mirror of
https://github.com/sqlmapproject/sqlmap.git
synced 2024-11-25 02:53:46 +03:00
Some more refactoring
This commit is contained in:
parent
e3028f195e
commit
2ef07c80db
|
@ -1167,7 +1167,7 @@ def checkDynParam(place, parameter, value):
|
||||||
dynamicity might depend on another parameter.
|
dynamicity might depend on another parameter.
|
||||||
"""
|
"""
|
||||||
|
|
||||||
if kb.redirectChoice:
|
if kb.choices.redirect:
|
||||||
return None
|
return None
|
||||||
|
|
||||||
kb.matchRatio = None
|
kb.matchRatio = None
|
||||||
|
@ -1268,7 +1268,7 @@ def checkStability():
|
||||||
|
|
||||||
secondPage, _, _ = Request.queryPage(content=True, noteResponseTime=False, raise404=False)
|
secondPage, _, _ = Request.queryPage(content=True, noteResponseTime=False, raise404=False)
|
||||||
|
|
||||||
if kb.redirectChoice:
|
if kb.choices.redirect:
|
||||||
return None
|
return None
|
||||||
|
|
||||||
kb.pageStable = (firstPage == secondPage)
|
kb.pageStable = (firstPage == secondPage)
|
||||||
|
@ -1415,11 +1415,11 @@ def checkWaf():
|
||||||
value = "" if not conf.parameters.get(PLACE.GET) else conf.parameters[PLACE.GET] + DEFAULT_GET_POST_DELIMITER
|
value = "" if not conf.parameters.get(PLACE.GET) else conf.parameters[PLACE.GET] + DEFAULT_GET_POST_DELIMITER
|
||||||
value += "%s=%s" % (randomStr(), agent.addPayloadDelimiters(payload))
|
value += "%s=%s" % (randomStr(), agent.addPayloadDelimiters(payload))
|
||||||
|
|
||||||
pushValue(kb.redirectChoice)
|
pushValue(kb.choices.redirect)
|
||||||
pushValue(kb.resendPostOnRedirect)
|
pushValue(kb.resendPostOnRedirect)
|
||||||
pushValue(conf.timeout)
|
pushValue(conf.timeout)
|
||||||
|
|
||||||
kb.redirectChoice = REDIRECTION.YES
|
kb.choices.redirect = REDIRECTION.YES
|
||||||
kb.resendPostOnRedirect = False
|
kb.resendPostOnRedirect = False
|
||||||
conf.timeout = IPS_WAF_CHECK_TIMEOUT
|
conf.timeout = IPS_WAF_CHECK_TIMEOUT
|
||||||
|
|
||||||
|
@ -1432,7 +1432,7 @@ def checkWaf():
|
||||||
|
|
||||||
conf.timeout = popValue()
|
conf.timeout = popValue()
|
||||||
kb.resendPostOnRedirect = popValue()
|
kb.resendPostOnRedirect = popValue()
|
||||||
kb.redirectChoice = popValue()
|
kb.choices.redirect = popValue()
|
||||||
|
|
||||||
hashDBWrite(HASHDB_KEYS.CHECK_WAF_RESULT, retVal, True)
|
hashDBWrite(HASHDB_KEYS.CHECK_WAF_RESULT, retVal, True)
|
||||||
|
|
||||||
|
@ -1565,7 +1565,7 @@ def checkConnection(suppressOutput=False):
|
||||||
else:
|
else:
|
||||||
kb.errorIsNone = True
|
kb.errorIsNone = True
|
||||||
|
|
||||||
if kb.redirectChoice == REDIRECTION.YES and threadData.lastRedirectURL and threadData.lastRedirectURL[0] == threadData.lastRequestUID:
|
if kb.choices.redirect == REDIRECTION.YES and threadData.lastRedirectURL and threadData.lastRedirectURL[0] == threadData.lastRequestUID:
|
||||||
if (threadData.lastRedirectURL[1] or "").startswith("https://") and conf.hostname in getUnicode(threadData.lastRedirectURL[1]):
|
if (threadData.lastRedirectURL[1] or "").startswith("https://") and conf.hostname in getUnicode(threadData.lastRedirectURL[1]):
|
||||||
conf.url = re.sub(r"https?://", "https://", conf.url)
|
conf.url = re.sub(r"https?://", "https://", conf.url)
|
||||||
match = re.search(r":(\d+)", threadData.lastRedirectURL[1])
|
match = re.search(r":(\d+)", threadData.lastRedirectURL[1])
|
||||||
|
|
|
@ -21,13 +21,14 @@ class AttribDict(dict):
|
||||||
1
|
1
|
||||||
"""
|
"""
|
||||||
|
|
||||||
def __init__(self, indict=None, attribute=None):
