/readl d1bd70c1a55858495c727fbec91e30af267459c8f64d50fabf9e4ee2c007e920 lib/core/replication.py 1d0f80b0193ac5204527bfab4bde1a7aee0f693fd008e86b4b29f606d1ef94f3 lib/core/revision.py d2eb8e4b05ac93551272b3d4abfaf5b9f2d3ac92499a7704c16ed0b4f200db38 lib/core/session.py -fc8dda2955bde84ad8634ccfa26b962b62d452bb60cf447038cee1e5773c5344 lib/core/settings.py +7904240fb93be61e6fcf999a40d5ae60b8110a305b0f664580949b6987ec4744 lib/core/settings.py 1c5eab9494eb969bc9ce118a2ea6954690c6851cbe54c18373c723b99734bf09 lib/core/shell.py 4eea6dcf023e41e3c64b210cb5c2efc7ca893b727f5e49d9c924f076bb224053 lib/core/subprocessng.py cdd352e1331c6b535e780f6edea79465cb55af53aa2114dcea0e8bf382e56d1a lib/core/target.py @@ -243,7 +243,7 @@ dca6a14d7e30f8d320cc972620402798b493528a0ad7bd98a7f38327cea04e20 lib/techniques e41d96b1520e30bd4ce13adfcf52e11d3a5ea75c0b2d7612958d0054be889763 lib/utils/api.py af67d25e8c16b429a5b471d3c629dc1da262262320bf7cd68465d151c02def16 lib/utils/brute.py 828940a8eefda29c9eb271c21f29e2c4d1d428ccf0dcc6380e7ee6740300ec55 lib/utils/crawler.py -bfb4ea118e881d60c42552d883940ca5cca4e2a406686a2836e0739ed863a6a4 lib/utils/deps.py +56b93ba38f127929346f54aa75af0db5f46f9502b16acfe0d674a209de6cad2d lib/utils/deps.py 3aca7632d53ab2569ddef876a1b90f244640a53e19b304c77745f8ddb15e6437 lib/utils/getch.py e67aa754b7eeb6ec233c27f7d515e10b6607448056a1daba577936d765551636 lib/utils/har.py 00135cf61f1cfe79d7be14c526f84a841ad22e736db04e4fe087baeb4c22dc0d lib/utils/hashdb.py @@ -402,7 +402,7 @@ b7aa7bf8b1f9ba38597bae7fc8bf436b111eeb5ee6a4ad0a977e56dca88a4afc plugins/dbms/m 88daad9cf2f62757949cb27128170f33268059e2f0a05d3bd9f75417b99149de plugins/dbms/mysql/__init__.py 20108fe32ae3025036aa02b4702c4eda81db01c04a2e0e2e4494d8f1b1717eca plugins/dbms/mysql/syntax.py 91f34b67fe3ad5bfa6eae5452a007f97f78b7af000457e9d1c75f4d0207f3d39 plugins/dbms/mysql/takeover.py -125966162396ef4084d70fac1c03e25959a6ccebacd8274bda69b7bebf82b9d5 plugins/dbms/oracle/connector.py +4b04646298dfe366c401001ab77893bcd342d34211aec1164c6c92757a66f5f4 plugins/dbms/oracle/connector.py 8866391a951e577d2b38b58b970774d38fb09f930fa4f6d27f41af40c06987c1 plugins/dbms/oracle/enumeration.py 5ca9f30cd44d63e2a06528da15643621350d44dc6be784bf134653a20b51efef plugins/dbms/oracle/filesystem.py b1c939e3728fe4a739de474edb88583b7e16297713147ca2ea64cac8edf2bdf5 plugins/dbms/oracle/fingerprint.py diff --git a/lib/controller/handler.py b/lib/controller/handler.py index 9d69be5a1..fdc203365 100644 --- a/lib/controller/handler.py +++ b/lib/controller/handler.py @@ -6,6 +6,8 @@ See the file 'LICENSE' for copying permission """ from lib.core.common import Backend +from lib.core.common import getSafeExString +from lib.core.common import singleTimeWarnMessage from lib.core.data import conf from lib.core.data import kb from lib.core.dicts import DBMS_DICT @@ -173,7 +175,8 @@ def setHandler(): conf.dbmsConnector.connect() except Exception as ex: if exception: - raise exception + singleTimeWarnMessage(getSafeExString(exception)) + raise else: if not isinstance(ex, NameError): raise diff --git a/lib/core/common.py b/lib/core/common.py index d54dd1b8c..83d807f34 100644 --- a/lib/core/common.py +++ b/lib/core/common.py @@ -1683,11 +1683,7 @@ def parseTargetDirect(): elif dbmsName == DBMS.PGSQL: __import__("psycopg2") elif dbmsName == DBMS.ORACLE: - __import__("cx_Oracle") - - # Reference: http://itsiti.com/ora-28009-connection-sys-sysdba-sysoper - if (conf.dbmsUser or "").upper() == "SYS": - conf.direct = "%s?mode=SYSDBA" % conf.direct + __import__("oracledb") elif dbmsName == DBMS.SQLITE: __import__("sqlite3") elif dbmsName == DBMS.ACCESS: diff --git a/lib/core/dicts.py b/lib/core/dicts.py index c4043381c..8d929e421 100644 --- a/lib/core/dicts.py +++ b/lib/core/dicts.py @@ -225,7 +225,7 @@ DBMS_DICT = { DBMS.MSSQL: (MSSQL_ALIASES, "python-pymssql", "https://github.com/pymssql/pymssql", "mssql+pymssql"), DBMS.MYSQL: (MYSQL_ALIASES, "python-pymysql", "https://github.com/PyMySQL/PyMySQL", "mysql"), DBMS.PGSQL: (PGSQL_ALIASES, "python-psycopg2", "https://github.com/psycopg/psycopg2", "postgresql"), - DBMS.ORACLE: (ORACLE_ALIASES, "python cx_Oracle", "https://oracle.github.io/python-cx_Oracle/", "oracle"), + DBMS.ORACLE: (ORACLE_ALIASES, "python-oracledb", "https://oracle.github.io/python-oracledb/", "oracle"), DBMS.SQLITE: (SQLITE_ALIASES, "python-sqlite", "https://docs.python.org/3/library/sqlite3.html", "sqlite"), DBMS.ACCESS: (ACCESS_ALIASES, "python-pyodbc", "https://github.com/mkleehammer/pyodbc", "access"), DBMS.FIREBIRD: (FIREBIRD_ALIASES, "python-kinterbasdb", "http://kinterbasdb.sourceforge.net/", "firebird"), diff --git a/lib/core/settings.py b/lib/core/settings.py index ee2746de9..0723c7515 100644 --- a/lib/core/settings.py +++ b/lib/core/settings.py @@ -19,7 +19,7 @@ from lib.core.enums import OS from thirdparty import six # sqlmap version (...) -VERSION = "1.9.6.2" +VERSION = "1.9.6.3" TYPE = "dev" if VERSION.count('.') > 2 and VERSION.split('.')[-1] != '0' else "stable" TYPE_COLORS = {"dev": 33, "stable": 90, "pip": 34} VERSION_STRING = "sqlmap/%s#%s" % ('.'.join(VERSION.split('.')[:-1]) if VERSION.count('.') > 2 and VERSION.split('.')[-1] == '0' else VERSION, TYPE) diff --git a/lib/utils/deps.py b/lib/utils/deps.py index 790e2048e..f8f38e0e1 100644 --- a/lib/utils/deps.py +++ b/lib/utils/deps.py @@ -32,7 +32,7 @@ def checkDependencies(): elif dbmsName in (DBMS.PGSQL, DBMS.CRATEDB): __import__("psycopg2") elif dbmsName == DBMS.ORACLE: - __import__("cx_Oracle") + __import__("oracledb") elif dbmsName == DBMS.SQLITE: __import__("sqlite3") elif dbmsName == DBMS.ACCESS: diff --git a/plugins/dbms/oracle/connector.py b/plugins/dbms/oracle/connector.py index 80a55089a..9f785d5ca 100644 --- a/plugins/dbms/oracle/connector.py +++ b/plugins/dbms/oracle/connector.py @@ -6,8 +6,8 @@ See the file 'LICENSE' for copying permission """ try: - import cx_Oracle -except: + import oracledb +except ImportError: pass import logging @@ -25,32 +25,26 @@ os.environ["NLS_LANG"] = ".AL32UTF8" class Connector(GenericConnector): """ - Homepage: https://oracle.github.io/python-cx_Oracle/ - User https://cx-oracle.readthedocs.io/en/latest/ - API: https://wiki.python.org/moin/DatabaseProgramming - License: https://cx-oracle.readthedocs.io/en/latest/license.html#license + Homepage: https://oracle.github.io/python-oracledb/ + User: https://python-oracledb.readthedocs.io/en/latest/ + License: https://github.com/oracle/python-oracledb/blob/main/LICENSE.txt """ def connect(self): self.initConnection() - # Reference: https://cx-oracle.readthedocs.io/en/latest/user_guide/connection_handling.html - self.__dsn = "%s:%d/%s" % (self.hostname, self.port, self.db) + self.user = getText(self.user) self.password = getText(self.password) try: - self.connector = cx_Oracle.connect(dsn=self.__dsn, user=self.user, password=self.password, mode=cx_Oracle.SYSDBA) + dsn = oracledb.makedsn(self.hostname, self.port, service_name=self.db) + self.connector = oracledb.connect(user=self.user, password=self.password, dsn=dsn, mode=oracledb.AUTH_MODE_SYSDBA) logger.info("successfully connected as SYSDBA") - except (cx_Oracle.OperationalError, cx_Oracle.DatabaseError, cx_Oracle.InterfaceError) as ex: - if "Oracle Client library" in getSafeExString(ex): - msg = re.sub(r"DPI-\d+:\s+", "", getSafeExString(ex)) - msg = re.sub(r': ("[^"]+")', r" (\g<1>)", msg) - msg = re.sub(r". See (http[^ ]+)", r'. See "\g<1>"', msg) - raise SqlmapConnectionException(msg) - + except oracledb.DatabaseError as ex: + # Try again without SYSDBA try: - self.connector = cx_Oracle.connect(dsn=self.__dsn, user=self.user, password=self.password) - except (cx_Oracle.OperationalError, cx_Oracle.DatabaseError, cx_Oracle.InterfaceError) as ex: + self.connector = oracledb.connect(user=self.user, password=self.password, dsn=dsn) + except oracledb.DatabaseError as ex: raise SqlmapConnectionException(ex) self.initCursor() @@ -59,7 +53,7 @@ class Connector(GenericConnector): def fetchall(self): try: return self.cursor.fetchall() - except cx_Oracle.InterfaceError as ex: + except oracledb.InterfaceError as ex: logger.log(logging.WARN if conf.dbmsHandler else logging.DEBUG, "(remote) '%s'" % getSafeExString(ex)) return None @@ -69,11 +63,10 @@ class Connector(GenericConnector): try: self.cursor.execute(getText(query)) retVal = True - except cx_Oracle.DatabaseError as ex: + except oracledb.DatabaseError as ex: logger.log(logging.WARN if conf.dbmsHandler else logging.DEBUG, "(remote) '%s'" % getSafeExString(ex)) self.connector.commit() - return retVal def select(self, query):