diff --git a/doc/README.html b/doc/README.html index 43f0bd3b7..6a49569c2 100644 --- a/doc/README.html +++ b/doc/README.html @@ -1571,11 +1571,13 @@ At the moment the fully supported database management system are four:

-

It is possible to force the name if you already know it so that sqlmap -will skip the fingerprint with an exception for MySQL to only identify if -it is MySQL < 5.0 or MySQL >= 5.0. -To avoid also this check you can provide instead MySQL 4 or -MySQL 5.

+

It is possible to force the DBMS name if you already know it so that sqlmap +will skip the fingerprint with an exception for MySQL and Microsoft SQL +Server to only identify the version. +To avoid also this check you can provide instead MySQL VERSION or +Microsoft SQL Server VERSION where version is a valid version for +the DBMS, for instance 5.0 for MySQL and 2005 for +Microsoft SQL Server.

Example on a PostgreSQL 8.3.5 target:

diff --git a/doc/README.pdf b/doc/README.pdf index d3eaa478f..8f354e080 100644 Binary files a/doc/README.pdf and b/doc/README.pdf differ diff --git a/doc/README.sgml b/doc/README.sgml index d82cdb5dc..d2892f003 100644 --- a/doc/README.sgml +++ b/doc/README.sgml @@ -1507,11 +1507,13 @@ At the moment the fully supported database management system are four:

-It is possible to force the name if you already know it so that sqlmap -will skip the fingerprint with an exception for MySQL to only identify if -it is MySQL < 5.0 or MySQL >= 5.0. -To avoid also this check you can provide instead MySQL 4 or -MySQL 5. +It is possible to force the DBMS name if you already know it so that sqlmap +will skip the fingerprint with an exception for MySQL and Microsoft SQL +Server to only identify the version. +To avoid also this check you can provide instead MySQL VERSION or +Microsoft SQL Server VERSION where version is a valid version for +the DBMS, for instance 5.0 for MySQL and 2005 for +Microsoft SQL Server. Example on a PostgreSQL 8.3.5 target: diff --git a/lib/core/option.py b/lib/core/option.py index 599f0bfd5..1bac5e18f 100644 --- a/lib/core/option.py +++ b/lib/core/option.py @@ -55,6 +55,8 @@ from lib.core.exception import sqlmapUnsupportedDBMSException from lib.core.optiondict import optDict from lib.core.settings import MSSQL_ALIASES from lib.core.settings import MYSQL_ALIASES +from lib.core.settings import PGSQL_ALIASES +from lib.core.settings import ORACLE_ALIASES from lib.core.settings import IS_WIN from lib.core.settings import PLATFORM from lib.core.settings import SITE @@ -461,8 +463,10 @@ def __setDBMS(): logger.debug(debugMsg) conf.dbms = conf.dbms.lower() - firstRegExp = "(%s|%s)" % ("|".join([alias for alias in MSSQL_ALIASES]), - "|".join([alias for alias in MYSQL_ALIASES])) + firstRegExp = "(%s|%s|%s|%s)" % ("|".join([alias for alias in MSSQL_ALIASES]), + "|".join([alias for alias in MYSQL_ALIASES]), + "|".join([alias for alias in PGSQL_ALIASES]), + "|".join([alias for alias in ORACLE_ALIASES])) dbmsRegExp = re.search("%s ([\d\.]+)" % firstRegExp, conf.dbms) if dbmsRegExp: diff --git a/lib/core/session.py b/lib/core/session.py index cae12d887..f461e996f 100644 --- a/lib/core/session.py +++ b/lib/core/session.py @@ -34,6 +34,8 @@ from lib.core.data import kb from lib.core.data import logger from lib.core.settings import MSSQL_ALIASES from lib.core.settings import MYSQL_ALIASES +from lib.core.settings import PGSQL_ALIASES +from lib.core.settings import ORACLE_ALIASES def setString(): @@ -133,8 +135,10 @@ def setDbms(dbms): if condition: dataToSessionFile("[%s][%s][%s][DBMS][%s]\n" % (conf.url, kb.injPlace, conf.parameters[kb.injPlace], dbms)) - firstRegExp = "(%s|%s)" % ("|".join([alias for alias in MSSQL_ALIASES]), - "|".join([alias for alias in MYSQL_ALIASES])) + firstRegExp = "(%s|%s|%s|%s)" % ("|".join([alias for alias in MSSQL_ALIASES]), + "|".join([alias for alias in MYSQL_ALIASES]), + "|".join([alias for alias in PGSQL_ALIASES]), + "|".join([alias for alias in ORACLE_ALIASES])) dbmsRegExp = re.search("^%s" % firstRegExp, dbms, re.I) if dbmsRegExp: @@ -368,20 +372,23 @@ def resumeConfKb(expression, url, value): logger.info(logMsg) elif expression == "DBMS" and url == conf.url: - dbms = value[:-1] + dbms = value[:-1] + dbms = dbms.lower() + dbmsVersion = None logMsg = "resuming back-end DBMS '%s' " % dbms logMsg += "from session file" logger.info(logMsg) - dbms = dbms.lower() - firstRegExp = "(%s|%s)" % ("|".join([alias for alias in MSSQL_ALIASES]), - "|".join([alias for alias in MYSQL_ALIASES])) + firstRegExp = "(%s|%s|%s|%s)" % ("|".join([alias for alias in MSSQL_ALIASES]), + "|".join([alias for alias in MYSQL_ALIASES]), + "|".join([alias for alias in PGSQL_ALIASES]), + "|".join([alias for alias in ORACLE_ALIASES])) dbmsRegExp = re.search("%s ([\d\.]+)" % firstRegExp, dbms) if dbmsRegExp: - dbms = dbmsRegExp.group(1) - kb.dbmsVersion = [ dbmsRegExp.group(2) ] + dbms = dbmsRegExp.group(1) + dbmsVersion = [ dbmsRegExp.group(2) ] if conf.dbms and conf.dbms.lower() != dbms: message = "you provided '%s' as back-end DBMS, " % conf.dbms @@ -392,9 +399,11 @@ def resumeConfKb(expression, url, value): test = readInput(message, default="N") if not test or test[0] in ("n", "N"): - conf.dbms = dbms + conf.dbms = dbms + kb.dbmsVersion = dbmsVersion else: - conf.dbms = dbms + conf.dbms = dbms + kb.dbmsVersion = dbmsVersion elif expression == "OS" and url == conf.url: os = value[:-1]