|
def __init__(self, indict=None, attribute=None, keycheck=True):
|
||||||
if indict is None:
|
if indict is None:
|
||||||
indict = {}
|
indict = {}
|
||||||
|
|
||||||
# Set any attributes here - before initialisation
|
# Set any attributes here - before initialisation
|
||||||
# these remain as normal attributes
|
# these remain as normal attributes
|
||||||
self.attribute = attribute
|
self.attribute = attribute
|
||||||
|
self.keycheck = keycheck
|
||||||
dict.__init__(self, indict)
|
dict.__init__(self, indict)
|
||||||
self.__initialised = True
|
self.__initialised = True
|
||||||
|
|
||||||
|
@ -43,7 +44,10 @@ class AttribDict(dict):
|
||||||
try:
|
try:
|
||||||
return self.__getitem__(item)
|
return self.__getitem__(item)
|
||||||
except KeyError:
|
except KeyError:
|
||||||
raise AttributeError("unable to access item '%s'" % item)
|
if self.keycheck:
|
||||||
|
raise AttributeError("unable to access item '%s'" % item)
|
||||||
|
else:
|
||||||
|
return None
|
||||||
|
|
||||||
def __setattr__(self, item, value):
|
def __setattr__(self, item, value):
|
||||||
"""
|
"""
|
||||||
|
|
|
@ -2013,12 +2013,10 @@ def _setKnowledgeBaseAttributes(flushAll=True):
|
||||||
kb.chars.stop = "%s%s%s" % (KB_CHARS_BOUNDARY_CHAR, randomStr(length=3, alphabet=KB_CHARS_LOW_FREQUENCY_ALPHABET), KB_CHARS_BOUNDARY_CHAR)
|
kb.chars.stop = "%s%s%s" % (KB_CHARS_BOUNDARY_CHAR, randomStr(length=3, alphabet=KB_CHARS_LOW_FREQUENCY_ALPHABET), KB_CHARS_BOUNDARY_CHAR)
|
||||||
kb.chars.at, kb.chars.space, kb.chars.dollar, kb.chars.hash_ = ("%s%s%s" % (KB_CHARS_BOUNDARY_CHAR, _, KB_CHARS_BOUNDARY_CHAR) for _ in randomStr(length=4, lowercase=True))
|
kb.chars.at, kb.chars.space, kb.chars.dollar, kb.chars.hash_ = ("%s%s%s" % (KB_CHARS_BOUNDARY_CHAR, _, KB_CHARS_BOUNDARY_CHAR) for _ in randomStr(length=4, lowercase=True))
|
||||||
|
|
||||||
|
kb.choices = AttribDict(keycheck=False)
|
||||||
kb.codePage = None
|
kb.codePage = None
|
||||||
kb.columnExistsChoice = None
|
|
||||||
kb.commonOutputs = None
|
kb.commonOutputs = None
|
||||||
kb.connErrorChoice = None
|
|
||||||
kb.connErrorCounter = 0
|
kb.connErrorCounter = 0
|
||||||
kb.cookieEncodeChoice = None
|
|
||||||
kb.copyExecTest = None
|
kb.copyExecTest = None
|
||||||
kb.counters = {}
|
kb.counters = {}
|
||||||
kb.customInjectionMark = CUSTOM_INJECTION_MARK_CHAR
|
kb.customInjectionMark = CUSTOM_INJECTION_MARK_CHAR
|
||||||
|
@ -2122,7 +2120,6 @@ def _setKnowledgeBaseAttributes(flushAll=True):
|
||||||
kb.proxyAuthHeader = None
|
kb.proxyAuthHeader = None
|
||||||
kb.queryCounter = 0
|
kb.queryCounter = 0
|
||||||
kb.randomPool = {}
|
kb.randomPool = {}
|
||||||
kb.redirectChoice = None
|
|
||||||
kb.reflectiveMechanism = True
|
kb.reflectiveMechanism = True
|
||||||
kb.reflectiveCounters = {REFLECTIVE_COUNTER.MISS: 0, REFLECTIVE_COUNTER.HIT: 0}
|
kb.reflectiveCounters = {REFLECTIVE_COUNTER.MISS: 0, REFLECTIVE_COUNTER.HIT: 0}
|
||||||
kb.requestCounter = 0
|
kb.requestCounter = 0
|
||||||
|
@ -2142,9 +2139,7 @@ def _setKnowledgeBaseAttributes(flushAll=True):
|
||||||
kb.reduceTests = None
|
kb.reduceTests = None
|
||||||
kb.sslSuccess = False
|
kb.sslSuccess = False
|
||||||
kb.stickyDBMS = False
|
kb.stickyDBMS = False
|
||||||
kb.storeHashesChoice = None
|
|
||||||
kb.suppressResumeInfo = False
|
kb.suppressResumeInfo = False
|
||||||
kb.tableExistsChoice = None
|
|
||||||
kb.tableFrom = None
|
kb.tableFrom = None
|
||||||
kb.technique = None
|
