sqlmapproject/sqlmap
1
1
Fork 0
mirror of https://github.com/sqlmapproject/sqlmap.git synced 2024-11-22 01:26:42 +03:00
Code Issues Packages Projects Releases Wiki Activity

refactoring (class names should always be Capital cased)

Browse Source
This commit is contained in:
Miroslav Stampar 2011-01-28 16:36:09 +00:00
parent ddd296030d
commit 367d0639f0
42 changed files with 775 additions and 775 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
extra/gprof2dot/gprof2dot.py
View File

@ -1036,7 +1036,7 @@ class CallgrindParser(LineParser):
"""Parser for valgrind's callgrind tool.
See also:
- http://valgrind.org/docs/manual/cl-format.html
- http://valgrind.org/docs/manual/cl-Format.html
"""
_call_re = re.compile('^calls=\s*(\d+)\s+((\d+|\+\d+|-\d+|\*)\s+)+$')

2
extra/xdot/xdot.py
View File

@ -16,7 +16,7 @@
# along with this program. If not, see <http://www.gnu.org/licenses/>.
#
'''Visualize dot graphs via the xdot format.'''
'''Visualize dot graphs via the xdot Format.'''
__author__ = "Jose Fonseca"

8
lib/controller/action.py
View File

@ -8,8 +8,8 @@ See the file 'doc/COPYING' for copying permission
"""
from lib.controller.handler import setHandler
from lib.core.common import backend
from lib.core.common import format
from lib.core.common import Backend
from lib.core.common import Format
from lib.core.common import dataToStdout
from lib.core.data import conf
from lib.core.data import kb
@ -31,8 +31,8 @@ def action():
# system to be able to go ahead with the injection
setHandler()
if not backend.getDbms() or not conf.dbmsHandler:
htmlParsed = format.getErrorParsedDBMSes()
if not Backend.getDbms() or not conf.dbmsHandler:
htmlParsed = Format.getErrorParsedDBMSes()
errMsg = "sqlmap was not able to fingerprint the "
errMsg += "back-end database management system"

26
lib/controller/checks.py
View File

@ -13,11 +13,11 @@ import time
from lib.core.agent import agent
from lib.core.common import aliasToDbmsEnum
from lib.core.common import backend
from lib.core.common import Backend
from lib.core.common import beep
from lib.core.common import extractRegexResult
from lib.core.common import findDynamicContent
from lib.core.common import format
from lib.core.common import Format
from lib.core.common import getComparePageRatio
from lib.core.common import getCompiledRegex
from lib.core.common import getSortedInjectionTests
@ -140,19 +140,19 @@ def checkSqlInjection(place, parameter, value):
continue
if len(backend.getErrorParsedDBMSes()) > 0 and dbms not in backend.getErrorParsedDBMSes() and kb.skipOthersDbms is None:
if len(Backend.getErrorParsedDBMSes()) > 0 and dbms not in Backend.getErrorParsedDBMSes() and kb.skipOthersDbms is None:
msg = "parsed error message(s) showed that the "
msg += "back-end DBMS could be %s. " % format.getErrorParsedDBMSes()
msg += "back-end DBMS could be %s. " % Format.getErrorParsedDBMSes()
msg += "Do you want to skip test payloads specific for other DBMSes? [Y/n]"
if conf.realTest or readInput(msg, default="Y") in ("y", "Y"):
kb.skipOthersDbms = backend.getErrorParsedDBMSes()
kb.skipOthersDbms = Backend.getErrorParsedDBMSes()
if kb.skipOthersDbms and dbms not in kb.skipOthersDbms:
debugMsg = "skipping test '%s' because " % title
debugMsg += "the parsed error message(s) showed "
debugMsg += "that the back-end DBMS could be "
debugMsg += "%s" % format.getErrorParsedDBMSes()
debugMsg += "%s" % Format.getErrorParsedDBMSes()
logger.debug(debugMsg)
continue
@ -350,7 +350,7 @@ def checkSqlInjection(place, parameter, value):
# Force back-end DBMS according to the current
# test value for proper payload unescaping
backend.forceDbms(dbms)
Backend.forceDbms(dbms)
# Skip test if the user provided custom column
# range and this is not a custom UNION test
@ -362,7 +362,7 @@ def checkSqlInjection(place, parameter, value):
configUnion(test.request.char, test.request.columns)
if not backend.getIdentifiedDbms():
if not Backend.getIdentifiedDbms():
warnMsg = "using unescaped version of the test "
warnMsg += "because of zero knowledge of the "
warnMsg += "back-end DBMS"
@ -382,7 +382,7 @@ def checkSqlInjection(place, parameter, value):
where = vector[6]
# Reset forced back-end DBMS value
backend.flushForcedDbms()
Backend.flushForcedDbms()
# If the injection test was successful feed the injection
# object with the test's details
@ -421,11 +421,11 @@ def checkSqlInjection(place, parameter, value):
if hasattr(test, "details"):
for dKey, dValue in test.details.items():
if dKey == "dbms":
injection.dbms = backend.setDbms(dValue)
injection.dbms = Backend.setDbms(dValue)
elif dKey == "dbms_version" and injection.dbms_version is None:
injection.dbms_version = backend.setVersion(dValue)
injection.dbms_version = Backend.setVersion(dValue)
elif dKey == "os" and injection.os is None:
injection.os = backend.setOs(dValue)
injection.os = Backend.setOs(dValue)
if conf.beep or conf.realTest:
beep()
@ -488,7 +488,7 @@ def heuristicCheckSqlInjection(place, parameter):
infoMsg += "parameter '%s' might " % parameter
if result:
infoMsg += "be injectable (possible DBMS: %s)" % (format.getErrorParsedDBMSes() or UNKNOWN_DBMS_VERSION)
infoMsg += "be injectable (possible DBMS: %s)" % (Format.getErrorParsedDBMSes() or UNKNOWN_DBMS_VERSION)
logger.info(infoMsg)
else:
infoMsg += "not be injectable"

8
lib/controller/handler.py
View File

@ -7,7 +7,7 @@ Copyright (c) 2006-2010 sqlmap developers (http://sqlmap.sourceforge.net/)
See the file 'doc/COPYING' for copying permission
"""
from lib.core.common import backend
from lib.core.common import Backend
from lib.core.common import popValue
from lib.core.common import pushValue
from lib.core.data import conf
@ -63,11 +63,11 @@ def setHandler():
( SYBASE_ALIASES, SybaseMap, SybaseConn ),
]
if backend.getIdentifiedDbms() is not None:
if Backend.getIdentifiedDbms() is not None:
for i in xrange(len(dbmsObj)):
dbmsAliases, _, _ = dbmsObj[i]
if backend.getIdentifiedDbms().lower() in dbmsAliases:
if Backend.getIdentifiedDbms().lower() in dbmsAliases:
if i > 0:
pushValue(dbmsObj[i])
dbmsObj.remove(dbmsObj[i])
@ -102,4 +102,4 @@ def setHandler():
# At this point back-end DBMS is correctly fingerprinted, no need
# to enforce it anymore
backend.flushForcedDbms()
Backend.flushForcedDbms()

64
lib/core/agent.py
View File

@ -11,7 +11,7 @@ import re
from xml.etree import ElementTree as ET
from lib.core.common import backend
from lib.core.common import Backend
from lib.core.common import getCompiledRegex
from lib.core.common import isDBMSVersionAtLeast
from lib.core.common import isTechniqueAvailable
@ -222,8 +222,8 @@ class Agent:
payload = payload.replace("[ORIGVALUE]", origvalue)
if "[INFERENCE]" in payload:
if backend.getIdentifiedDbms() is not None:
inference = queries[backend.getIdentifiedDbms()].inference
if Backend.getIdentifiedDbms() is not None:
inference = queries[Backend.getIdentifiedDbms()].inference
if "dbms_version" in inference:
if isDBMSVersionAtLeast(inference.dbms_version):
@ -281,17 +281,17 @@ class Agent:
# SQLite version 2 does not support neither CAST() nor IFNULL(),
# introduced only in SQLite version 3
if backend.getIdentifiedDbms() == DBMS.SQLITE:
if Backend.getIdentifiedDbms() == DBMS.SQLITE:
return field
if field.startswith("(CASE"):
nulledCastedField = field
else:
nulledCastedField = queries[backend.getIdentifiedDbms()].cast.query % field
if backend.getIdentifiedDbms() == DBMS.ACCESS:
nulledCastedField = queries[backend.getIdentifiedDbms()].isnull.query % (nulledCastedField, nulledCastedField)
nulledCastedField = queries[Backend.getIdentifiedDbms()].cast.query % field
if Backend.getIdentifiedDbms() == DBMS.ACCESS:
nulledCastedField = queries[Backend.getIdentifiedDbms()].isnull.query % (nulledCastedField, nulledCastedField)
else:
nulledCastedField = queries[backend.getIdentifiedDbms()].isnull.query % nulledCastedField
nulledCastedField = queries[Backend.getIdentifiedDbms()].isnull.query % nulledCastedField
return nulledCastedField
@ -325,7 +325,7 @@ class Agent:
@rtype: C{str}
"""
if not backend.getDbms():
if not Backend.getDbms():
return fields
if fields.startswith("(CASE"):
@ -333,7 +333,7 @@ class Agent:
else:
fields = fields.replace(", ", ",")
fieldsSplitted = fields.split(",")
dbmsDelimiter = queries[backend.getIdentifiedDbms()].delimiter.query
dbmsDelimiter = queries[Backend.getIdentifiedDbms()].delimiter.query
nulledCastedFields = []
for field in fieldsSplitted:
@ -396,13 +396,13 @@ class Agent:
def simpleConcatQuery(self, query1, query2):
concatenatedQuery = ""
if backend.getIdentifiedDbms() == DBMS.MYSQL:
if Backend.getIdentifiedDbms() == DBMS.MYSQL:
concatenatedQuery = "CONCAT(%s,%s)" % (query1, query2)
elif backend.getIdentifiedDbms() in (DBMS.PGSQL, DBMS.ORACLE, DBMS.SQLITE):
elif Backend.getIdentifiedDbms() in (DBMS.PGSQL, DBMS.ORACLE, DBMS.SQLITE):
concatenatedQuery = "%s||%s" % (query1, query2)
elif backend.getIdentifiedDbms() in (DBMS.MSSQL, DBMS.SYBASE):
elif Backend.getIdentifiedDbms() in (DBMS.MSSQL, DBMS.SYBASE):
concatenatedQuery = "%s+%s" % (query1, query2)
return concatenatedQuery
@ -444,7 +444,7 @@ class Agent:
concatenatedQuery = query
fieldsSelectFrom, fieldsSelect, fieldsNoSelect, fieldsSelectTop, fieldsSelectCase, _, fieldsToCastStr, fieldsExists = self.getFields(query)
if backend.getIdentifiedDbms() == DBMS.MYSQL:
if Backend.getIdentifiedDbms() == DBMS.MYSQL:
if fieldsExists:
concatenatedQuery = concatenatedQuery.replace("SELECT ", "CONCAT('%s'," % kb.misc.start, 1)
concatenatedQuery += ",'%s')" % kb.misc.stop
@ -460,7 +460,7 @@ class Agent:
elif fieldsNoSelect:
concatenatedQuery = "CONCAT('%s',%s,'%s')" % (kb.misc.start, concatenatedQuery, kb.misc.stop)
elif backend.getIdentifiedDbms() in (DBMS.PGSQL, DBMS.ORACLE, DBMS.SQLITE):
elif Backend.getIdentifiedDbms() in (DBMS.PGSQL, DBMS.ORACLE, DBMS.SQLITE):
if fieldsExists:
concatenatedQuery = concatenatedQuery.replace("SELECT ", "'%s'||" % kb.misc.start, 1)
concatenatedQuery += "||'%s'" % kb.misc.stop
@ -476,7 +476,7 @@ class Agent:
elif fieldsNoSelect:
concatenatedQuery = "'%s'||%s||'%s'" % (kb.misc.start, concatenatedQuery, kb.misc.stop)
elif backend.getIdentifiedDbms() in (DBMS.MSSQL, DBMS.SYBASE):
elif Backend.getIdentifiedDbms() in (DBMS.MSSQL, DBMS.SYBASE):
if fieldsExists:
concatenatedQuery = concatenatedQuery.replace("SELECT ", "'%s'+" % kb.misc.start, 1)
concatenatedQuery += "+'%s'" % kb.misc.stop
@ -545,8 +545,8 @@ class Agent:
intoRegExp = intoRegExp.group(1)
query = query[:query.index(intoRegExp)]
if backend.getIdentifiedDbms() in FROM_TABLE and inbandQuery.endswith(FROM_TABLE[backend.getIdentifiedDbms()]):
inbandQuery = inbandQuery[:-len(FROM_TABLE[backend.getIdentifiedDbms()])]
if Backend.getIdentifiedDbms() in FROM_TABLE and inbandQuery.endswith(FROM_TABLE[Backend.getIdentifiedDbms()]):
inbandQuery = inbandQuery[:-len(FROM_TABLE[Backend.getIdentifiedDbms()])]
for element in range(0, count):
if element > 0:
@ -565,9 +565,9 @@ class Agent:
conditionIndex = query.index(" FROM ")
inbandQuery += query[conditionIndex:]
if backend.getIdentifiedDbms() in FROM_TABLE:
if Backend.getIdentifiedDbms() in FROM_TABLE:
if " FROM " not in inbandQuery or "(CASE " in inbandQuery:
inbandQuery += FROM_TABLE[backend.getIdentifiedDbms()]
inbandQuery += FROM_TABLE[Backend.getIdentifiedDbms()]
if intoRegExp:
inbandQuery += intoRegExp
@ -584,8 +584,8 @@ class Agent:
else:
inbandQuery += char
if backend.getIdentifiedDbms() in FROM_TABLE:
inbandQuery += FROM_TABLE[backend.getIdentifiedDbms()]
if Backend.getIdentifiedDbms() in FROM_TABLE:
inbandQuery += FROM_TABLE[Backend.getIdentifiedDbms()]
inbandQuery = self.suffixQuery(inbandQuery, comment, suffix)
@ -614,21 +614,21 @@ class Agent:
"""
limitedQuery = query
limitStr = queries[backend.getIdentifiedDbms()].limit.query
limitStr = queries[Backend.getIdentifiedDbms()].limit.query
fromIndex = limitedQuery.index(" FROM ")
untilFrom = limitedQuery[:fromIndex]
fromFrom = limitedQuery[fromIndex+1:]
orderBy = False
if backend.getIdentifiedDbms() in (DBMS.MYSQL, DBMS.PGSQL, DBMS.SQLITE):
limitStr = queries[backend.getIdentifiedDbms()].limit.query % (num, 1)
if Backend.getIdentifiedDbms() in (DBMS.MYSQL, DBMS.PGSQL, DBMS.SQLITE):
limitStr = queries[Backend.getIdentifiedDbms()].limit.query % (num, 1)
limitedQuery += " %s" % limitStr
elif backend.getIdentifiedDbms() == DBMS.FIREBIRD:
limitStr = queries[backend.getIdentifiedDbms()].limit.query % (num+1, num+1)
elif Backend.getIdentifiedDbms() == DBMS.FIREBIRD:
limitStr = queries[Backend.getIdentifiedDbms()].limit.query % (num+1, num+1)
limitedQuery += " %s" % limitStr
elif backend.getIdentifiedDbms() == DBMS.ORACLE:
elif Backend.getIdentifiedDbms() == DBMS.ORACLE:
if " ORDER BY " in limitedQuery and "(SELECT " in limitedQuery:
orderBy = limitedQuery[limitedQuery.index(" ORDER BY "):]
limitedQuery = limitedQuery[:limitedQuery.index(" ORDER BY ")]
@ -640,7 +640,7 @@ class Agent:
limitedQuery = limitedQuery % fromFrom
limitedQuery += "=%d" % (num + 1)
elif backend.getIdentifiedDbms() in (DBMS.MSSQL, DBMS.SYBASE):
elif Backend.getIdentifiedDbms() in (DBMS.MSSQL, DBMS.SYBASE):
forgeNotIn = True
if " ORDER BY " in limitedQuery:
@ -654,7 +654,7 @@ class Agent:
limitedQuery = limitedQuery.replace("DISTINCT %s" % notDistinct, notDistinct)
if limitedQuery.startswith("SELECT TOP ") or limitedQuery.startswith("TOP "):
topNums = re.search(queries[backend.getIdentifiedDbms()].limitregexp.query, limitedQuery, re.I)
topNums = re.search(queries[Backend.getIdentifiedDbms()].limitregexp.query, limitedQuery, re.I)
if topNums:
topNums = topNums.groups()
@ -700,8 +700,8 @@ class Agent:
@rtype: C{str}
"""
if backend.getIdentifiedDbms() is not None and hasattr(queries[backend.getIdentifiedDbms()], "case"):
return queries[backend.getIdentifiedDbms()].case.query % expression
if Backend.getIdentifiedDbms() is not None and hasattr(queries[Backend.getIdentifiedDbms()], "case"):
return queries[Backend.getIdentifiedDbms()].case.query % expression
else:
return expression

