basic live tests against 3 major DBMSes

This commit is contained in:
Miroslav Stampar 2011-03-24 11:47:01 +00:00
parent ecbbfeba6e
commit 2b15ad57c2
3 changed files with 122 additions and 27 deletions

View File

@ -1349,7 +1349,7 @@ def __setVerbosity():
elif conf.verbose >= 5: elif conf.verbose >= 5:
logger.setLevel(7) logger.setLevel(7)
def __mergeOptions(inputOptions): def __mergeOptions(inputOptions, overrideOptions):
""" """
Merge command line options with configuration file options. Merge command line options with configuration file options.
@ -1367,7 +1367,7 @@ def __mergeOptions(inputOptions):
for key, value in inputOptionsItems: for key, value in inputOptionsItems:
if key not in conf or (conf[key] is False and value is True) or \ if key not in conf or (conf[key] is False and value is True) or \
value not in (None, False): value not in (None, False) or overrideOptions:
conf[key] = value conf[key] = value
def __setTrafficOutputFP(): def __setTrafficOutputFP():
@ -1425,7 +1425,7 @@ def __basicOptionValidation():
errMsg = "value for --time-sec option must be an integer greater than 0" errMsg = "value for --time-sec option must be an integer greater than 0"
raise sqlmapSyntaxException, errMsg raise sqlmapSyntaxException, errMsg
def init(inputOptions=advancedDict()): def init(inputOptions=advancedDict(), overrideOptions=False):
""" """
Set attributes into both configuration and knowledge base singletons Set attributes into both configuration and knowledge base singletons
based upon command line and configuration file options. based upon command line and configuration file options.
@ -1433,7 +1433,7 @@ def init(inputOptions=advancedDict()):
__setConfAttributes() __setConfAttributes()
__setKnowledgeBaseAttributes() __setKnowledgeBaseAttributes()
__mergeOptions(inputOptions) __mergeOptions(inputOptions, overrideOptions)
__setVerbosity() __setVerbosity()
__saveCmdline() __saveCmdline()
__setRequestFromFile() __setRequestFromFile()

View File

@ -17,6 +17,7 @@ import tempfile
import time import time
from lib.controller.controller import start from lib.controller.controller import start
from lib.core.common import beep
from lib.core.common import clearConsoleLine from lib.core.common import clearConsoleLine
from lib.core.common import dataToStdout from lib.core.common import dataToStdout
from lib.core.common import getCompiledRegex from lib.core.common import getCompiledRegex
@ -74,6 +75,10 @@ def smokeTest():
return retVal return retVal
def adjustValueType(tagName, value): def adjustValueType(tagName, value):
# as it's not part of optDict
if tagName == "technique":
value = int(value)
for family in optDict.keys(): for family in optDict.keys():
for name, type_ in optDict[family].items(): for name, type_ in optDict[family].items():
if type(type_) == tuple: if type(type_) == tuple:
@ -146,6 +151,7 @@ def liveTest():
logger.info("test passed") logger.info("test passed")
else: else:
logger.error("test failed") logger.error("test failed")
beep()
retVal &= result retVal &= result
dataToStdout("\n") dataToStdout("\n")
@ -169,7 +175,7 @@ def initCase(switches=None):
cmdLineOptions.__dict__[key] = value cmdLineOptions.__dict__[key] = value
conf.sessionFile = None conf.sessionFile = None
init(cmdLineOptions) init(cmdLineOptions, True)
__setVerbosity() __setVerbosity()
def cleanCase(): def cleanCase():
@ -194,7 +200,7 @@ def runCase(switches=None, log=None, session=None):
ifile.close() ifile.close()
for item in session: for item in session:
if item.startswith("r'") and item.endswith("'"): if item.startswith("r'") and item.endswith("'"):
if not re.search(item[2:-1], content): if not re.search(item[2:-1], content, re.DOTALL):
retVal = False retVal = False
break break
elif content.find(item) < 0: elif content.find(item) < 0:
@ -207,7 +213,7 @@ def runCase(switches=None, log=None, session=None):
ifile.close() ifile.close()
for item in log: for item in log:
if item.startswith("r'") and item.endswith("'"): if item.startswith("r'") and item.endswith("'"):
if not re.search(item[2:-1], content): if not re.search(item[2:-1], content, re.DOTALL):
retVal = False retVal = False
break break
elif content.find(item) < 0: elif content.find(item) < 0:

View File

@ -3,44 +3,133 @@
<root> <root>
<global> <global>
<ignoreProxy value="True"/> <ignoreProxy value="True"/>
<batch value="True"/>
<verbose value="0"/> <verbose value="0"/>
</global> </global>
<vars> <case name="Postgres (--technique=2 --is-dba --banner --current-user --current-db --dbs --tables -D testdb)">
<host value="172.16.104.130"/>
</vars>
<case name="Postgres (--is-dba)">
<switches> <switches>
<url value="http://${host}/sqlmap/pgsql/get_int.php?id=1"/> <url value="http://debianenv/sqlmap/pgsql/get_int.php?id=1"/>
<isDba value="True"/> <isDba value="True"/>
<technique value="2"/>
<getBanner value="True"/>
<getCurrentUser value="True"/>
<getCurrentDb value="True"/>
<getDbs value="True"/>
<getTables value="True"/>
<db value="testdb"/>
</switches> </switches>
<log> <log>
<item value="current user is DBA: 'True'"/> <item value="current user is DBA: 'True'"/>
<item value="PostgreSQL 8.3.9 on i486-pc-linux-gnu, compiled by GCC gcc-4.3.real (Debian 4.3.2-1.1) 4.3.2"/>
<item value="current user: 'testuser'"/>
<item value="current database: 'testdb'"/>
<item value="r'postgres.+template0.+template1.+testdb'"/>
<item value="r'1 table.+users'"/>
</log> </log>
</case> </case>
<case name="MySQL (--banner --threads=5)"> <case name="Postgres (--technique=3 --is-dba --banner --current-user --current-db --dbs --tables -D testdb)">
<switches> <switches>
<url value="http://${host}/sqlmap/mysql/get_int.php?id=1"/> <url value="http://debianenv/sqlmap/pgsql/get_int.php?id=1"/>
<isDba value="True"/>
<technique value="3"/>
<getBanner value="True"/> <getBanner value="True"/>
<threads value="5"/> <getCurrentUser value="True"/>
<getCurrentDb value="True"/>
<getDbs value="True"/>
<getTables value="True"/>
<db value="testdb"/>
</switches> </switches>
<log> <log>
<item value="5.1.41-3~bpo50+1"/> <item value="current user is DBA: 'True'"/>
<item value="PostgreSQL 8.3.9 on i486-pc-linux-gnu, compiled by GCC gcc-4.3.real (Debian 4.3.2-1.1) 4.3.2"/>
<item value="current user: 'testuser'"/>
<item value="current database: 'testdb'"/>
<item value="r'postgres.+template0.+template1.+testdb'"/>
<item value="r'1 table.+users'"/>
</log> </log>
</case> </case>
<case name="Oracle (-o -f --users)"> <case name="MySQL (--technique=2 --is-dba --banner --current-user --current-db --dbs --tables -D testdb)">
<switches> <switches>
<url value="http://${host}/sqlmap/oracle/get_int.php?id=1"/> <url value="http://debianenv/sqlmap/mysql/get_int.php?id=1"/>
<extensiveFp value="True"/> <isDba value="True"/>
<optimize value="True"/> <technique value="2"/>
<getUsers value="True"/> <getBanner value="True"/>
<getCurrentUser value="True"/>
<getCurrentDb value="True"/>
<getDbs value="True"/>
<getTables value="True"/>
<db value="testdb"/>
</switches> </switches>
<log> <log>
<item value="database management system users"/> <item value="current user is DBA: 'True'"/>
<item value="r'SYS.*N'"/> <!--sample for regex--> <item value="banner: '5.1.41-3~bpo50+1'"/>
<item value="current user: 'root@localhost'"/>
<item value="current database: 'testdb'"/>
<item value="r'information_schema.+mysql.+owasp10.+testdb'"/>
<item value="r'1 table.+users'"/>
</log>
</case>
<case name="MySQL (--technique=3 --is-dba --banner --current-user --current-db --dbs --tables -D testdb)">
<switches>
<url value="http://debianenv/sqlmap/mysql/get_int.php?id=1"/>
<isDba value="True"/>
<technique value="3"/>
<getBanner value="True"/>
<getCurrentUser value="True"/>
<getCurrentDb value="True"/>
<getDbs value="True"/>
<getTables value="True"/>
<db value="testdb"/>
</switches>
<log>
<item value="current user is DBA: 'True'"/>
<item value="banner: '5.1.41-3~bpo50+1'"/>
<item value="current user: 'root@localhost'"/>
<item value="current database: 'testdb'"/>
<item value="r'information_schema.+mysql.+owasp10.+testdb'"/>
<item value="r'1 table.+users'"/>
</log>
</case>
<case name="Oracle (--technique=2 --is-dba --banner --current-user --current-db --dbs --tables -D SCOTT)">
<switches>
<url value="http://debianenv/sqlmap/oracle/get_int.php?id=1"/>
<isDba value="True"/>
<technique value="2"/>
<getBanner value="True"/>
<getCurrentUser value="True"/>
<getCurrentDb value="True"/>
<getDbs value="True"/>
<getTables value="True"/>
<db value="SCOTT"/>
</switches>
<log>
<item value="current user is DBA: 'True'"/>
<item value="banner: 'Oracle Database 10g Enterprise Edition Release 10.2.0.1.0 - Prod'"/>
<item value="current user: 'SYS'"/>
<item value="'TESTDB.REGRESS.RDBMS.DEV.US.ORACLE.COM'"/>
<item value="r'available databases.+15.+CTXSYS.+DBSNMP.+SCOTT.+SYS.+SYSMAN'"/>
<item value="r'5 tables.+BONUS.+DEPT.+EMP.+SALGRADE.+USERS'"/>
</log>
</case>
<case name="Oracle (--technique=3 --is-dba --banner --current-user --current-db --dbs --tables -D SCOTT)">
<switches>
<url value="http://debianenv/sqlmap/oracle/get_int.php?id=1"/>
<isDba value="True"/>
<technique value="3"/>
<getBanner value="True"/>
<getCurrentUser value="True"/>
<getCurrentDb value="True"/>
<getDbs value="True"/>
<getTables value="True"/>
<db value="SCOTT"/>
</switches>
<log>
<item value="current user is DBA: 'True'"/>
<item value="banner: 'Oracle Database 10g Enterprise Edition Release 10.2.0.1.0 - Prod'"/>
<item value="current user: 'SYS'"/>
<item value="'TESTDB.REGRESS.RDBMS.DEV.US.ORACLE.COM'"/>
<item value="r'available databases.+15.+CTXSYS.+DBSNMP.+SCOTT.+SYS.+SYSMAN'"/>
<item value="r'5 tables.+BONUS.+DEPT.+EMP.+SALGRADE.+USERS'"/>
</log> </log>
<session>
<item value="SELECT DISTINCT(USERNAME)"/>
<item value="[DBMS][Oracle]"/>
</session>
</case> </case>
</root> </root>