kb.technique = None
|
||||||
kb.tempDir = None
|
kb.tempDir = None
|
||||||
|
|
|
@ -18,7 +18,7 @@ from lib.core.enums import OS
|
||||||
from thirdparty.six import unichr as _unichr
|
from thirdparty.six import unichr as _unichr
|
||||||
|
|
||||||
# sqlmap version (<major>.<minor>.<month>.<monthly commit>)
|
# sqlmap version (<major>.<minor>.<month>.<monthly commit>)
|
||||||
VERSION = "1.5.1.18"
|
VERSION = "1.5.1.19"
|
||||||
TYPE = "dev" if VERSION.count('.') > 2 and VERSION.split('.')[-1] != '0' else "stable"
|
TYPE = "dev" if VERSION.count('.') > 2 and VERSION.split('.')[-1] != '0' else "stable"
|
||||||
TYPE_COLORS = {"dev": 33, "stable": 90, "pip": 34}
|
TYPE_COLORS = {"dev": 33, "stable": 90, "pip": 34}
|
||||||
VERSION_STRING = "sqlmap/%s#%s" % ('.'.join(VERSION.split('.')[:-1]) if VERSION.count('.') > 2 and VERSION.split('.')[-1] == '0' else VERSION, TYPE)
|
VERSION_STRING = "sqlmap/%s#%s" % ('.'.join(VERSION.split('.')[:-1]) if VERSION.count('.') > 2 and VERSION.split('.')[-1] == '0' else VERSION, TYPE)
|
||||||
|
|
|
@ -610,8 +610,8 @@ class Connect(object):
|
||||||
|
|
||||||
# Get HTTP response
|
# Get HTTP response
|
||||||
if hasattr(conn, "redurl"):
|
if hasattr(conn, "redurl"):
|
||||||
page = (threadData.lastRedirectMsg[1] if kb.redirectChoice == REDIRECTION.NO else Connect._connReadProxy(conn)) if not skipRead else None
|
page = (threadData.lastRedirectMsg[1] if kb.choices.redirect == REDIRECTION.NO else Connect._connReadProxy(conn)) if not skipRead else None
|
||||||
skipLogTraffic = kb.redirectChoice == REDIRECTION.NO
|
skipLogTraffic = kb.choices.redirect == REDIRECTION.NO
|
||||||
code = conn.redcode if not finalCode else code
|
code = conn.redcode if not finalCode else code
|
||||||
else:
|
else:
|
||||||
page = Connect._connReadProxy(conn) if not skipRead else None
|
page = Connect._connReadProxy(conn) if not skipRead else None
|
||||||
|
@ -844,13 +844,13 @@ class Connect(object):
|
||||||
with kb.locks.connError:
|
with kb.locks.connError:
|
||||||
kb.connErrorCounter += 1
|
kb.connErrorCounter += 1
|
||||||
|
|
||||||
if kb.connErrorCounter >= MAX_CONSECUTIVE_CONNECTION_ERRORS and kb.connErrorChoice is None:
|
if kb.connErrorCounter >= MAX_CONSECUTIVE_CONNECTION_ERRORS and kb.choices.connError is None:
|
||||||
message = "there seems to be a continuous problem with connection to the target. "
|
message = "there seems to be a continuous problem with connection to the target. "
|
||||||
message += "Are you sure that you want to continue? [y/N] "
|
message += "Are you sure that you want to continue? [y/N] "
|
||||||
|
|
||||||
kb.connErrorChoice = readInput(message, default='N', boolean=True)
|
kb.choices.connError = readInput(message, default='N', boolean=True)
|
||||||
|
|
||||||
if kb.connErrorChoice is False:
|
if kb.choices.connError is False:
|
||||||
raise SqlmapSkipTargetException
|
raise SqlmapSkipTargetException
|
||||||
|
|
||||||
if "forcibly closed" in tbMsg:
|
if "forcibly closed" in tbMsg:
|
||||||
|
@ -1025,10 +1025,10 @@ class Connect(object):
|
||||||
skip = False
|
skip = False
|
||||||
|
|
||||||
if place == PLACE.COOKIE or place == PLACE.CUSTOM_HEADER and value.split(',')[0].upper() == HTTP_HEADER.COOKIE.upper():
|
if place == PLACE.COOKIE or place == PLACE.CUSTOM_HEADER and value.split(',')[0].upper() == HTTP_HEADER.COOKIE.upper():
|
||||||
if kb.cookieEncodeChoice is None:
|
if kb.choices.cookieEncode is None:
|
||||||