576
lib/core/common.py
View File

@ -127,6 +127,279 @@ class DynamicContentItem:
self.lineContentBefore = lineContentBefore
self.lineContentAfter = lineContentAfter
class Format:
@staticmethod
def humanize(values, chain=" or "):
strJoin = "|".join([v for v in values])
return strJoin.replace("|", chain)
# Get methods
@staticmethod
def getDbms(versions=None):
"""
Format the back-end DBMS fingerprint value and return its
values formatted as a human readable string.
@return: detected back-end DBMS based upon fingerprint techniques.
@rtype: C{str}
"""
if versions is None and Backend.getVersionList():
versions = Backend.getVersionList()
if versions is None:
return Backend.getDbms()
else:
return "%s %s" % (Backend.getDbms(), " and ".join([v for v in versions]))
@staticmethod
def getErrorParsedDBMSes():
"""
Parses the knowledge base htmlFp list and return its values
formatted as a human readable string.
@return: list of possible back-end DBMS based upon error messages
parsing.
@rtype: C{str}
"""
htmlParsed = ""
if len(kb.htmlFp) == 0:
return None
elif len(kb.htmlFp) == 1:
htmlParsed = kb.htmlFp[0]
elif len(kb.htmlFp) > 1:
htmlParsed = " or ".join([htmlFp for htmlFp in kb.htmlFp])
return htmlParsed
@staticmethod
def getOs(target, info):
"""
Formats the back-end operating system fingerprint value
and return its values formatted as a human readable string.
Example of info (kb.headersFp) dictionary:
{
'distrib': set(['Ubuntu']),
'type': set(['Linux']),
'technology': set(['PHP 5.2.6', 'Apache 2.2.9']),
'release': set(['8.10'])
}
Example of info (kb.bannerFp) dictionary:
{
'sp': set(['Service Pack 4']),
'dbmsVersion': '8.00.194',
'dbmsServicePack': '0',
'distrib': set(['2000']),
'dbmsRelease': '2000',
'type': set(['Windows'])
}
@return: detected back-end operating system based upon fingerprint
techniques.
@rtype: C{str}
"""
infoStr = ""
if info and "type" in info:
infoStr += "%s operating system: %s" % (target, Format.humanize(info["type"]))
if "distrib" in info:
infoStr += " %s" % Format.humanize(info["distrib"])
if "release" in info:
infoStr += " %s" % Format.humanize(info["release"])
if "sp" in info:
infoStr += " %s" % Format.humanize(info["sp"])
if "codename" in info:
infoStr += " (%s)" % Format.humanize(info["codename"])
if "technology" in info:
infoStr += "\nweb application technology: %s" % Format.humanize(info["technology"], ", ")
return infoStr
class Backend:
# Set methods
@staticmethod
def setDbms(dbms):
dbms = aliasToDbmsEnum(dbms)
if dbms is None:
return None
# Little precaution, in theory this condition should always be false
elif kb.dbms is not None and kb.dbms != dbms:
msg = "sqlmap previously fingerprinted back-end DBMS "
msg += "%s. However now it has been fingerprinted " % kb.dbms
msg += "to be %s. " % dbms
msg += "Please, specify which DBMS is "
msg += "correct [%s (default)/%s] " % (kb.dbms, dbms)
while True:
inp = readInput(msg, default=kb.dbms)
if aliasToDbmsEnum(inp) == kb.dbms:
break
elif aliasToDbmsEnum(inp) == dbms:
kb.dbms = aliasToDbmsEnum(inp)
break
else:
warnMsg = "invalid value"
logger.warn(warnMsg)
elif kb.dbms is None:
kb.dbms = aliasToDbmsEnum(dbms)
return kb.dbms
@staticmethod
def setVersion(version):
if isinstance(version, basestring):
kb.dbmsVersion = [ version ]
return kb.dbmsVersion
@staticmethod
def setVersionList(versionsList):
if isinstance(versionsList, list):
kb.dbmsVersion = versionsList
elif isinstance(version, basestring):
Backend.setVersion(versionsList)
else:
logger.error("invalid format of versionsList")
@staticmethod
def forceDbms(dbms):
kb.misc.forcedDbms = aliasToDbmsEnum(dbms)
@staticmethod
def flushForcedDbms():
kb.misc.forcedDbms = None
@staticmethod
def setOs(os):
if os is None:
return None
# Little precaution, in theory this condition should always be false
elif kb.os is not None and kb.os != os:
msg = "sqlmap previously fingerprinted back-end DBMS "
msg += "operating system %s. However now it has " % kb.os
msg += "been fingerprinted to be %s. " % os
msg += "Please, specify which OS is "
msg += "correct [%s (default)/%s] " % (kb.os, os)
while True:
inp = readInput(msg, default=kb.os)
if inp == kb.os:
break
elif inp == os:
kb.os = inp
break
else:
warnMsg = "invalid value"
logger.warn(warnMsg)
elif kb.os is None:
kb.os = os
return kb.os
# Get methods
@staticmethod
def getForcedDbms():
return aliasToDbmsEnum(kb.misc.forcedDbms)
@staticmethod
def getDbms():
return aliasToDbmsEnum(kb.dbms)
@staticmethod
def getErrorParsedDBMSes():
"""
Returns array with parsed DBMS names till now
This functions is called to:
1. Sort the tests, getSortedInjectionTests() - detection phase.
2. Ask user whether or not skip specific DBMS tests in detection phase,
lib/controller/checks.py - detection phase.
3. Sort the fingerprint of the DBMS, lib/controller/handler.py -
fingerprint phase.
"""
return kb.htmlFp
@staticmethod
def getIdentifiedDbms():
dbms = None
if Backend.getForcedDbms() is not None:
dbms = Backend.getForcedDbms()
elif Backend.getDbms() is not None:
dbms = kb.dbms
elif conf.dbms is not None:
dbms = conf.dbms
elif len(Backend.getErrorParsedDBMSes()) > 0:
dbms = Backend.getErrorParsedDBMSes()[0]
return aliasToDbmsEnum(dbms)
@staticmethod
def getVersion():
if len(kb.dbmsVersion) > 0:
return kb.dbmsVersion[0]
else:
return None
@staticmethod
def getVersionList():
if len(kb.dbmsVersion) > 0:
return kb.dbmsVersion
else:
return None
# Comparison methods
@staticmethod
def isDbms(dbms):
return Backend.getDbms() is not None and Backend.getDbms() == aliasToDbmsEnum(dbms)
@staticmethod
def isDbmsWithin(aliases):
return Backend.getDbms() is not None and Backend.getDbms().lower() in aliases
@staticmethod
def isVersion(version):
return Backend.getVersion() is not None and Backend.getVersion() == version
@staticmethod
def isVersionWithin(versionList):
if Backend.getVersionList() is None:
return False
for dbmsVersion in Backend.getVersionList():
if dbmsVersion == UNKNOWN_DBMS_VERSION:
continue
elif dbmsVersion in versionList:
return True
return False
@staticmethod
def isVersionGreaterOrEqualThan(version):
return Backend.getVersion() is not None and str(Backend.getVersion()) >= str(version)
def paramToDict(place, parameters=None):
"""
Split the parameters into names and values, check if these parameters
@ -512,14 +785,14 @@ def parsePasswordHash(password):
if not password or password == " ":
password = "NULL"
if backend.getIdentifiedDbms() == DBMS.MSSQL and password != "NULL" and isHexEncodedString(password):
if Backend.getIdentifiedDbms() == DBMS.MSSQL and password != "NULL" and isHexEncodedString(password):
hexPassword = password
password = "%s\n" % hexPassword
password += "%sheader: %s\n" % (blank, hexPassword[:6])
password += "%ssalt: %s\n" % (blank, hexPassword[6:14])
password += "%smixedcase: %s\n" % (blank, hexPassword[14:54])
if not backend.isVersionWithin(("2005", "2008")):
if not Backend.isVersionWithin(("2005", "2008")):
password += "%suppercase: %s" % (blank, hexPassword[54:])
return password
@ -817,25 +1090,25 @@ def parseUnionPage(output, expression, partial=False, condition=None, sort=True)
def getDelayQuery(andCond=False):
query = None
if backend.getIdentifiedDbms() in (DBMS.MYSQL, DBMS.PGSQL):
if Backend.getIdentifiedDbms() in (DBMS.MYSQL, DBMS.PGSQL):
if not kb.data.banner:
conf.dbmsHandler.getVersionFromBanner()
banVer = kb.bannerFp["dbmsVersion"] if 'dbmsVersion' in kb.bannerFp else None
if banVer is None or (backend.getIdentifiedDbms() == DBMS.MYSQL and banVer >= "5.0.12") or (backend.getIdentifiedDbms() == DBMS.PGSQL and banVer >= "8.2"):
query = queries[backend.getIdentifiedDbms()].timedelay.query % conf.timeSec
if banVer is None or (Backend.getIdentifiedDbms() == DBMS.MYSQL and banVer >= "5.0.12") or (Backend.getIdentifiedDbms() == DBMS.PGSQL and banVer >= "8.2"):
query = queries[Backend.getIdentifiedDbms()].timedelay.query % conf.timeSec
else:
query = queries[backend.getIdentifiedDbms()].timedelay.query2 % conf.timeSec
elif backend.getIdentifiedDbms() == DBMS.FIREBIRD:
query = queries[backend.getIdentifiedDbms()].timedelay.query
query = queries[Backend.getIdentifiedDbms()].timedelay.query2 % conf.timeSec
elif Backend.getIdentifiedDbms() == DBMS.FIREBIRD:
query = queries[Backend.getIdentifiedDbms()].timedelay.query
else:
query = queries[backend.getIdentifiedDbms()].timedelay.query % conf.timeSec
query = queries[Backend.getIdentifiedDbms()].timedelay.query % conf.timeSec
if andCond:
if backend.getIdentifiedDbms() in ( DBMS.MYSQL, DBMS.SQLITE ):
if Backend.getIdentifiedDbms() in ( DBMS.MYSQL, DBMS.SQLITE ):
query = query.replace("SELECT ", "")
elif backend.getIdentifiedDbms() == DBMS.FIREBIRD:
elif Backend.getIdentifiedDbms() == DBMS.FIREBIRD:
query = "(%s)>0" % query
return query
@ -1791,8 +2064,8 @@ def isDBMSVersionAtLeast(version):
retVal = None
if backend.getVersion() and backend.getVersion() != UNKNOWN_DBMS_VERSION:
value = backend.getVersion().replace(" ", "").rstrip('.')
if Backend.getVersion() and Backend.getVersion() != UNKNOWN_DBMS_VERSION:
value = Backend.getVersion().replace(" ", "").rstrip('.')
while True:
index = value.find('.', value.find('.') + 1)
@ -1910,14 +2183,14 @@ def getSortedInjectionTests():
retVal = SORTORDER.LAST
elif 'details' in test and 'dbms' in test.details:
if test.details.dbms in backend.getErrorParsedDBMSes():
if test.details.dbms in Backend.getErrorParsedDBMSes():
retVal = SORTORDER.SECOND
else:
retVal = SORTORDER.THIRD
return retVal
if backend.getErrorParsedDBMSes():
if Backend.getErrorParsedDBMSes():
retVal = sorted(retVal, key=priorityFunction)
return retVal
@ -1955,279 +2228,6 @@ def unicodeToSafeHTMLValue(value):
return retVal
class format:
@staticmethod
def humanize(values, chain=" or "):
strJoin = "|".join([v for v in values])
return strJoin.replace("|", chain)
# Get methods
@staticmethod
def getDbms(versions=None):
"""
Format the back-end DBMS fingerprint value and return its
values formatted as a human readable string.
@return: detected back-end DBMS based upon fingerprint techniques.
@rtype: C{str}
"""
if versions is None and backend.getVersionList():
versions = backend.getVersionList()
if versions is None:
return backend.getDbms()
else:
return "%s %s" % (backend.getDbms(), " and ".join([v for v in versions]))
@staticmethod
def getErrorParsedDBMSes():
"""
Parses the knowledge base htmlFp list and return its values
formatted as a human readable string.
@return: list of possible back-end DBMS based upon error messages
parsing.
@rtype: C{str}
"""
htmlParsed = ""
if len(kb.htmlFp) == 0:
return None
elif len(kb.htmlFp) == 1:
htmlParsed = kb.htmlFp[0]
elif len(kb.htmlFp) > 1:
htmlParsed = " or ".join([htmlFp for htmlFp in kb.htmlFp])
return htmlParsed
@staticmethod
def getOs(target, info):
"""
Formats the back-end operating system fingerprint value
and return its values formatted as a human readable string.
Example of info (kb.headersFp) dictionary:
{
'distrib': set(['Ubuntu']),
'type': set(['Linux']),
'technology': set(['PHP 5.2.6', 'Apache 2.2.9']),
'release': set(['8.10'])
}
Example of info (kb.bannerFp) dictionary:
{
'sp': set(['Service Pack 4']),
'dbmsVersion': '8.00.194',
'dbmsServicePack': '0',
'distrib': set(['2000']),
'dbmsRelease': '2000',
'type': set(['Windows'])
}
@return: detected back-end operating system based upon fingerprint
techniques.
@rtype: C{str}
"""
infoStr = ""
if info and "type" in info:
infoStr += "%s operating system: %s" % (target, format.humanize(info["type"]))
if "distrib" in info:
infoStr += " %s" % format.humanize(info["distrib"])
if "release" in info:
infoStr += " %s" % format.humanize(info["release"])
if "sp" in info:
infoStr += " %s" % format.humanize(info["sp"])
if "codename" in info:
infoStr += " (%s)" % format.humanize(info["codename"])
if "technology" in info:
infoStr += "\nweb application technology: %s" % format.humanize(info["technology"], ", ")
return infoStr
class backend:
# Set methods
@staticmethod
def setDbms(dbms):
dbms = aliasToDbmsEnum(dbms)
if dbms is None:
return None
# Little precaution, in theory this condition should always be false
elif kb.dbms is not None and kb.dbms != dbms:
msg = "sqlmap previously fingerprinted back-end DBMS "
msg += "%s. However now it has been fingerprinted " % kb.dbms
msg += "to be %s. " % dbms
msg += "Please, specify which DBMS is "
msg += "correct [%s (default)/%s] " % (kb.dbms, dbms)
while True:
inp = readInput(msg, default=kb.dbms)
if aliasToDbmsEnum(inp) == kb.dbms:
break
elif aliasToDbmsEnum(inp) == dbms:
kb.dbms = aliasToDbmsEnum(inp)
break
else:
warnMsg = "invalid value"
logger.warn(warnMsg)
elif kb.dbms is None:
kb.dbms = aliasToDbmsEnum(dbms)
return kb.dbms
@staticmethod
def setVersion(version):
if isinstance(version, basestring):
kb.dbmsVersion = [ version ]
return kb.dbmsVersion
@staticmethod
def setVersionList(versionsList):
if isinstance(versionsList, list):
kb.dbmsVersion = versionsList
elif isinstance(version, basestring):
backend.setVersion(versionsList)
else:
logger.error("invalid format of versionsList")
@staticmethod
def forceDbms(dbms):
kb.misc.forcedDbms = aliasToDbmsEnum(dbms)
@staticmethod
def flushForcedDbms():
kb.misc.forcedDbms = None
@staticmethod
def setOs(os):
if os is None:
return None
# Little precaution, in theory this condition should always be false
elif kb.os is not None and kb.os != os:
msg = "sqlmap previously fingerprinted back-end DBMS "
msg += "operating system %s. However now it has " % kb.os
msg += "been fingerprinted to be %s. " % os
msg += "Please, specify which OS is "
msg += "correct [%s (default)/%s] " % (kb.os, os)
while True:
inp = readInput(msg, default=kb.os)
if inp == kb.os:
break
elif inp == os:
kb.os = inp
break
else:
warnMsg = "invalid value"
logger.warn(warnMsg)
elif kb.os is None:
kb.os = os
return kb.os
# Get methods
@staticmethod
def getForcedDbms():
return aliasToDbmsEnum(kb.misc.forcedDbms)
@staticmethod
def getDbms():
return aliasToDbmsEnum(kb.dbms)
@staticmethod
def getErrorParsedDBMSes():
"""
Returns array with parsed DBMS names till now
This functions is called to:
1. Sort the tests, getSortedInjectionTests() - detection phase.
2. Ask user whether or not skip specific DBMS tests in detection phase,
lib/controller/checks.py - detection phase.
3. Sort the fingerprint of the DBMS, lib/controller/handler.py -
fingerprint phase.
"""
return kb.htmlFp
@staticmethod
def getIdentifiedDbms():
dbms = None
if backend.getForcedDbms() is not None:
dbms = backend.getForcedDbms()
elif backend.getDbms() is not None:
dbms = kb.dbms
elif conf.dbms is not None:
dbms = conf.dbms
elif len(backend.getErrorParsedDBMSes()) > 0:
dbms = backend.getErrorParsedDBMSes()[0]
return aliasToDbmsEnum(dbms)
@staticmethod
def getVersion():
if len(kb.dbmsVersion) > 0:
return kb.dbmsVersion[0]
else:
return None
@staticmethod
def getVersionList():
if len(kb.dbmsVersion) > 0:
return kb.dbmsVersion
else:
return None
# Comparison methods
@staticmethod
def isDbms(dbms):
return backend.getDbms() is not None and backend.getDbms() == aliasToDbmsEnum(dbms)
@staticmethod
def isDbmsWithin(aliases):
return backend.getDbms() is not None and backend.getDbms().lower() in aliases
@staticmethod
def isVersion(version):
return backend.getVersion() is not None and backend.getVersion() == version
@staticmethod
def isVersionWithin(versionList):
if backend.getVersionList() is None:
return False
for dbmsVersion in backend.getVersionList():
if dbmsVersion == UNKNOWN_DBMS_VERSION:
continue
elif dbmsVersion in versionList:
return True
return False
@staticmethod
def isVersionGreaterOrEqualThan(version):
return backend.getVersion() is not None and str(backend.getVersion()) >= str(version)
def showHttpErrorCodes():
"""
Shows all HTTP error codes raised till now