msg = "do you want to URL encode cookie values (implementation specific)? %s" % ("[Y/n]" if not conf.url.endswith(".aspx") else "[y/N]") # Reference: https://support.microsoft.com/en-us/kb/313282
|
msg = "do you want to URL encode cookie values (implementation specific)? %s" % ("[Y/n]" if not conf.url.endswith(".aspx") else "[y/N]") # Reference: https://support.microsoft.com/en-us/kb/313282
|
||||||
kb.cookieEncodeChoice = readInput(msg, default='Y' if not conf.url.endswith(".aspx") else 'N', boolean=True)
|
kb.choices.cookieEncode = readInput(msg, default='Y' if not conf.url.endswith(".aspx") else 'N', boolean=True)
|
||||||
if not kb.cookieEncodeChoice:
|
if not kb.choices.cookieEncode:
|
||||||
skip = True
|
skip = True
|
||||||
|
|
||||||
if not skip:
|
if not skip:
|
||||||
|
|
|
@ -48,13 +48,13 @@ class SmartRedirectHandler(_urllib.request.HTTPRedirectHandler):
|
||||||
|
|
||||||
def _ask_redirect_choice(self, redcode, redurl, method):
|
def _ask_redirect_choice(self, redcode, redurl, method):
|
||||||
with kb.locks.redirect:
|
with kb.locks.redirect:
|
||||||
if kb.redirectChoice is None:
|
if kb.choices.redirect is None:
|
||||||
msg = "got a %d redirect to " % redcode
|
msg = "got a %d redirect to " % redcode
|
||||||
msg += "'%s'. Do you want to follow? [Y/n] " % redurl
|
msg += "'%s'. Do you want to follow? [Y/n] " % redurl
|
||||||
|
|
||||||
kb.redirectChoice = REDIRECTION.YES if readInput(msg, default='Y', boolean=True) else REDIRECTION.NO
|
kb.choices.redirect = REDIRECTION.YES if readInput(msg, default='Y', boolean=True) else REDIRECTION.NO
|
||||||
|
|
||||||
if kb.redirectChoice == REDIRECTION.YES and method == HTTPMETHOD.POST and kb.resendPostOnRedirect is None:
|
if kb.choices.redirect == REDIRECTION.YES and method == HTTPMETHOD.POST and kb.resendPostOnRedirect is None:
|
||||||
msg = "redirect is a result of a "
|
msg = "redirect is a result of a "
|
||||||
msg += "POST request. Do you want to "
|
msg += "POST request. Do you want to "
|
||||||
msg += "resend original POST data to a new "
|
msg += "resend original POST data to a new "
|
||||||
|
@ -116,7 +116,7 @@ class SmartRedirectHandler(_urllib.request.HTTPRedirectHandler):
|
||||||
redurl = None
|
redurl = None
|
||||||
result = fp
|
result = fp
|
||||||
|
|
||||||
if redurl and kb.redirectChoice == REDIRECTION.YES:
|
if redurl and kb.choices.redirect == REDIRECTION.YES:
|
||||||
parseResponse(content, headers)
|
parseResponse(content, headers)
|
||||||
|
|
||||||
req.headers[HTTP_HEADER.HOST] = getHostHeader(redurl)
|
req.headers[HTTP_HEADER.HOST] = getHostHeader(redurl)
|
||||||
|
|
|
@ -63,15 +63,15 @@ def _addPageTextWords():
|
||||||
|
|
||||||
@stackedmethod
|
@stackedmethod
|
||||||
def tableExists(tableFile, regex=None):
|
def tableExists(tableFile, regex=None):
|
||||||
if kb.tableExistsChoice is None and not any(_ for _ in kb.injection.data if _ not in (PAYLOAD.TECHNIQUE.TIME, PAYLOAD.TECHNIQUE.STACKED)) and not conf.direct:
|
if kb.choices.tableExists is None and not any(_ for _ in kb.injection.data if _ not in (PAYLOAD.TECHNIQUE.TIME, PAYLOAD.TECHNIQUE.STACKED)) and not conf.direct:
|
||||||
warnMsg = "it's not recommended to use '%s' and/or '%s' " % (PAYLOAD.SQLINJECTION[PAYLOAD.TECHNIQUE.TIME], PAYLOAD.SQLINJECTION[PAYLOAD.TECHNIQUE.STACKED])
|
warnMsg = "it's not recommended to use '%s' and/or '%s' " % (PAYLOAD.SQLINJECTION[PAYLOAD.TECHNIQUE.TIME], PAYLOAD.SQLINJECTION[PAYLOAD.TECHNIQUE.STACKED])
|
||||||
warnMsg += "for common table existence check"
|
warnMsg += "for common table existence check"
|
||||||
logger.warn(warnMsg)
|
logger.warn(warnMsg)
|
||||||
|
|
||||||
message = "are you sure you want to continue? [y/N] "
|
message = "are you sure you want to continue? [y/N] "
|
||||||
kb.tableExistsChoice = readInput(message, default='N', boolean=True)
|
kb.choices.tableExists = readInput(message, default='N', boolean=True)
|
||||||
|
|
||||||
if not kb.tableExistsChoice:
|
if not kb.choices.tableExists:
|
||||||
return None
|
return None
|
||||||
|
|
||||||
result = inject.checkBooleanExpression("%s" % safeStringFormat(BRUTE_TABLE_EXISTS_TEMPLATE, (randomInt(1), randomStr())))
|
result = inject.checkBooleanExpression("%s" % safeStringFormat(BRUTE_TABLE_EXISTS_TEMPLATE, (randomInt(1), randomStr())))
|
||||||
|
@ -187,15 +187,15 @@ def tableExists(tableFile, regex=None):
|
||||||
return kb.data.cachedTables
|
return kb.data.cachedTables
|
||||||
|
|
||||||
def columnExists(columnFile, regex=None):
|
def columnExists(columnFile, regex=None):
|
||||||
if kb.columnExistsChoice is None and not any(_ for _ in kb.injection.data if _ not in (PAYLOAD.TECHNIQUE.TIME, PAYLOAD.TECHNIQUE.STACKED)) and not conf.direct:
|
if kb.choices.columnExists is None and not any(_ for _ in kb.injection.data if _ not in (PAYLOAD.TECHNIQUE.TIME, PAYLOAD.TECHNIQUE.STACKED)) and not conf.direct:
|
||||||
warnMsg = "it's not recommended to use '%s' and/or '%s' " % (PAYLOAD.SQLINJECTION[PAYLOAD.TECHNIQUE.TIME], PAYLOAD.SQLINJECTION[PAYLOAD.TECHNIQUE.STACKED])
|
warnMsg = "it's not recommended to use '%s' and/or '%s' " % (PAYLOAD.SQLINJECTION[PAYLOAD.TECHNIQUE.TIME], PAYLOAD.SQLINJECTION[PAYLOAD.TECHNIQUE.STACKED])
|
||||||
warnMsg += "for common column existence check"
|
warnMsg += "for common column existence check"
|
||||||
logger.warn(warnMsg)
|
logger.warn(warnMsg)
|
||||||
|
|
||||||
message = "are you sure you want to continue? [y/N] "
|
message = "are you sure you want to continue? [y/N] "
|
||||||
kb.columnExistsChoice = readInput(message, default='N', boolean=True)
|
kb.choices.columnExists = readInput(message, default='N', boolean=True)
|
||||||
|
|
||||||
if not kb.columnExistsChoice:
|
if not kb.choices.columnExists:
|
||||||
return None
|
return None
|
||||||
|
|
||||||
if not conf.tbl:
|
if not conf.tbl:
|
||||||
|
|
|
@ -637,13 +637,13 @@ def storeHashesToFile(attack_dict):
|
||||||
if item and item not in items:
|
if item and item not in items:
|
||||||
items.add(item)
|
items.add(item)
|
||||||
|
|
||||||
if kb.storeHashesChoice is None:
|
if kb.choices.storeHashes is None:
|
||||||
message = "do you want to store hashes to a temporary file "
|
message = "do you want to store hashes to a temporary file "
|
||||||
message += "for eventual further processing with other tools [y/N] "
|
message += "for eventual further processing with other tools [y/N] "
|
||||||
|
|
||||||
kb.storeHashesChoice = readInput(message, default='N', boolean=True)
|
kb.choices.storeHashes = readInput(message, default='N', boolean=True)
|
||||||
|
|
||||||
if items and kb.storeHashesChoice:
|
if items and kb.choices.storeHashes:
|
||||||
handle, filename = tempfile.mkstemp(prefix=MKSTEMP_PREFIX.HASHES, suffix=".txt")
|
handle, filename = tempfile.mkstemp(prefix=MKSTEMP_PREFIX.HASHES, suffix=".txt")
|
||||||
os.close(handle)
|
os.close(handle)
|
||||||
|
|
||||||
|
|
|
@ -184,8 +184,8 @@ def _search(dork):
|
||||||
|
|
||||||
@stackedmethod
|
@stackedmethod
|
||||||