6
lib/core/option.py
View File

@ -24,7 +24,7 @@ from extra.clientform.clientform import ParseResponse
from extra.keepalive import keepalive
from extra.xmlobject import xmlobject
from lib.controller.checks import checkConnection
from lib.core.common import backend
from lib.core.common import Backend
from lib.core.common import extractRegexResult
from lib.core.common import getConsoleWidth
from lib.core.common import getFileItems
@ -595,7 +595,7 @@ def __setDBMS():
dbmsRegExp = re.search("%s ([\d\.]+)" % firstRegExp, conf.dbms, re.I)
if dbmsRegExp:
backend.setVersion(str(dbmsRegExp.group(2)))
Backend.setVersion(str(dbmsRegExp.group(2)))
if conf.dbms not in SUPPORTED_DBMS:
errMsg = "you provided an unsupported back-end database management "
@ -1255,7 +1255,7 @@ def __setKnowledgeBaseAttributes(flushAll=True):
def __saveCmdline():
"""
Saves the command line options on a sqlmap configuration INI file
format.
Format.
"""
if not conf.saveCmdline:

26
lib/core/session.py
View File

@ -9,8 +9,8 @@ See the file 'doc/COPYING' for copying permission
import re
from lib.core.common import backend
from lib.core.common import format
from lib.core.common import Backend
from lib.core.common import Format
from lib.core.common import dataToSessionFile
from lib.core.common import getFilteredPageContent
from lib.core.common import readInput
@ -91,9 +91,9 @@ def setDbms(dbms):
if dbmsRegExp:
dbms = dbmsRegExp.group(1)
backend.setDbms(dbms)
Backend.setDbms(dbms)
logger.info("the back-end DBMS is %s" % backend.getDbms())
logger.info("the back-end DBMS is %s" % Backend.getDbms())
def setOs():
"""
@ -120,15 +120,15 @@ def setOs():
return
if "type" in kb.bannerFp:
kb.os = format.humanize(kb.bannerFp["type"])
kb.os = Format.humanize(kb.bannerFp["type"])
infoMsg = "the back-end DBMS operating system is %s" % kb.os
if "distrib" in kb.bannerFp:
kb.osVersion = format.humanize(kb.bannerFp["distrib"])
kb.osVersion = Format.humanize(kb.bannerFp["distrib"])
infoMsg += " %s" % kb.osVersion
if "sp" in kb.bannerFp:
kb.osSP = int(format.humanize(kb.bannerFp["sp"]).replace("Service Pack ", ""))
kb.osSP = int(Format.humanize(kb.bannerFp["sp"]).replace("Service Pack ", ""))
elif "sp" not in kb.bannerFp and kb.os == "Windows":
kb.osSP = 0
@ -195,11 +195,11 @@ def resumeConfKb(expression, url, value):
test = readInput(message, default="N")
if not test or test[0] in ("n", "N"):
backend.setDbms(dbms)
backend.setVersionList(dbmsVersion)
Backend.setDbms(dbms)
Backend.setVersionList(dbmsVersion)
else:
backend.setDbms(dbms)
backend.setVersionList(dbmsVersion)
Backend.setDbms(dbms)
Backend.setVersionList(dbmsVersion)
elif expression == "OS" and url == conf.url:
os = unSafeFormatString(value[:-1])
@ -236,7 +236,7 @@ def resumeConfKb(expression, url, value):
if '.' in table:
db, table = table.split('.')
else:
db = "%s%s" % (backend.getIdentifiedDbms(), METADB_SUFFIX)
db = "%s%s" % (Backend.getIdentifiedDbms(), METADB_SUFFIX)
logMsg = "resuming brute forced table name "
logMsg += "'%s' from session file" % table
@ -251,7 +251,7 @@ def resumeConfKb(expression, url, value):
if '.' in table:
db, table = table.split('.')
else:
db = "%s%s" % (backend.getIdentifiedDbms(), METADB_SUFFIX)
db = "%s%s" % (Backend.getIdentifiedDbms(), METADB_SUFFIX)
logMsg = "resuming brute forced column name "
logMsg += "'%s' for table '%s' from session file" % (colName, table)

4
lib/core/shell.py
View File

@ -12,7 +12,7 @@ import os
import rlcompleter
from lib.core import readlineng as readline
from lib.core.common import backend
from lib.core.common import Backend
from lib.core.data import kb
from lib.core.data import logger
from lib.core.data import paths
@ -35,7 +35,7 @@ def loadHistory():
def queriesForAutoCompletion():
autoComplQueries = {}
for item in queries[backend.getIdentifiedDbms()]._toflat():
for item in queries[Backend.getIdentifiedDbms()]._toflat():
if item._has_key('query') and len(item.query) > 1 and item._name != 'blind':
autoComplQueries[item.query] = None

4
lib/core/unescaper.py
View File

@ -7,12 +7,12 @@ Copyright (c) 2006-2010 sqlmap developers (http://sqlmap.sourceforge.net/)
See the file 'doc/COPYING' for copying permission
"""
from lib.core.common import backend
from lib.core.common import Backend
from lib.core.datatype import advancedDict
class Unescaper(advancedDict):
def unescape(self, expression, quote=True, dbms=None):
identifiedDbms = backend.getIdentifiedDbms()
identifiedDbms = Backend.getIdentifiedDbms()
if not expression:
return expression

6
lib/core/xmldump.py
View File

@ -76,7 +76,7 @@ ENTITIES = {'"':'&quot;',"'":"&apos;"}
class XMLDump:
'''
This class purpose is to dump the data into an xml format.
This class purpose is to dump the data into an xml Format.
The format of the xml file is described in the scheme file xml/sqlmap.xsd
'''
@ -118,7 +118,7 @@ class XMLDump:
def __createTextNode(self,data):
'''
Creates a text node with utf8 data inside.
The text is escaped to an fit the xml text format.
The text is escaped to an fit the xml text Format.
'''
if data is None :
return self.__doc.createTextNode(u'')
@ -129,7 +129,7 @@ class XMLDump:
def __createAttribute(self,attrName,attrValue):
'''
Creates an attribute node with utf8 data inside.
The text is escaped to an fit the xml text format.
The text is escaped to an fit the xml text Format.
'''
attr = self.__doc.createAttribute(attrName)
if attrValue is None :

12
lib/parse/banner.py
View File

@ -13,7 +13,7 @@ from xml.sax.handler import ContentHandler
from lib.core.common import checkFile
from lib.core.common import getCompiledRegex
from lib.core.common import backend
from lib.core.common import Backend
from lib.core.common import parseXmlFile
from lib.core.common import sanitizeStr
from lib.core.data import kb
@ -97,13 +97,13 @@ def bannerParser(banner):
xmlfile = None
if backend.getIdentifiedDbms() == DBMS.MSSQL:
if Backend.getIdentifiedDbms() == DBMS.MSSQL:
xmlfile = paths.MSSQL_XML
elif backend.getIdentifiedDbms() == DBMS.MYSQL:
elif Backend.getIdentifiedDbms() == DBMS.MYSQL:
xmlfile = paths.MYSQL_XML
elif backend.getIdentifiedDbms() == DBMS.ORACLE:
elif Backend.getIdentifiedDbms() == DBMS.ORACLE:
xmlfile = paths.ORACLE_XML
elif backend.getIdentifiedDbms() == DBMS.PGSQL:
elif Backend.getIdentifiedDbms() == DBMS.PGSQL:
xmlfile = paths.PGSQL_XML
if not xmlfile:
@ -111,7 +111,7 @@ def bannerParser(banner):
checkFile(xmlfile)
if backend.getIdentifiedDbms() == DBMS.MSSQL:
if Backend.getIdentifiedDbms() == DBMS.MSSQL:
handler = MSSQLBannerHandler(banner, kb.bannerFp)
parseXmlFile(xmlfile, handler)

4
lib/request/direct.py
View File

@ -9,7 +9,7 @@ See the file 'doc/COPYING' for copying permission
from lib.core.agent import agent
from lib.core.common import dataToSessionFile
from lib.core.common import backend
from lib.core.common import Backend
from lib.core.common import getUnicode
from lib.core.convert import base64pickle
from lib.core.convert import base64unpickle
@ -26,7 +26,7 @@ def direct(query, content=True):
select = True
query = agent.payloadDirect(query)
if backend.getIdentifiedDbms() == DBMS.ORACLE and query.startswith("SELECT ") and " FROM " not in query:
if Backend.getIdentifiedDbms() == DBMS.ORACLE and query.startswith("SELECT ") and " FROM " not in query:
query = "%s FROM DUAL" % query
for sqlTitle, sqlStatements in SQL_STATEMENTS.items():

42
lib/request/inject.py
View File

@ -11,7 +11,7 @@ import re
import time
from lib.core.agent import agent
from lib.core.common import backend
from lib.core.common import Backend
from lib.core.common import calculateDeltaSeconds
from lib.core.common import cleanQuery
from lib.core.common import dataToSessionFile
@ -54,7 +54,7 @@ def __goInference(payload, expression, charsetType=None, firstChar=None, lastCha
timeBasedCompare = (kb.technique in (PAYLOAD.TECHNIQUE.TIME, PAYLOAD.TECHNIQUE.STACKED))
if (conf.eta or conf.threads > 1) and backend.getIdentifiedDbms() and not timeBasedCompare:
if (conf.eta or conf.threads > 1) and Backend.getIdentifiedDbms() and not timeBasedCompare:
_, length, _ = queryOutputLength(expression, payload)
else:
length = None
@ -140,7 +140,7 @@ def __goInferenceProxy(expression, fromUser=False, expected=None, batch=False, r
_, _, _, _, _, expressionFieldsList, expressionFields, _ = agent.getFields(expression)
rdbRegExp = re.search("RDB\$GET_CONTEXT\([^)]+\)", expression, re.I)
if rdbRegExp and backend.getIdentifiedDbms() == DBMS.FIREBIRD:
if rdbRegExp and Backend.getIdentifiedDbms() == DBMS.FIREBIRD:
expressionFieldsList = [expressionFields]
if len(expressionFieldsList) > 1:
@ -155,14 +155,14 @@ def __goInferenceProxy(expression, fromUser=False, expected=None, batch=False, r
# forge the SQL limiting the query output one entry per time
# NOTE: I assume that only queries that get data from a table
# can return multiple entries
if fromUser and " FROM " in expression.upper() and ((backend.getIdentifiedDbms() not in FROM_TABLE) or (backend.getIdentifiedDbms() in FROM_TABLE and not expression.upper().endswith(FROM_TABLE[backend.getIdentifiedDbms()]))):
limitRegExp = re.search(queries[backend.getIdentifiedDbms()].limitregexp.query, expression, re.I)
if fromUser and " FROM " in expression.upper() and ((Backend.getIdentifiedDbms() not in FROM_TABLE) or (Backend.getIdentifiedDbms() in FROM_TABLE and not expression.upper().endswith(FROM_TABLE[Backend.getIdentifiedDbms()]))):
limitRegExp = re.search(queries[Backend.getIdentifiedDbms()].limitregexp.query, expression, re.I)
topLimit = re.search("TOP\s+([\d]+)\s+", expression, re.I)
if limitRegExp or (backend.getIdentifiedDbms() in (DBMS.MSSQL, DBMS.SYBASE) and topLimit):
if backend.getIdentifiedDbms() in (DBMS.MYSQL, DBMS.PGSQL):
limitGroupStart = queries[backend.getIdentifiedDbms()].limitgroupstart.query
limitGroupStop = queries[backend.getIdentifiedDbms()].limitgroupstop.query
if limitRegExp or (Backend.getIdentifiedDbms() in (DBMS.MSSQL, DBMS.SYBASE) and topLimit):
if Backend.getIdentifiedDbms() in (DBMS.MYSQL, DBMS.PGSQL):
limitGroupStart = queries[Backend.getIdentifiedDbms()].limitgroupstart.query
limitGroupStop = queries[Backend.getIdentifiedDbms()].limitgroupstop.query
if limitGroupStart.isdigit():
startLimit = int(limitRegExp.group(int(limitGroupStart)))
@ -170,10 +170,10 @@ def __goInferenceProxy(expression, fromUser=False, expected=None, batch=False, r
stopLimit = limitRegExp.group(int(limitGroupStop))
limitCond = int(stopLimit) > 1
elif backend.getIdentifiedDbms() in (DBMS.MSSQL, DBMS.SYBASE):
elif Backend.getIdentifiedDbms() in (DBMS.MSSQL, DBMS.SYBASE):
if limitRegExp:
limitGroupStart = queries[backend.getIdentifiedDbms()].limitgroupstart.query
limitGroupStop = queries[backend.getIdentifiedDbms()].limitgroupstop.query
limitGroupStart = queries[Backend.getIdentifiedDbms()].limitgroupstart.query
limitGroupStop = queries[Backend.getIdentifiedDbms()].limitgroupstop.query
if limitGroupStart.isdigit():
startLimit = int(limitRegExp.group(int(limitGroupStart)))
@ -185,7 +185,7 @@ def __goInferenceProxy(expression, fromUser=False, expected=None, batch=False, r
stopLimit = int(topLimit.group(1))
limitCond = int(stopLimit) > 1
elif backend.getIdentifiedDbms() == DBMS.ORACLE:
elif Backend.getIdentifiedDbms() == DBMS.ORACLE:
limitCond = False
else:
limitCond = True
@ -199,23 +199,23 @@ def __goInferenceProxy(expression, fromUser=False, expected=None, batch=False, r
# From now on we need only the expression until the " LIMIT "
# (or similar, depending on the back-end DBMS) word
if backend.getIdentifiedDbms() in (DBMS.MYSQL, DBMS.PGSQL):
if Backend.getIdentifiedDbms() in (DBMS.MYSQL, DBMS.PGSQL):
stopLimit += startLimit
untilLimitChar = expression.index(queries[backend.getIdentifiedDbms()].limitstring.query)
untilLimitChar = expression.index(queries[Backend.getIdentifiedDbms()].limitstring.query)
expression = expression[:untilLimitChar]
elif backend.getIdentifiedDbms() in (DBMS.MSSQL, DBMS.SYBASE):
elif Backend.getIdentifiedDbms() in (DBMS.MSSQL, DBMS.SYBASE):
stopLimit += startLimit
if not stopLimit or stopLimit <= 1:
if backend.getIdentifiedDbms() in FROM_TABLE and expression.upper().endswith(FROM_TABLE[backend.getIdentifiedDbms()]):
if Backend.getIdentifiedDbms() in FROM_TABLE and expression.upper().endswith(FROM_TABLE[Backend.getIdentifiedDbms()]):
test = False
else:
test = True
if test:
# Count the number of SQL query entries output
countFirstField = queries[backend.getIdentifiedDbms()].count.query % expressionFieldsList[0]
countFirstField = queries[Backend.getIdentifiedDbms()].count.query % expressionFieldsList[0]
countedExpression = expression.replace(expressionFields, countFirstField, 1)
if re.search(" ORDER BY ", expression, re.I):
@ -309,8 +309,8 @@ def __goInferenceProxy(expression, fromUser=False, expected=None, batch=False, r
return outputs
elif backend.getIdentifiedDbms() in FROM_TABLE and expression.upper().startswith("SELECT ") and " FROM " not in expression.upper():
expression += FROM_TABLE[backend.getIdentifiedDbms()]
elif Backend.getIdentifiedDbms() in FROM_TABLE and expression.upper().startswith("SELECT ") and " FROM " not in expression.upper():
expression += FROM_TABLE[Backend.getIdentifiedDbms()]
outputs = __goInferenceFields(expression, expressionFields, expressionFieldsList, payload, expected, resumeValue=resumeValue, charsetType=charsetType, firstChar=firstChar, lastChar=lastChar)
returnValue = ", ".join([output for output in outputs])
@ -492,7 +492,7 @@ def goStacked(expression, silent=False):
if conf.direct:
return direct(expression), None
comment = queries[backend.getIdentifiedDbms()].comment.query
comment = queries[Backend.getIdentifiedDbms()].comment.query
query = agent.prefixQuery("; %s" % expression)
query = agent.suffixQuery("%s;%s" % (query, comment))
payload = agent.payload(newValue=query)

18
lib/takeover/abstraction.py
View File

@ -8,7 +8,7 @@ See the file 'doc/COPYING' for copying permission
"""
from lib.core.common import dataToStdout
from lib.core.common import backend
from lib.core.common import Backend
from lib.core.common import isTechniqueAvailable
from lib.core.common import readInput
from lib.core.data import conf
@ -41,10 +41,10 @@ class Abstraction(Web, UDF, xp_cmdshell):
if self.webBackdoorUrl and not isTechniqueAvailable(PAYLOAD.TECHNIQUE.STACKED):
self.webBackdoorRunCmd(cmd)
elif backend.getIdentifiedDbms() in ( DBMS.MYSQL, DBMS.PGSQL ):
elif Backend.getIdentifiedDbms() in ( DBMS.MYSQL, DBMS.PGSQL ):
self.udfExecCmd(cmd, silent=silent)
elif backend.getIdentifiedDbms() == DBMS.MSSQL:
elif Backend.getIdentifiedDbms() == DBMS.MSSQL:
self.xpCmdshellExecCmd(cmd, silent=silent)
else:
@ -55,10 +55,10 @@ class Abstraction(Web, UDF, xp_cmdshell):
if self.webBackdoorUrl and not isTechniqueAvailable(PAYLOAD.TECHNIQUE.STACKED):
return self.webBackdoorRunCmd(cmd)
elif backend.getIdentifiedDbms() in ( DBMS.MYSQL, DBMS.PGSQL ):
elif Backend.getIdentifiedDbms() in ( DBMS.MYSQL, DBMS.PGSQL ):
return self.udfEvalCmd(cmd, first, last)
elif backend.getIdentifiedDbms() == DBMS.MSSQL:
elif Backend.getIdentifiedDbms() == DBMS.MSSQL:
return self.xpCmdshellEvalCmd(cmd, first, last)
else:
@ -93,13 +93,13 @@ class Abstraction(Web, UDF, xp_cmdshell):
logger.info(infoMsg)
else:
if backend.getIdentifiedDbms() in ( DBMS.MYSQL, DBMS.PGSQL ):
if Backend.getIdentifiedDbms() in ( DBMS.MYSQL, DBMS.PGSQL ):
infoMsg = "going to use injected sys_eval and sys_exec "
infoMsg += "user-defined functions for operating system "
infoMsg += "command execution"
logger.info(infoMsg)
elif backend.getIdentifiedDbms() == DBMS.MSSQL:
elif Backend.getIdentifiedDbms() == DBMS.MSSQL:
infoMsg = "going to use xp_cmdshell extended procedure for "
infoMsg += "operating system command execution"
logger.info(infoMsg)
@ -151,9 +151,9 @@ class Abstraction(Web, UDF, xp_cmdshell):
warnMsg += "the session user is not a database administrator"
logger.warn(warnMsg)
if backend.getIdentifiedDbms() in ( DBMS.MYSQL, DBMS.PGSQL ):
if Backend.getIdentifiedDbms() in ( DBMS.MYSQL, DBMS.PGSQL ):
self.udfInjectSys()
elif backend.getIdentifiedDbms() == DBMS.MSSQL:
elif Backend.getIdentifiedDbms() == DBMS.MSSQL:
if mandatory:
self.xpCmdshellInit()
else:

18
lib/takeover/metasploit.py
View File

@ -19,7 +19,7 @@ from subprocess import PIPE
from subprocess import Popen as execute
from lib.core.common import dataToStdout
from lib.core.common import backend
from lib.core.common import Backend
from lib.core.common import getLocalIP
from lib.core.common import getRemoteIP
from lib.core.common import getUnicode
@ -187,13 +187,13 @@ class Metasploit:
if __payloadStr == "windows/vncinject":
choose = False
if backend.getIdentifiedDbms() == DBMS.MYSQL:
if Backend.getIdentifiedDbms() == DBMS.MYSQL:
debugMsg = "by default MySQL on Windows runs as SYSTEM "
debugMsg += "user, it is likely that the the VNC "
debugMsg += "injection will be successful"
logger.debug(debugMsg)
elif backend.getIdentifiedDbms() == DBMS.PGSQL:
elif Backend.getIdentifiedDbms() == DBMS.PGSQL:
choose = True
warnMsg = "by default PostgreSQL on Windows runs as "
@ -201,12 +201,12 @@ class Metasploit:
warnMsg += "injection will be successful"
logger.warn(warnMsg)
elif backend.getIdentifiedDbms() == DBMS.MSSQL and backend.isVersionWithin(("2005", "2008")):
elif Backend.getIdentifiedDbms() == DBMS.MSSQL and Backend.isVersionWithin(("2005", "2008")):
choose = True
warnMsg = "it is unlikely that the VNC injection will be "
warnMsg += "successful because usually Microsoft SQL Server "
warnMsg += "%s runs as Network Service " % backend.getVersion()
warnMsg += "%s runs as Network Service " % Backend.getVersion()
warnMsg += "or the Administrator is not logged in"
logger.warn(warnMsg)
@ -230,12 +230,12 @@ class Metasploit:
break
elif choice == "1":
if backend.getIdentifiedDbms() == DBMS.PGSQL:
if Backend.getIdentifiedDbms() == DBMS.PGSQL:
logger.warn("beware that the VNC injection might not work")
break
elif backend.getIdentifiedDbms() == DBMS.MSSQL and backend.isVersionWithin(("2005", "2008")):
elif Backend.getIdentifiedDbms() == DBMS.MSSQL and Backend.isVersionWithin(("2005", "2008")):
break
elif not choice.isdigit():
@ -555,7 +555,7 @@ class Metasploit:
# This is useful for sqlmap because on PostgreSQL it is not
# possible to write files bigger than 8192 bytes abusing the
# lo_export() feature implemented in sqlmap.
if backend.getIdentifiedDbms() == DBMS.PGSQL:
if Backend.getIdentifiedDbms() == DBMS.PGSQL:
self.__fileFormat = "exe-small"
else:
self.__fileFormat = "exe"
@ -657,7 +657,7 @@ class Metasploit:
self.__forgeMsfConsoleResource()
self.__forgeMsfConsoleCmd()
if backend.getIdentifiedDbms() in ( DBMS.MYSQL, DBMS.PGSQL ):
if Backend.getIdentifiedDbms() in ( DBMS.MYSQL, DBMS.PGSQL ):
self.uncPath = "\\\\\\\\%s\\\\%s" % (self.lhostStr, self.__randFile)
else:
self.uncPath = "\\\\%s\\%s" % (self.lhostStr, self.__randFile)