def search(dork):
|
def search(dork):
|
||||||
pushValue(kb.redirectChoice)
|
pushValue(kb.choices.redirect)
|
||||||
kb.redirectChoice = REDIRECTION.YES
|
kb.choices.redirect = REDIRECTION.YES
|
||||||
|
|
||||||
try:
|
try:
|
||||||
return _search(dork)
|
return _search(dork)
|
||||||
|
@ -203,7 +203,7 @@ def search(dork):
|
||||||
else:
|
else:
|
||||||
raise
|
raise
|
||||||
finally:
|
finally:
|
||||||
kb.redirectChoice = popValue()
|
kb.choices.redirect = popValue()
|
||||||
|
|
||||||
def setHTTPHandlers(): # Cross-referenced function
|
def setHTTPHandlers(): # Cross-referenced function
|
||||||
raise NotImplementedError
|
raise NotImplementedError
|
||||||
|
|
|
@ -10,6 +10,6 @@ from plugins.generic.connector import Connector as GenericConnector
|
||||||
|
|
||||||
class Connector(GenericConnector):
|
class Connector(GenericConnector):
|
||||||
def connect(self):
|
def connect(self):
|
||||||
errMsg = "on Raima it is not (currently) possible to establish a "
|
errMsg = "on Raima Database Manager it is not (currently) possible to establish a "
|
||||||
errMsg += "direct connection"
|
errMsg += "direct connection"
|
||||||
raise SqlmapUnsupportedFeatureException(errMsg)
|
raise SqlmapUnsupportedFeatureException(errMsg)
|
||||||
|
|
|
@ -10,75 +10,75 @@ from plugins.generic.enumeration import Enumeration as GenericEnumeration
|
||||||
|
|
||||||
class Enumeration(GenericEnumeration):
|
class Enumeration(GenericEnumeration):
|
||||||
def getBanner(self):
|
def getBanner(self):
|
||||||
warnMsg = "on Raima it is not possible to get the banner"
|
warnMsg = "on Raima Database Manager it is not possible to get the banner"
|
||||||
logger.warn(warnMsg)
|
logger.warn(warnMsg)
|
||||||
|
|
||||||
return None
|
return None
|
||||||
|
|
||||||
def getCurrentUser(self):
|
def getCurrentUser(self):
|
||||||
warnMsg = "on Raima it is not possible to enumerate the current user"
|
warnMsg = "on Raima Database Manager it is not possible to enumerate the current user"
|
||||||
logger.warn(warnMsg)
|
logger.warn(warnMsg)
|
||||||
|
|
||||||
def getCurrentDb(self):
|
def getCurrentDb(self):
|
||||||
warnMsg = "on Raima it is not possible to get name of the current database"
|
warnMsg = "on Raima Database Manager it is not possible to get name of the current database"
|
||||||
logger.warn(warnMsg)
|
logger.warn(warnMsg)
|
||||||
|
|
||||||
def isDba(self, user=None):
|
def isDba(self, user=None):
|
||||||
warnMsg = "on Raima it is not possible to test if current user is DBA"
|
warnMsg = "on Raima Database Manager it is not possible to test if current user is DBA"
|
||||||
logger.warn(warnMsg)
|
logger.warn(warnMsg)
|
||||||
|
|
||||||
def getUsers(self):
|
def getUsers(self):
|
||||||
warnMsg = "on Raima it is not possible to enumerate the users"
|
warnMsg = "on Raima Database Manager it is not possible to enumerate the users"
|
||||||
logger.warn(warnMsg)
|
logger.warn(warnMsg)
|
||||||
|
|
||||||
return []
|
return []
|
||||||
|
|
||||||
def getPasswordHashes(self):
|
def getPasswordHashes(self):
|
||||||
warnMsg = "on Raima it is not possible to enumerate the user password hashes"
|
warnMsg = "on Raima Database Manager it is not possible to enumerate the user password hashes"
|
||||||
logger.warn(warnMsg)
|
logger.warn(warnMsg)
|
||||||
|
|
||||||
return {}
|
return {}
|
||||||
|
|
||||||
def getPrivileges(self, *args, **kwargs):
|
def getPrivileges(self, *args, **kwargs):
|
||||||