18
lib/takeover/udf.py
View File

@ -11,7 +11,7 @@ import os
from lib.core.agent import agent
from lib.core.common import dataToStdout
from lib.core.common import backend
from lib.core.common import Backend
from lib.core.common import isTechniqueAvailable
from lib.core.common import readInput
from lib.core.data import conf
@ -51,7 +51,7 @@ class UDF:
def __checkExistUdf(self, udf):
logger.info("checking if UDF '%s' already exist" % udf)
query = agent.forgeCaseStatement(queries[backend.getIdentifiedDbms()].check_udf.query % (udf, udf))
query = agent.forgeCaseStatement(queries[Backend.getIdentifiedDbms()].check_udf.query % (udf, udf))
exists = inject.getValue(query, resumeValue=False, unpack=False, charsetType=2)
if exists == "1":
@ -104,7 +104,7 @@ class UDF:
return output
def udfCheckNeeded(self):
if ( not conf.rFile or ( conf.rFile and backend.getIdentifiedDbms() != DBMS.PGSQL ) ) and "sys_fileread" in self.sysUdfs:
if ( not conf.rFile or ( conf.rFile and Backend.getIdentifiedDbms() != DBMS.PGSQL ) ) and "sys_fileread" in self.sysUdfs:
self.sysUdfs.pop("sys_fileread")
if not conf.osPwn:
@ -143,9 +143,9 @@ class UDF:
if udf in self.udfToCreate and udf not in self.createdUdf:
self.udfCreateFromSharedLib(udf, inpRet)
if backend.getIdentifiedDbms() == DBMS.MYSQL:
if Backend.getIdentifiedDbms() == DBMS.MYSQL:
supportTblType = "longtext"
elif backend.getIdentifiedDbms() == DBMS.PGSQL:
elif Backend.getIdentifiedDbms() == DBMS.PGSQL:
supportTblType = "text"
self.udfCreateSupportTbl(supportTblType)
@ -156,8 +156,8 @@ class UDF:
self.udfInjectCore(self.sysUdfs)
def udfInjectCustom(self):
if backend.getIdentifiedDbms() not in ( DBMS.MYSQL, DBMS.PGSQL ):
errMsg = "UDF injection feature is not yet implemented on %s" % backend.getIdentifiedDbms()
if Backend.getIdentifiedDbms() not in ( DBMS.MYSQL, DBMS.PGSQL ):
errMsg = "UDF injection feature is not yet implemented on %s" % Backend.getIdentifiedDbms()
raise sqlmapUnsupportedFeatureException(errMsg)
if not isTechniqueAvailable(PAYLOAD.TECHNIQUE.STACKED) and not conf.direct:
@ -236,9 +236,9 @@ class UDF:
else:
logger.warn("you need to specify the name of the UDF")
if backend.getIdentifiedDbms() == DBMS.MYSQL:
if Backend.getIdentifiedDbms() == DBMS.MYSQL:
defaultType = "string"
elif backend.getIdentifiedDbms() == DBMS.PGSQL:
elif Backend.getIdentifiedDbms() == DBMS.PGSQL:
defaultType = "text"
self.udfs[udfName]["input"] = []

8
lib/takeover/xp_cmdshell.py
View File

@ -7,7 +7,7 @@ Copyright (c) 2006-2010 sqlmap developers (http://sqlmap.sourceforge.net/)
See the file 'doc/COPYING' for copying permission
"""
from lib.core.common import backend
from lib.core.common import Backend
from lib.core.common import randomStr
from lib.core.common import readInput
from lib.core.common import wasLastRequestDelayed
@ -30,7 +30,7 @@ class xp_cmdshell:
def __xpCmdshellCreate(self):
cmd = ""
if backend.isVersionWithin(("2005", "2008")):
if Backend.isVersionWithin(("2005", "2008")):
logger.debug("activating sp_OACreate")
cmd += "EXEC master..sp_configure 'show advanced options', 1; "
@ -49,7 +49,7 @@ class xp_cmdshell:
cmd += "EXEC sp_OADestroy @ID'; "
cmd += "EXEC master..sp_executesql @%s;" % self.__randStr
if backend.isVersionWithin(("2005", "2008")):
if Backend.isVersionWithin(("2005", "2008")):
cmd += " RECONFIGURE WITH OVERRIDE;"
inject.goStacked(cmd)
@ -81,7 +81,7 @@ class xp_cmdshell:
return cmd
def __xpCmdshellConfigure(self, mode):
if backend.isVersionWithin(("2005", "2008")):
if Backend.isVersionWithin(("2005", "2008")):
cmd = self.__xpCmdshellConfigure2005(mode)
else:
cmd = self.__xpCmdshellConfigure2000(mode)

8
lib/techniques/blind/inference.py
View File

@ -12,7 +12,7 @@ import time
import traceback
from lib.core.agent import agent
from lib.core.common import backend
from lib.core.common import Backend
from lib.core.common import dataToSessionFile
from lib.core.common import dataToStdout
from lib.core.common import decodeIntToUnicode
@ -75,7 +75,7 @@ def bisection(payload, expression, length=None, charsetType=None, firstChar=None
elif ( isinstance(lastChar, basestring) and lastChar.isdigit() ) or isinstance(lastChar, int):
lastChar = int(lastChar)
if backend.getDbms():
if Backend.getDbms():
_, _, _, _, _, _, fieldToCastStr, _ = agent.getFields(expression)
nulledCastedField = agent.nullAndCastField(fieldToCastStr)
expressionReplaced = expression.replace(fieldToCastStr, nulledCastedField, 1)
@ -125,7 +125,7 @@ def bisection(payload, expression, length=None, charsetType=None, firstChar=None
hintlock.release()
if hintValue is not None and len(hintValue) >= idx:
if backend.getIdentifiedDbms() in (DBMS.SQLITE, DBMS.ACCESS, DBMS.MAXDB):
if Backend.getIdentifiedDbms() in (DBMS.SQLITE, DBMS.ACCESS, DBMS.MAXDB):
posValue = hintValue[idx-1]
else:
posValue = ord(hintValue[idx-1])
@ -459,7 +459,7 @@ def bisection(payload, expression, length=None, charsetType=None, firstChar=None
# check it via equal against the substring-query output
if commonPattern is not None:
# Substring-query containing equals commonPattern
subquery = queries[backend.getIdentifiedDbms()].substring.query % (expressionUnescaped, 1, len(commonPattern))
subquery = queries[Backend.getIdentifiedDbms()].substring.query % (expressionUnescaped, 1, len(commonPattern))
testValue = unescaper.unescape("'%s'" % commonPattern) if "'" not in commonPattern else unescaper.unescape("%s" % commonPattern, quote=False)
query = agent.prefixQuery(safeStringFormat("AND (%s) = %s", (subquery, testValue)))
query = agent.suffixQuery(query)

4
lib/techniques/brute/use.py
View File

@ -15,7 +15,7 @@ from lib.core.common import dataToSessionFile
from lib.core.common import dataToStdout
from lib.core.common import filterListValue
from lib.core.common import getFileItems
from lib.core.common import backend
from lib.core.common import Backend
from lib.core.common import getPageTextWordsSet
from lib.core.common import popValue
from lib.core.common import pushValue
@ -32,7 +32,7 @@ from lib.core.session import safeFormatString
from lib.request import inject
def tableExists(tableFile, regex=None):
tables = getFileItems(tableFile, lowercase=backend.getIdentifiedDbms() in (DBMS.ACCESS), unique=True)
tables = getFileItems(tableFile, lowercase=Backend.getIdentifiedDbms() in (DBMS.ACCESS), unique=True)
retVal = []
infoMsg = "checking table existence using items from '%s'" % tableFile

34
lib/techniques/error/use.py
View File

@ -14,7 +14,7 @@ from lib.core.agent import agent
from lib.core.common import calculateDeltaSeconds
from lib.core.common import dataToSessionFile
from lib.core.common import extractRegexResult
from lib.core.common import backend
from lib.core.common import Backend
from lib.core.common import initTechnique
from lib.core.common import isNumPosStrValue
from lib.core.common import randomInt
@ -40,7 +40,7 @@ def __oneShotErrorUse(expression, field):
check = "%s(?P<result>.*?)%s" % (kb.misc.start, kb.misc.stop)
nulledCastedField = agent.nullAndCastField(field)
if backend.getIdentifiedDbms() == DBMS.MYSQL:
if Backend.getIdentifiedDbms() == DBMS.MYSQL:
# Fix for MySQL odd behaviour ('Subquery returns more than 1 row')
nulledCastedField = nulledCastedField.replace("AS CHAR)", "AS CHAR(100))")
@ -143,14 +143,14 @@ def errorUse(expression, expected=None, resumeValue=True, dump=False):
# entry per time
# NOTE: I assume that only queries that get data from a table can
# return multiple entries
if " FROM " in expression.upper() and ((backend.getIdentifiedDbms() not in FROM_TABLE) or (backend.getIdentifiedDbms() in FROM_TABLE and not expression.upper().endswith(FROM_TABLE[backend.getIdentifiedDbms()]))) and "EXISTS(" not in expression.upper():
limitRegExp = re.search(queries[backend.getIdentifiedDbms()].limitregexp.query, expression, re.I)
if " FROM " in expression.upper() and ((Backend.getIdentifiedDbms() not in FROM_TABLE) or (Backend.getIdentifiedDbms() in FROM_TABLE and not expression.upper().endswith(FROM_TABLE[Backend.getIdentifiedDbms()]))) and "EXISTS(" not in expression.upper():
limitRegExp = re.search(queries[Backend.getIdentifiedDbms()].limitregexp.query, expression, re.I)
topLimit = re.search("TOP\s+([\d]+)\s+", expression, re.I)
if limitRegExp or (backend.getIdentifiedDbms() in (DBMS.MSSQL, DBMS.SYBASE) and topLimit):
if backend.getIdentifiedDbms() in (DBMS.MYSQL, DBMS.PGSQL):
limitGroupStart = queries[backend.getIdentifiedDbms()].limitgroupstart.query
limitGroupStop = queries[backend.getIdentifiedDbms()].limitgroupstop.query
if limitRegExp or (Backend.getIdentifiedDbms() in (DBMS.MSSQL, DBMS.SYBASE) and topLimit):
if Backend.getIdentifiedDbms() in (DBMS.MYSQL, DBMS.PGSQL):
limitGroupStart = queries[Backend.getIdentifiedDbms()].limitgroupstart.query
limitGroupStop = queries[Backend.getIdentifiedDbms()].limitgroupstop.query
if limitGroupStart.isdigit():
startLimit = int(limitRegExp.group(int(limitGroupStart)))
@ -158,10 +158,10 @@ def errorUse(expression, expected=None, resumeValue=True, dump=False):
stopLimit = limitRegExp.group(int(limitGroupStop))
limitCond = int(stopLimit) > 1
elif backend.getIdentifiedDbms() in (DBMS.MSSQL, DBMS.SYBASE):
elif Backend.getIdentifiedDbms() in (DBMS.MSSQL, DBMS.SYBASE):
if limitRegExp:
limitGroupStart = queries[backend.getIdentifiedDbms()].limitgroupstart.query
limitGroupStop = queries[backend.getIdentifiedDbms()].limitgroupstop.query
limitGroupStart = queries[Backend.getIdentifiedDbms()].limitgroupstart.query
limitGroupStop = queries[Backend.getIdentifiedDbms()].limitgroupstop.query
if limitGroupStart.isdigit():
startLimit = int(limitRegExp.group(int(limitGroupStart)))
@ -173,7 +173,7 @@ def errorUse(expression, expected=None, resumeValue=True, dump=False):
stopLimit = int(topLimit.group(1))
limitCond = int(stopLimit) > 1
elif backend.getIdentifiedDbms() == DBMS.ORACLE:
elif Backend.getIdentifiedDbms() == DBMS.ORACLE:
limitCond = False
else:
limitCond = True
@ -187,12 +187,12 @@ def errorUse(expression, expected=None, resumeValue=True, dump=False):
# From now on we need only the expression until the " LIMIT "
# (or similar, depending on the back-end DBMS) word
if backend.getIdentifiedDbms() in (DBMS.MYSQL, DBMS.PGSQL):
if Backend.getIdentifiedDbms() in (DBMS.MYSQL, DBMS.PGSQL):
stopLimit += startLimit
untilLimitChar = expression.index(queries[backend.getIdentifiedDbms()].limitstring.query)
untilLimitChar = expression.index(queries[Backend.getIdentifiedDbms()].limitstring.query)
expression = expression[:untilLimitChar]
elif backend.getIdentifiedDbms() in (DBMS.MSSQL, DBMS.SYBASE):
elif Backend.getIdentifiedDbms() in (DBMS.MSSQL, DBMS.SYBASE):
stopLimit += startLimit
elif dump:
if conf.limitStart:
@ -201,14 +201,14 @@ def errorUse(expression, expected=None, resumeValue=True, dump=False):
stopLimit = conf.limitStop
if not stopLimit or stopLimit <= 1:
if backend.getIdentifiedDbms() in FROM_TABLE and expression.upper().endswith(FROM_TABLE[backend.getIdentifiedDbms()]):
if Backend.getIdentifiedDbms() in FROM_TABLE and expression.upper().endswith(FROM_TABLE[Backend.getIdentifiedDbms()]):
test = False
else:
test = True
if test:
# Count the number of SQL query entries output
countFirstField = queries[backend.getIdentifiedDbms()].count.query % expressionFieldsList[0]
countFirstField = queries[Backend.getIdentifiedDbms()].count.query % expressionFieldsList[0]
countedExpression = expression.replace(expressionFields, countFirstField, 1)
if re.search(" ORDER BY ", expression, re.I):

10
lib/techniques/inband/union/test.py
View File

@ -13,7 +13,7 @@ import time
from lib.core.agent import agent
from lib.core.common import clearConsoleLine
from lib.core.common import dataToStdout
from lib.core.common import backend
from lib.core.common import Backend
from lib.core.common import extractRegexResult
from lib.core.common import getUnicode
from lib.core.common import parseUnionPage
@ -102,14 +102,14 @@ def __unionTestByCharBruteforce(comment, place, parameter, value, prefix, suffix
query = agent.prefixQuery("UNION ALL SELECT %s" % conf.uChar)
for count in range(conf.uColsStart, conf.uColsStop+1):
if backend.getIdentifiedDbms() in FROM_TABLE and query.endswith(FROM_TABLE[backend.getIdentifiedDbms()]):
query = query[:-len(FROM_TABLE[backend.getIdentifiedDbms()])]
if Backend.getIdentifiedDbms() in FROM_TABLE and query.endswith(FROM_TABLE[Backend.getIdentifiedDbms()]):
query = query[:-len(FROM_TABLE[Backend.getIdentifiedDbms()])]
if count:
query += ", %s" % conf.uChar
if backend.getIdentifiedDbms() in FROM_TABLE:
query += FROM_TABLE[backend.getIdentifiedDbms()]
if Backend.getIdentifiedDbms() in FROM_TABLE:
query += FROM_TABLE[Backend.getIdentifiedDbms()]
status = "%d/%d" % (count, conf.uColsStop)
debugMsg = "testing %s columns (%d%%)" % (status, round(100.0*count/conf.uColsStop))

36
lib/techniques/inband/union/use.py
View File

@ -12,7 +12,7 @@ import time
from lib.core.agent import agent
from lib.core.common import calculateDeltaSeconds
from lib.core.common import backend
from lib.core.common import Backend
from lib.core.common import getUnicode
from lib.core.common import initTechnique
from lib.core.common import isNumPosStrValue
@ -101,14 +101,14 @@ def unionUse(expression, direct=False, unescape=True, resetCounter=False, unpack
# entry per time
# NOTE: I assume that only queries that get data from a table can
# return multiple entries
if " FROM " in expression.upper() and ((backend.getIdentifiedDbms() not in FROM_TABLE) or (backend.getIdentifiedDbms() in FROM_TABLE and not expression.upper().endswith(FROM_TABLE[backend.getIdentifiedDbms()]))) and "EXISTS(" not in expression.upper():
limitRegExp = re.search(queries[backend.getIdentifiedDbms()].limitregexp.query, expression, re.I)
if " FROM " in expression.upper() and ((Backend.getIdentifiedDbms() not in FROM_TABLE) or (Backend.getIdentifiedDbms() in FROM_TABLE and not expression.upper().endswith(FROM_TABLE[Backend.getIdentifiedDbms()]))) and "EXISTS(" not in expression.upper():
limitRegExp = re.search(queries[Backend.getIdentifiedDbms()].limitregexp.query, expression, re.I)
topLimit = re.search("TOP\s+([\d]+)\s+", expression, re.I)
if limitRegExp or (backend.getIdentifiedDbms() in (DBMS.MSSQL, DBMS.SYBASE) and topLimit):
if backend.getIdentifiedDbms() in (DBMS.MYSQL, DBMS.PGSQL):
limitGroupStart = queries[backend.getIdentifiedDbms()].limitgroupstart.query
limitGroupStop = queries[backend.getIdentifiedDbms()].limitgroupstop.query
if limitRegExp or (Backend.getIdentifiedDbms() in (DBMS.MSSQL, DBMS.SYBASE) and topLimit):
if Backend.getIdentifiedDbms() in (DBMS.MYSQL, DBMS.PGSQL):
limitGroupStart = queries[Backend.getIdentifiedDbms()].limitgroupstart.query
limitGroupStop = queries[Backend.getIdentifiedDbms()].limitgroupstop.query
if limitGroupStart.isdigit():
startLimit = int(limitRegExp.group(int(limitGroupStart)))
@ -116,10 +116,10 @@ def unionUse(expression, direct=False, unescape=True, resetCounter=False, unpack
stopLimit = limitRegExp.group(int(limitGroupStop))
limitCond = int(stopLimit) > 1
elif backend.getIdentifiedDbms() in (DBMS.MSSQL, DBMS.SYBASE):
elif Backend.getIdentifiedDbms() in (DBMS.MSSQL, DBMS.SYBASE):
if limitRegExp:
limitGroupStart = queries[backend.getIdentifiedDbms()].limitgroupstart.query
limitGroupStop = queries[backend.getIdentifiedDbms()].limitgroupstop.query
limitGroupStart = queries[Backend.getIdentifiedDbms()].limitgroupstart.query
limitGroupStop = queries[Backend.getIdentifiedDbms()].limitgroupstop.query
if limitGroupStart.isdigit():
startLimit = int(limitRegExp.group(int(limitGroupStart)))
@ -131,7 +131,7 @@ def unionUse(expression, direct=False, unescape=True, resetCounter=False, unpack
stopLimit = int(topLimit.group(1))
limitCond = int(stopLimit) > 1
elif backend.getIdentifiedDbms() == DBMS.ORACLE:
elif Backend.getIdentifiedDbms() == DBMS.ORACLE:
limitCond = False
else:
limitCond = True
@ -145,12 +145,12 @@ def unionUse(expression, direct=False, unescape=True, resetCounter=False, unpack
# From now on we need only the expression until the " LIMIT "
# (or similar, depending on the back-end DBMS) word
if backend.getIdentifiedDbms() in (DBMS.MYSQL, DBMS.PGSQL):
if Backend.getIdentifiedDbms() in (DBMS.MYSQL, DBMS.PGSQL):
stopLimit += startLimit
untilLimitChar = expression.index(queries[backend.getIdentifiedDbms()].limitstring.query)
untilLimitChar = expression.index(queries[Backend.getIdentifiedDbms()].limitstring.query)
expression = expression[:untilLimitChar]
elif backend.getIdentifiedDbms() in (DBMS.MSSQL, DBMS.SYBASE):
elif Backend.getIdentifiedDbms() in (DBMS.MSSQL, DBMS.SYBASE):
stopLimit += startLimit
elif dump:
if conf.limitStart:
@ -159,14 +159,14 @@ def unionUse(expression, direct=False, unescape=True, resetCounter=False, unpack
stopLimit = conf.limitStop
if not stopLimit or stopLimit <= 1:
if backend.getIdentifiedDbms() in FROM_TABLE and expression.upper().endswith(FROM_TABLE[backend.getIdentifiedDbms()]):
if Backend.getIdentifiedDbms() in FROM_TABLE and expression.upper().endswith(FROM_TABLE[Backend.getIdentifiedDbms()]):
test = False
else:
test = True
if test:
# Count the number of SQL query entries output
countFirstField = queries[backend.getIdentifiedDbms()].count.query % expressionFieldsList[0]
countFirstField = queries[Backend.getIdentifiedDbms()].count.query % expressionFieldsList[0]
countedExpression = origExpr.replace(expressionFields, countFirstField, 1)
if re.search(" ORDER BY ", expression, re.I):
@ -214,9 +214,9 @@ def unionUse(expression, direct=False, unescape=True, resetCounter=False, unpack
try:
for num in xrange(startLimit, stopLimit):
if backend.getIdentifiedDbms() in (DBMS.MSSQL, DBMS.SYBASE):
if Backend.getIdentifiedDbms() in (DBMS.MSSQL, DBMS.SYBASE):
field = expressionFieldsList[0]
elif backend.getIdentifiedDbms() == DBMS.ORACLE:
elif Backend.getIdentifiedDbms() == DBMS.ORACLE:
field = expressionFieldsList
else:
field = None

8
lib/utils/hash.py
View File

@ -22,7 +22,7 @@ from lib.core.common import clearConsoleLine
from lib.core.common import dataToStdout
from lib.core.common import getCompiledRegex
from lib.core.common import getFileItems
from lib.core.common import backend
from lib.core.common import Backend
from lib.core.common import getPublicTypeMembers
from lib.core.common import getUnicode
from lib.core.common import paths
@ -270,9 +270,9 @@ def hashRecognition(value):
if value:
for name, regex in getPublicTypeMembers(HASH):
# Hashes for Oracle and old MySQL look the same hence these checks
if backend.getIdentifiedDbms() == DBMS.ORACLE and regex == HASH.MYSQL_OLD:
if Backend.getIdentifiedDbms() == DBMS.ORACLE and regex == HASH.MYSQL_OLD:
continue
elif backend.getIdentifiedDbms() == DBMS.MYSQL and regex == HASH.ORACLE_OLD:
elif Backend.getIdentifiedDbms() == DBMS.MYSQL and regex == HASH.ORACLE_OLD:
continue
elif getCompiledRegex(regex).match(value):
retVal = regex
@ -454,7 +454,7 @@ def dictionaryAttack(attack_dict):
clearConsoleLine()
if len(hash_regexes) == 0:
warnMsg = "unknown hash format. "
warnMsg = "unknown hash Format. "
warnMsg += "Please report by e-mail to sqlmap-users@lists.sourceforge.net."
logger.warn(warnMsg)

10
lib/utils/resume.py
View File

@ -13,7 +13,7 @@ import time
from lib.core.common import calculateDeltaSeconds
from lib.core.common import dataToSessionFile
from lib.core.common import dataToStdout
from lib.core.common import backend
from lib.core.common import Backend
from lib.core.common import safeStringFormat
from lib.core.common import randomStr
from lib.core.common import replaceNewlineTabs
@ -35,7 +35,7 @@ def queryOutputLength(expression, payload):
Returns the query output length.
"""
lengthQuery = queries[backend.getIdentifiedDbms()].length.query
lengthQuery = queries[Backend.getIdentifiedDbms()].length.query
select = re.search("\ASELECT\s+", expression, re.I)
selectTopExpr = re.search("\ASELECT\s+TOP\s+[\d]+\s+(.+?)\s+FROM", expression, re.I)
selectDistinctExpr = re.search("\ASELECT\s+DISTINCT\((.+?)\)\s+FROM", expression, re.I)
@ -61,7 +61,7 @@ def queryOutputLength(expression, payload):
if selectDistinctExpr:
lengthExpr = "SELECT %s FROM (%s)" % (lengthQuery % regExpr, expression)
if backend.getIdentifiedDbms() in ( DBMS.MYSQL, DBMS.PGSQL ):
if Backend.getIdentifiedDbms() in ( DBMS.MYSQL, DBMS.PGSQL ):
lengthExpr += " AS %s" % randomStr(lowercase=True)
elif select:
lengthExpr = expression.replace(regExpr, lengthQuery % regExpr, 1)
@ -146,10 +146,10 @@ def resume(expression, payload):
if not payload:
return None
if not backend.getIdentifiedDbms():
if not Backend.getIdentifiedDbms():
return None
substringQuery = queries[backend.getIdentifiedDbms()].substring.query
substringQuery = queries[Backend.getIdentifiedDbms()].substring.query
select = re.search("\ASELECT ", expression, re.I)
_, length, regExpr = queryOutputLength(expression, payload)

22
plugins/dbms/access/fingerprint.py
View File

@ -10,8 +10,8 @@ See the file 'doc/COPYING' for copying permission
import re
from lib.core.agent import agent
from lib.core.common import backend
from lib.core.common import format
from lib.core.common import Backend
from lib.core.common import Format
from lib.core.common import getCurrentThreadData
from lib.core.common import randomInt
from lib.core.common import randomStr
@ -38,9 +38,9 @@ class Fingerprint(GenericFingerprint):
retVal = None
table = None
if backend.isVersionWithin(("97", "2000")):
if Backend.isVersionWithin(("97", "2000")):
table = "MSysAccessObjects"
elif backend.isVersionWithin(("2002-2003", "2007")):
elif Backend.isVersionWithin(("2002-2003", "2007")):
table = "MSysAccessStorage"
if table is not None:
@ -115,13 +115,13 @@ class Fingerprint(GenericFingerprint):
def getFingerprint(self):
value = ""
wsOsFp = format.getOs("web server", kb.headersFp)
wsOsFp = Format.getOs("web server", kb.headersFp)
if wsOsFp:
value += "%s\n" % wsOsFp
if kb.data.banner:
dbmsOsFp = format.getOs("back-end DBMS", kb.bannerFp)
dbmsOsFp = Format.getOs("back-end DBMS", kb.bannerFp)
if dbmsOsFp:
value += "%s\n" % dbmsOsFp
@ -132,7 +132,7 @@ class Fingerprint(GenericFingerprint):
value += DBMS.ACCESS
return value
actVer = format.getDbms() + " (%s)" % (self.__sandBoxCheck())
actVer = Format.getDbms() + " (%s)" % (self.__sandBoxCheck())
blank = " " * 15
value += "active fingerprint: %s" % actVer
@ -142,10 +142,10 @@ class Fingerprint(GenericFingerprint):
if re.search("-log$", kb.data.banner):
banVer += ", logging enabled"
banVer = format.getDbms([banVer])
banVer = Format.getDbms([banVer])
value += "\n%sbanner parsing fingerprint: %s" % (blank, banVer)
htmlErrorFp = format.getErrorParsedDBMSes()
htmlErrorFp = Format.getErrorParsedDBMSes()
if htmlErrorFp:
value += "\n%shtml error message fingerprint: %s" % (blank, htmlErrorFp)
@ -155,7 +155,7 @@ class Fingerprint(GenericFingerprint):
return value
def checkDbms(self):
if not conf.extensiveFp and (backend.isDbmsWithin(ACCESS_ALIASES) or conf.dbms in ACCESS_ALIASES):
if not conf.extensiveFp and (Backend.isDbmsWithin(ACCESS_ALIASES) or conf.dbms in ACCESS_ALIASES):
setDbms(DBMS.ACCESS)
return True
@ -187,7 +187,7 @@ class Fingerprint(GenericFingerprint):
version = self.__sysTablesCheck()
if version is not None:
backend.setVersion(version)
Backend.setVersion(version)
return True
else:

32
plugins/dbms/firebird/fingerprint.py
View File

@ -10,8 +10,8 @@ See the file 'doc/COPYING' for copying permission
import re
from lib.core.agent import agent
from lib.core.common import backend
from lib.core.common import format
from lib.core.common import Backend
from lib.core.common import Format
from lib.core.common import getUnicode
from lib.core.common import randomInt
from lib.core.common import randomRange
@ -34,25 +34,25 @@ class Fingerprint(GenericFingerprint):
def getFingerprint(self):
value = ""
wsOsFp = format.getOs("web server", kb.headersFp)
wsOsFp = Format.getOs("web server", kb.headersFp)
if wsOsFp:
value += "%s\n" % wsOsFp
if kb.data.banner:
dbmsOsFp = format.getOs("back-end DBMS", kb.bannerFp)
dbmsOsFp = Format.getOs("back-end DBMS", kb.bannerFp)
if dbmsOsFp:
value += "%s\n" % dbmsOsFp
value += "back-end DBMS: "
actVer = format.getDbms()
actVer = Format.getDbms()
if not conf.extensiveFp:
value += actVer
return value
actVer = format.getDbms() + " (%s)" % (self.__dialectCheck())
actVer = Format.getDbms() + " (%s)" % (self.__dialectCheck())
blank = " " * 15
value += "active fingerprint: %s" % actVer
@ -62,10 +62,10 @@ class Fingerprint(GenericFingerprint):
if re.search("-log$", kb.data.banner):
banVer += ", logging enabled"
banVer = format.getDbms([banVer])
banVer = Format.getDbms([banVer])
value += "\n%sbanner parsing fingerprint: %s" % (blank, banVer)
htmlErrorFp = format.getErrorParsedDBMSes()
htmlErrorFp = Format.getErrorParsedDBMSes()
if htmlErrorFp:
value += "\n%shtml error message fingerprint: %s" % (blank, htmlErrorFp)
@ -101,23 +101,23 @@ class Fingerprint(GenericFingerprint):
def __dialectCheck(self):
retVal = None
if backend.getIdentifiedDbms():
if Backend.getIdentifiedDbms():
result = inject.checkBooleanExpression("EXISTS(SELECT CURRENT_DATE FROM RDB$DATABASE)")
retVal = "dialect 3" if result else "dialect 1"
return retVal
def checkDbms(self):
if not conf.extensiveFp and (backend.isDbmsWithin(FIREBIRD_ALIASES) \
or conf.dbms in FIREBIRD_ALIASES) and backend.getVersion() and \
backend.getVersion() != UNKNOWN_DBMS_VERSION:
v = backend.getVersion().replace(">", "")
if not conf.extensiveFp and (Backend.isDbmsWithin(FIREBIRD_ALIASES) \
or conf.dbms in FIREBIRD_ALIASES) and Backend.getVersion() and \
Backend.getVersion() != UNKNOWN_DBMS_VERSION:
v = Backend.getVersion().replace(">", "")
v = v.replace("=", "")
v = v.replace(" ", "")
backend.setVersion(v)
Backend.setVersion(v)
setDbms("%s %s" % (DBMS.FIREBIRD, backend.getVersion()))
setDbms("%s %s" % (DBMS.FIREBIRD, Backend.getVersion()))
self.getBanner()
@ -149,7 +149,7 @@ class Fingerprint(GenericFingerprint):
version = self.__sysTablesCheck()
if version is not None:
backend.setVersion(version)
Backend.setVersion(version)
setDbms("%s %s" % (DBMS.FIREBIRD, version))
self.getBanner()

14
plugins/dbms/maxdb/fingerprint.py
View File

@ -10,8 +10,8 @@ See the file 'doc/COPYING' for copying permission
import re
from lib.core.agent import agent
from lib.core.common import backend
from lib.core.common import format
from lib.core.common import Backend
from lib.core.common import Format
from lib.core.common import randomInt
from lib.core.common import randomRange
from lib.core.data import conf
@ -66,13 +66,13 @@ class Fingerprint(GenericFingerprint):
def getFingerprint(self):
value = ""
wsOsFp = format.getOs("web server", kb.headersFp)
wsOsFp = Format.getOs("web server", kb.headersFp)
if wsOsFp:
value += "%s\n" % wsOsFp
if kb.data.banner:
dbmsOsFp = format.getOs("back-end DBMS", kb.bannerFp)
dbmsOsFp = Format.getOs("back-end DBMS", kb.bannerFp)
if dbmsOsFp:
value += "%s\n" % dbmsOsFp
@ -84,14 +84,14 @@ class Fingerprint(GenericFingerprint):
value += DBMS.MAXDB
return value
actVer = format.getDbms() + " (%s)" % self.__versionCheck()
actVer = Format.getDbms() + " (%s)" % self.__versionCheck()
blank = " " * 15
value += "active fingerprint: %s" % actVer
if kb.bannerFp:
value += "\n%sbanner parsing fingerprint: -" % blank
htmlErrorFp = format.getErrorParsedDBMSes()
htmlErrorFp = Format.getErrorParsedDBMSes()
if htmlErrorFp:
value += "\n%shtml error message fingerprint: %s" % (blank, htmlErrorFp)
@ -99,7 +99,7 @@ class Fingerprint(GenericFingerprint):
return value
def checkDbms(self):
if not conf.extensiveFp and (backend.isDbmsWithin(MAXDB_ALIASES) or conf.dbms in MAXDB_ALIASES):
if not conf.extensiveFp and (Backend.isDbmsWithin(MAXDB_ALIASES) or conf.dbms in MAXDB_ALIASES):
setDbms(DBMS.MAXDB)
self.getBanner()

8
plugins/dbms/mssqlserver/enumeration.py
View File

@ -9,7 +9,7 @@ See the file 'doc/COPYING' for copying permission
from lib.core.agent import agent
from lib.core.common import arrayizeValue
from lib.core.common import backend
from lib.core.common import Backend
from lib.core.common import getRange
from lib.core.common import isNumPosStrValue
from lib.core.common import isTechniqueAvailable
@ -41,7 +41,7 @@ class Enumeration(GenericEnumeration):
infoMsg += " for database '%s'" % conf.db
logger.info(infoMsg)
rootQuery = queries[backend.getIdentifiedDbms()].tables
rootQuery = queries[Backend.getIdentifiedDbms()].tables
if not conf.db:
if not len(kb.data.cachedDbs):
@ -111,7 +111,7 @@ class Enumeration(GenericEnumeration):
return kb.data.cachedTables
def searchTable(self):
rootQuery = queries[backend.getIdentifiedDbms()].search_table
rootQuery = queries[Backend.getIdentifiedDbms()].search_table
foundTbls = {}
tblList = conf.tbl.split(",")
tblCond = rootQuery.inband.condition
@ -198,7 +198,7 @@ class Enumeration(GenericEnumeration):
return foundTbls
def searchColumn(self):
rootQuery = queries[backend.getIdentifiedDbms()].search_column
rootQuery = queries[Backend.getIdentifiedDbms()].search_column
foundCols = {}
dbs = {}
colList = conf.col.split(",")

26
plugins/dbms/mssqlserver/fingerprint.py
View File

@ -8,8 +8,8 @@ See the file 'doc/COPYING' for copying permission
"""
from lib.core.agent import agent
from lib.core.common import backend
from lib.core.common import format
from lib.core.common import Backend
from lib.core.common import Format
from lib.core.common import getUnicode
from lib.core.common import randomInt
from lib.core.data import conf
@ -30,19 +30,19 @@ class Fingerprint(GenericFingerprint):
def getFingerprint(self):
value = ""
wsOsFp = format.getOs("web server", kb.headersFp)
wsOsFp = Format.getOs("web server", kb.headersFp)
if wsOsFp:
value += "%s\n" % wsOsFp
if kb.data.banner:
dbmsOsFp = format.getOs("back-end DBMS", kb.bannerFp)
dbmsOsFp = Format.getOs("back-end DBMS", kb.bannerFp)
if dbmsOsFp:
value += "%s\n" % dbmsOsFp
value += "back-end DBMS: "
actVer = format.getDbms()
actVer = Format.getDbms()
if not conf.extensiveFp:
value += actVer
@ -63,7 +63,7 @@ class Fingerprint(GenericFingerprint):
value += "\n%sbanner parsing fingerprint: %s" % (blank, banVer)
htmlErrorFp = format.getErrorParsedDBMSes()
htmlErrorFp = Format.getErrorParsedDBMSes()
if htmlErrorFp:
value += "\n%shtml error message fingerprint: %s" % (blank, htmlErrorFp)
@ -71,10 +71,10 @@ class Fingerprint(GenericFingerprint):
return value
def checkDbms(self):
if not conf.extensiveFp and (backend.isDbmsWithin(MSSQL_ALIASES) \
or conf.dbms in MSSQL_ALIASES) and backend.getVersion() and \
backend.getVersion().isdigit():
setDbms("%s %s" % (DBMS.MSSQL, backend.getVersion()))
if not conf.extensiveFp and (Backend.isDbmsWithin(MSSQL_ALIASES) \
or conf.dbms in MSSQL_ALIASES) and Backend.getVersion() and \
Backend.getVersion().isdigit():
setDbms("%s %s" % (DBMS.MSSQL, Backend.getVersion()))
self.getBanner()
@ -103,10 +103,10 @@ class Fingerprint(GenericFingerprint):
result = inject.checkBooleanExpression(check)
if result:
backend.setVersion(version)
Backend.setVersion(version)
if backend.getVersion():
setDbms("%s %s" % (DBMS.MSSQL, backend.getVersion()))
if Backend.getVersion():
setDbms("%s %s" % (DBMS.MSSQL, Backend.getVersion()))
else:
setDbms(DBMS.MSSQL)