warnMsg = "on Raima it is not possible to enumerate the user privileges"
|
warnMsg = "on Raima Database Manager it is not possible to enumerate the user privileges"
|
||||||
logger.warn(warnMsg)
|
logger.warn(warnMsg)
|
||||||
|
|
||||||
return {}
|
return {}
|
||||||
|
|
||||||
def getDbs(self):
|
def getDbs(self):
|
||||||
warnMsg = "on Raima it is not possible to enumerate databases (use only '--tables')"
|
warnMsg = "on Raima Database Manager it is not possible to enumerate databases (use only '--tables')"
|
||||||
logger.warn(warnMsg)
|
logger.warn(warnMsg)
|
||||||
|
|
||||||
return []
|
return []
|
||||||
|
|
||||||
def searchDb(self):
|
def searchDb(self):
|
||||||
warnMsg = "on Raima it is not possible to search databases"
|
warnMsg = "on Raima Database Manager it is not possible to search databases"
|
||||||
logger.warn(warnMsg)
|
logger.warn(warnMsg)
|
||||||
|
|
||||||
return []
|
return []
|
||||||
|
|
||||||
def searchTable(self):
|
def searchTable(self):
|
||||||
warnMsg = "on Raima it is not possible to search tables"
|
warnMsg = "on Raima Database Manager it is not possible to search tables"
|
||||||
logger.warn(warnMsg)
|
logger.warn(warnMsg)
|
||||||
|
|
||||||
return []
|
return []
|
||||||
|
|
||||||
def searchColumn(self):
|
def searchColumn(self):
|
||||||
warnMsg = "on Raima it is not possible to search columns"
|
warnMsg = "on Raima Database Manager it is not possible to search columns"
|
||||||
logger.warn(warnMsg)
|
logger.warn(warnMsg)
|
||||||
|
|
||||||
return []
|
return []
|
||||||
|
|
||||||
def search(self):
|
def search(self):
|
||||||
warnMsg = "on Raima search option is not available"
|
warnMsg = "on Raima Database Manager search option is not available"
|
||||||
logger.warn(warnMsg)
|
logger.warn(warnMsg)
|
||||||
|
|
||||||
def getHostname(self):
|
def getHostname(self):
|
||||||
warnMsg = "on Raima it is not possible to enumerate the hostname"
|
warnMsg = "on Raima Database Manager it is not possible to enumerate the hostname"
|
||||||
logger.warn(warnMsg)
|
logger.warn(warnMsg)
|
||||||
|
|
||||||
def getStatements(self):
|
def getStatements(self):
|
||||||
warnMsg = "on Raima it is not possible to enumerate the SQL statements"
|
warnMsg = "on Raima Database Manager it is not possible to enumerate the SQL statements"
|
||||||
logger.warn(warnMsg)
|
logger.warn(warnMsg)
|
||||||
|
|
||||||
return []
|
return []
|
||||||
|
|
|
@ -10,9 +10,9 @@ from plugins.generic.filesystem import Filesystem as GenericFilesystem
|
||||||
|
|
||||||
class Filesystem(GenericFilesystem):
|
class Filesystem(GenericFilesystem):
|
||||||
def readFile(self, remoteFile):
|
def readFile(self, remoteFile):
|
||||||
errMsg = "on Raima it is not possible to read files"
|
errMsg = "on Raima Database Manager it is not possible to read files"
|
||||||
raise SqlmapUnsupportedFeatureException(errMsg)
|
raise SqlmapUnsupportedFeatureException(errMsg)
|
||||||
|
|
||||||
def writeFile(self, localFile, remoteFile, fileType=None, forceCheck=False):
|
def writeFile(self, localFile, remoteFile, fileType=None, forceCheck=False):
|
||||||
errMsg = "on Raima it is not possible to write files"
|
errMsg = "on Raima Database Manager it is not possible to write files"
|
||||||
raise SqlmapUnsupportedFeatureException(errMsg)
|
raise SqlmapUnsupportedFeatureException(errMsg)
|
||||||
|
|
|
@ -10,19 +10,19 @@ from plugins.generic.takeover import Takeover as GenericTakeover
|
||||||
|
|
||||||
class Takeover(GenericTakeover):
|
class Takeover(GenericTakeover):
|
||||||
def osCmd(self):
|
def osCmd(self):
|
||||||
errMsg = "on Raima it is not possible to execute commands"
|
errMsg = "on Raima Database Manager it is not possible to execute commands"
|
||||||
raise SqlmapUnsupportedFeatureException(errMsg)
|
raise SqlmapUnsupportedFeatureException(errMsg)
|
||||||
|
|
||||||
def osShell(self):
|
def osShell(self):
|
||||||
errMsg = "on Raima it is not possible to execute commands"
|
errMsg = "on Raima Database Manager it is not possible to execute commands"
|
||||||
raise SqlmapUnsupportedFeatureException(errMsg)
|
raise SqlmapUnsupportedFeatureException(errMsg)
|
||||||
|
|
||||||
def osPwn(self):
|
def osPwn(self):
|
||||||
errMsg = "on Raima it is not possible to establish an "
|
errMsg = "on Raima Database Manager it is not possible to establish an "
|
||||||
errMsg += "out-of-band connection"
|
errMsg += "out-of-band connection"
|
||||||
raise SqlmapUnsupportedFeatureException(errMsg)
|
raise SqlmapUnsupportedFeatureException(errMsg)
|
||||||
|
|
||||||
def osSmb(self):
|
def osSmb(self):
|
||||||
errMsg = "on Raima it is not possible to establish an "
|
errMsg = "on Raima Database Manager it is not possible to establish an "
|
||||||
errMsg += "out-of-band connection"
|
errMsg += "out-of-band connection"
|
||||||
raise SqlmapUnsupportedFeatureException(errMsg)
|
raise SqlmapUnsupportedFeatureException(errMsg)
|
||||||
|
|
|
@ -540,8 +540,8 @@ class Databases(object):
|
||||||
|
|
||||||
elif Backend.getIdentifiedDbms() in (DBMS.ACCESS, DBMS.MCKOI, DBMS.EXTREMEDB, DBMS.RAIMA):
|
elif Backend.getIdentifiedDbms() in (DBMS.ACCESS, DBMS.MCKOI, DBMS.EXTREMEDB, DBMS.RAIMA):
|
||||||
warnMsg = "cannot retrieve column names, "
|
warnMsg = "cannot retrieve column names, "
|
||||||
warnMsg += "back-end DBMS is %s" % Backend.getIdentifiedDbms()
|
warnMsg += "back-end DBMS is '%s'" % Backend.getIdentifiedDbms()
|
||||||
logger.warn(warnMsg)
|
singleTimeWarnMessage(warnMsg)
|
||||||
bruteForce = True
|
bruteForce = True
|
||||||
|
|
||||||
if bruteForce:
|
if bruteForce:
|
||||||
|
@ -571,12 +571,17 @@ class Databases(object):
|
||||||
|
|
||||||
return kb.data.cachedColumns
|
return kb.data.cachedColumns
|
||||||
|
|
||||||
message = "do you want to use common column existence check? %s" % ("[Y/n/q]" if Backend.getIdentifiedDbms() in (DBMS.ACCESS, DBMS.MCKOI, DBMS.EXTREMEDB) else "[y/N/q]")
|
if kb.choices.columnExists is None:
|
||||||
choice = readInput(message, default='Y' if 'Y' in message else 'N').upper()
|
message = "do you want to use common column existence check? %s" % ("[Y/n/q]" if Backend.getIdentifiedDbms() in (DBMS.ACCESS, DBMS.MCKOI, DBMS.EXTREMEDB) else "[y/N/q]")
|
||||||
|
kb.choices.columnExists = readInput(message, default='Y' if 'Y' in message else 'N').upper()
|
||||||
|
|
||||||
if choice == 'N':
|
if kb.choices.columnExists == 'N':
|
||||||
return
|
if dumpMode and colList:
|
||||||
elif choice == 'Q':
|
kb.data.cachedColumns[safeSQLIdentificatorNaming(conf.db)] = {safeSQLIdentificatorNaming(tbl, True): dict((_, None) for _ in colList)}
|
||||||
|
return kb.data.cachedColumns
|
||||||
|
else:
|
||||||
|
return None
|
||||||
|
elif kb.choices.columnExists == 'Q':
|
||||||
raise SqlmapUserQuitException
|
raise SqlmapUserQuitException
|
||||||
else:
|
else:
|
||||||
return columnExists(paths.COMMON_COLUMNS)
|
return columnExists(paths.COMMON_COLUMNS)
|
||||||
|
|
Loading…
Reference in New Issue
Block a user