74
plugins/dbms/mysql/fingerprint.py
View File

@ -10,8 +10,8 @@ See the file 'doc/COPYING' for copying permission
import re
from lib.core.agent import agent
from lib.core.common import backend
from lib.core.common import format
from lib.core.common import Backend
from lib.core.common import Format
from lib.core.common import getUnicode
from lib.core.common import randomInt
from lib.core.data import conf
@ -97,19 +97,19 @@ class Fingerprint(GenericFingerprint):
def getFingerprint(self):
value = ""
wsOsFp = format.getOs("web server", kb.headersFp)
wsOsFp = Format.getOs("web server", kb.headersFp)
if wsOsFp:
value += "%s\n" % wsOsFp
if kb.data.banner:
dbmsOsFp = format.getOs("back-end DBMS", kb.bannerFp)
dbmsOsFp = Format.getOs("back-end DBMS", kb.bannerFp)
if dbmsOsFp:
value += "%s\n" % dbmsOsFp
value += "back-end DBMS: "
actVer = format.getDbms()
actVer = Format.getDbms()
if not conf.extensiveFp:
value += actVer
@ -120,7 +120,7 @@ class Fingerprint(GenericFingerprint):
value += "active fingerprint: %s" % actVer
if comVer:
comVer = format.getDbms([comVer])
comVer = Format.getDbms([comVer])
value += "\n%scomment injection fingerprint: %s" % (blank, comVer)
if kb.bannerFp:
@ -129,10 +129,10 @@ class Fingerprint(GenericFingerprint):
if re.search("-log$", kb.data.banner):
banVer += ", logging enabled"
banVer = format.getDbms([banVer] if banVer else None)
banVer = Format.getDbms([banVer] if banVer else None)
value += "\n%sbanner parsing fingerprint: %s" % (blank, banVer)
htmlErrorFp = format.getErrorParsedDBMSes()
htmlErrorFp = Format.getErrorParsedDBMSes()
if htmlErrorFp:
value += "\n%shtml error message fingerprint: %s" % (blank, htmlErrorFp)
@ -150,18 +150,18 @@ class Fingerprint(GenericFingerprint):
* http://dev.mysql.com/doc/refman/6.0/en/news-6-0-x.html (manual has been withdrawn)
"""
if not conf.extensiveFp and (backend.isDbmsWithin(MYSQL_ALIASES) \
or conf.dbms in MYSQL_ALIASES) and backend.getVersion() and \
backend.getVersion() != UNKNOWN_DBMS_VERSION:
v = backend.getVersion().replace(">", "")
if not conf.extensiveFp and (Backend.isDbmsWithin(MYSQL_ALIASES) \
or conf.dbms in MYSQL_ALIASES) and Backend.getVersion() and \
Backend.getVersion() != UNKNOWN_DBMS_VERSION:
v = Backend.getVersion().replace(">", "")
v = v.replace("=", "")
v = v.replace(" ", "")
backend.setVersion(v)
Backend.setVersion(v)
setDbms("%s %s" % (DBMS.MYSQL, backend.getVersion()))
setDbms("%s %s" % (DBMS.MYSQL, Backend.getVersion()))
if backend.isVersionGreaterOrEqualThan("5"):
if Backend.isVersionGreaterOrEqualThan("5"):
kb.data.has_information_schema = True
self.getBanner()
@ -190,7 +190,7 @@ class Fingerprint(GenericFingerprint):
#if inject.checkBooleanExpression("%s=(SELECT %s FROM information_schema.TABLES LIMIT 0, 1)" % (randInt, randInt)):
if inject.checkBooleanExpression("EXISTS(SELECT %s FROM information_schema.TABLES)" % randInt):
kb.data.has_information_schema = True
backend.setVersion(">= 5.0.0")
Backend.setVersion(">= 5.0.0")
setDbms("%s 5" % DBMS.MYSQL)
self.getBanner()
@ -202,43 +202,43 @@ class Fingerprint(GenericFingerprint):
# Check if it is MySQL >= 5.5.0
if inject.checkBooleanExpression("TO_SECONDS(950501)>0"):
backend.setVersion(">= 5.5.0")
Backend.setVersion(">= 5.5.0")
# Check if it is MySQL >= 5.1.2 and < 5.5.0
elif inject.checkBooleanExpression("@@table_open_cache=@@table_open_cache"):
if inject.checkBooleanExpression("%s=(SELECT %s FROM information_schema.GLOBAL_STATUS LIMIT 0, 1)" % (randInt, randInt)):
backend.setVersionList([">= 5.1.12", "< 5.5.0"])
Backend.setVersionList([">= 5.1.12", "< 5.5.0"])
elif inject.checkBooleanExpression("%s=(SELECT %s FROM information_schema.PROCESSLIST LIMIT 0, 1)" % (randInt,randInt)):
backend.setVersionList([">= 5.1.7", "< 5.1.12"])
Backend.setVersionList([">= 5.1.7", "< 5.1.12"])
elif inject.checkBooleanExpression("%s=(SELECT %s FROM information_schema.PARTITIONS LIMIT 0, 1)" % (randInt, randInt)):
backend.setVersion("= 5.1.6")
Backend.setVersion("= 5.1.6")
elif inject.checkBooleanExpression("%s=(SELECT %s FROM information_schema.PLUGINS LIMIT 0, 1)" % (randInt, randInt)):
backend.setVersionList([">= 5.1.5", "< 5.1.6"])
Backend.setVersionList([">= 5.1.5", "< 5.1.6"])
else:
backend.setVersionList([">= 5.1.2", "< 5.1.5"])
Backend.setVersionList([">= 5.1.2", "< 5.1.5"])
# Check if it is MySQL >= 5.0.0 and < 5.1.2
elif inject.checkBooleanExpression("@@hostname=@@hostname"):
backend.setVersionList([">= 5.0.38", "< 5.1.2"])
Backend.setVersionList([">= 5.0.38", "< 5.1.2"])
elif inject.checkBooleanExpression("@@character_set_filesystem=@@character_set_filesystem"):
backend.setVersionList([">= 5.0.19", "< 5.0.38"])
Backend.setVersionList([">= 5.0.19", "< 5.0.38"])
elif not inject.checkBooleanExpression("%s=(SELECT %s FROM DUAL WHERE %s!=%s)" % (randInt, randInt, randInt, randInt)):
backend.setVersionList([">= 5.0.11", "< 5.0.19"])
Backend.setVersionList([">= 5.0.11", "< 5.0.19"])
elif inject.checkBooleanExpression("@@div_precision_increment=@@div_precision_increment"):
backend.setVersionList([">= 5.0.6", "< 5.0.11"])
Backend.setVersionList([">= 5.0.6", "< 5.0.11"])
elif inject.checkBooleanExpression("@@automatic_sp_privileges=@@automatic_sp_privileges"):
backend.setVersionList([">= 5.0.3", "< 5.0.6"])
Backend.setVersionList([">= 5.0.3", "< 5.0.6"])
else:
backend.setVersionList([">= 5.0.0", "< 5.0.3"])
Backend.setVersionList([">= 5.0.0", "< 5.0.3"])
# For cases when information_schema is missing
elif inject.checkBooleanExpression("DATABASE() LIKE SCHEMA()"):
backend.setVersion(">= 5.0.2")
Backend.setVersion(">= 5.0.2")
setDbms("%s 5" % DBMS.MYSQL)
self.getBanner()
elif inject.checkBooleanExpression("STRCMP(LOWER(CURRENT_USER()), UPPER(CURRENT_USER()))=0"):
backend.setVersion("< 5.0.0")
Backend.setVersion("< 5.0.0")
setDbms("%s 4" % DBMS.MYSQL)
self.getBanner()
@ -247,20 +247,20 @@ class Fingerprint(GenericFingerprint):
# Check which version of MySQL < 5.0.0 it is
if inject.checkBooleanExpression("3=(SELECT COERCIBILITY(USER()))"):
backend.setVersionList([">= 4.1.11", "< 5.0.0"])
Backend.setVersionList([">= 4.1.11", "< 5.0.0"])
elif inject.checkBooleanExpression("2=(SELECT COERCIBILITY(USER()))"):
backend.setVersionList([">= 4.1.1", "< 4.1.11"])
Backend.setVersionList([">= 4.1.1", "< 4.1.11"])
elif inject.checkBooleanExpression("CURRENT_USER()=CURRENT_USER()"):
backend.setVersionList([">= 4.0.6", "< 4.1.1"])
Backend.setVersionList([">= 4.0.6", "< 4.1.1"])
if inject.checkBooleanExpression("'utf8'=(SELECT CHARSET(CURRENT_USER()))"):
backend.setVersion("= 4.1.0")
Backend.setVersion("= 4.1.0")
else:
backend.setVersionList([">= 4.0.6", "< 4.1.0"])
Backend.setVersionList([">= 4.0.6", "< 4.1.0"])
else:
backend.setVersionList([">= 4.0.0", "< 4.0.6"])
Backend.setVersionList([">= 4.0.0", "< 4.0.6"])
else:
backend.setVersion("< 4.0.0")
Backend.setVersion("< 4.0.0")
setDbms("%s 3" % DBMS.MYSQL)
self.getBanner()

6
plugins/dbms/oracle/enumeration.py
View File

@ -8,7 +8,7 @@ See the file 'doc/COPYING' for copying permission
"""
from lib.core.agent import agent
from lib.core.common import backend
from lib.core.common import Backend
from lib.core.common import getRange
from lib.core.common import isNumPosStrValue
from lib.core.common import isTechniqueAvailable
@ -30,7 +30,7 @@ class Enumeration(GenericEnumeration):
def getRoles(self, query2=False):
infoMsg = "fetching database users roles"
rootQuery = queries[backend.getIdentifiedDbms()].roles
rootQuery = queries[Backend.getIdentifiedDbms()].roles
if conf.user == "CU":
infoMsg += " for current user"
@ -179,7 +179,7 @@ class Enumeration(GenericEnumeration):
return []
def searchColumn(self):
rootQuery = queries[backend.getIdentifiedDbms()].search_column
rootQuery = queries[Backend.getIdentifiedDbms()].search_column
foundCols = {}
dbs = { "USERS": {} }
colList = conf.col.split(",")

18
plugins/dbms/oracle/fingerprint.py
View File

@ -10,8 +10,8 @@ See the file 'doc/COPYING' for copying permission
import re
from lib.core.agent import agent
from lib.core.common import backend
from lib.core.common import format
from lib.core.common import Backend
from lib.core.common import Format
from lib.core.data import conf
from lib.core.data import kb
from lib.core.data import logger
@ -29,13 +29,13 @@ class Fingerprint(GenericFingerprint):
def getFingerprint(self):
value = ""
wsOsFp = format.getOs("web server", kb.headersFp)
wsOsFp = Format.getOs("web server", kb.headersFp)
if wsOsFp:
value += "%s\n" % wsOsFp
if kb.data.banner:
dbmsOsFp = format.getOs("back-end DBMS", kb.bannerFp)
dbmsOsFp = Format.getOs("back-end DBMS", kb.bannerFp)
if dbmsOsFp:
value += "%s\n" % dbmsOsFp
@ -46,16 +46,16 @@ class Fingerprint(GenericFingerprint):
value += DBMS.ORACLE
return value
actVer = format.getDbms()
actVer = Format.getDbms()
blank = " " * 15
value += "active fingerprint: %s" % actVer
if kb.bannerFp:
banVer = kb.bannerFp["dbmsVersion"] if 'dbmsVersion' in kb.bannerFp else None
banVer = format.getDbms([banVer])
banVer = Format.getDbms([banVer])
value += "\n%sbanner parsing fingerprint: %s" % (blank, banVer)
htmlErrorFp = format.getErrorParsedDBMSes()
htmlErrorFp = Format.getErrorParsedDBMSes()
if htmlErrorFp:
value += "\n%shtml error message fingerprint: %s" % (blank, htmlErrorFp)
@ -63,7 +63,7 @@ class Fingerprint(GenericFingerprint):
return value
def checkDbms(self):
if not conf.extensiveFp and (backend.isDbmsWithin(ORACLE_ALIASES) or conf.dbms in ORACLE_ALIASES):
if not conf.extensiveFp and (Backend.isDbmsWithin(ORACLE_ALIASES) or conf.dbms in ORACLE_ALIASES):
setDbms(DBMS.ORACLE)
self.getBanner()
@ -112,7 +112,7 @@ class Fingerprint(GenericFingerprint):
output = inject.checkBooleanExpression("%d=(SELECT SUBSTR((VERSION), 1, %d) FROM SYS.PRODUCT_COMPONENT_VERSION WHERE ROWNUM=1)" % (number, 1 if number < 10 else 2))
if output:
backend.setVersion(version)
Backend.setVersion(version)
break
return True

46
plugins/dbms/postgresql/fingerprint.py
View File

@ -10,8 +10,8 @@ See the file 'doc/COPYING' for copying permission
import re
from lib.core.agent import agent
from lib.core.common import backend
from lib.core.common import format
from lib.core.common import Backend
from lib.core.common import Format
from lib.core.common import getUnicode
from lib.core.common import randomInt
from lib.core.data import conf
@ -32,13 +32,13 @@ class Fingerprint(GenericFingerprint):
def getFingerprint(self):
value = ""
wsOsFp = format.getOs("web server", kb.headersFp)
wsOsFp = Format.getOs("web server", kb.headersFp)
if wsOsFp:
value += "%s\n" % wsOsFp
if kb.data.banner:
dbmsOsFp = format.getOs("back-end DBMS", kb.bannerFp)
dbmsOsFp = Format.getOs("back-end DBMS", kb.bannerFp)
if dbmsOsFp:
value += "%s\n" % dbmsOsFp
@ -49,16 +49,16 @@ class Fingerprint(GenericFingerprint):
value += DBMS.PGSQL
return value
actVer = format.getDbms()
actVer = Format.getDbms()
blank = " " * 15
value += "active fingerprint: %s" % actVer
if kb.bannerFp:
banVer = kb.bannerFp["dbmsVersion"] if 'dbmsVersion' in kb.bannerFp else None
banVer = format.getDbms([banVer])
banVer = Format.getDbms([banVer])
value += "\n%sbanner parsing fingerprint: %s" % (blank, banVer)
htmlErrorFp = format.getErrorParsedDBMSes()
htmlErrorFp = Format.getErrorParsedDBMSes()
if htmlErrorFp:
value += "\n%shtml error message fingerprint: %s" % (blank, htmlErrorFp)
@ -72,7 +72,7 @@ class Fingerprint(GenericFingerprint):
* http://www.postgresql.org/docs/8.4/interactive/release.html (up to 8.4.2)
"""
if not conf.extensiveFp and (backend.isDbmsWithin(PGSQL_ALIASES) or conf.dbms in PGSQL_ALIASES):
if not conf.extensiveFp and (Backend.isDbmsWithin(PGSQL_ALIASES) or conf.dbms in PGSQL_ALIASES):
setDbms(DBMS.PGSQL)
self.getBanner()
@ -108,35 +108,35 @@ class Fingerprint(GenericFingerprint):
logger.info(infoMsg)
if inject.checkBooleanExpression("2=(SELECT DIV(6, 3))"):
backend.setVersion(">= 8.4.0")
Backend.setVersion(">= 8.4.0")
elif inject.checkBooleanExpression("EXTRACT(ISODOW FROM CURRENT_TIMESTAMP)<8"):
backend.setVersionList([">= 8.3.0", "< 8.4"])
Backend.setVersionList([">= 8.3.0", "< 8.4"])
elif inject.checkBooleanExpression("ISFINITE(TRANSACTION_TIMESTAMP())"):
backend.setVersionList([">= 8.2.0", "< 8.3.0"])
Backend.setVersionList([">= 8.2.0", "< 8.3.0"])
elif inject.checkBooleanExpression("9=(SELECT GREATEST(5, 9, 1))"):
backend.setVersionList([">= 8.1.0", "< 8.2.0"])
Backend.setVersionList([">= 8.1.0", "< 8.2.0"])
elif inject.checkBooleanExpression("3=(SELECT WIDTH_BUCKET(5.35, 0.024, 10.06, 5))"):
backend.setVersionList([">= 8.0.0", "< 8.1.0"])
Backend.setVersionList([">= 8.0.0", "< 8.1.0"])
elif inject.checkBooleanExpression("'d'=(SELECT SUBSTR(MD5('sqlmap'), 1, 1))"):
backend.setVersionList([">= 7.4.0", "< 8.0.0"])
Backend.setVersionList([">= 7.4.0", "< 8.0.0"])
elif inject.checkBooleanExpression("'p'=(SELECT SUBSTR(CURRENT_SCHEMA(), 1, 1))"):
backend.setVersionList([">= 7.3.0", "< 7.4.0"])
Backend.setVersionList([">= 7.3.0", "< 7.4.0"])
elif inject.checkBooleanExpression("8=(SELECT BIT_LENGTH(1))"):
backend.setVersionList([">= 7.2.0", "< 7.3.0"])
Backend.setVersionList([">= 7.2.0", "< 7.3.0"])
elif inject.checkBooleanExpression("'a'=(SELECT SUBSTR(QUOTE_LITERAL('a'), 2, 1))"):
backend.setVersionList([">= 7.1.0", "< 7.2.0"])
Backend.setVersionList([">= 7.1.0", "< 7.2.0"])
elif inject.checkBooleanExpression("8=(SELECT POW(2, 3))"):
backend.setVersionList([">= 7.0.0", "< 7.1.0"])
Backend.setVersionList([">= 7.0.0", "< 7.1.0"])
elif inject.checkBooleanExpression("'a'=(SELECT MAX('a'))"):
backend.setVersionList([">= 6.5.0", "< 6.5.3"])
Backend.setVersionList([">= 6.5.0", "< 6.5.3"])
elif inject.checkBooleanExpression("VERSION()=VERSION()"):
backend.setVersionList([">= 6.4.0", "< 6.5.0"])
Backend.setVersionList([">= 6.4.0", "< 6.5.0"])
elif inject.checkBooleanExpression("2=(SELECT SUBSTR(CURRENT_DATE, 1, 1))"):
backend.setVersionList([">= 6.3.0", "< 6.4.0"])
Backend.setVersionList([">= 6.3.0", "< 6.4.0"])
elif inject.checkBooleanExpression("'s'=(SELECT SUBSTRING('sqlmap', 1, 1))"):
backend.setVersionList([">= 6.2.0", "< 6.3.0"])
Backend.setVersionList([">= 6.2.0", "< 6.3.0"])
else:
backend.setVersion("< 6.2.0")
Backend.setVersion("< 6.2.0")
return True
else:

18
plugins/dbms/sqlite/fingerprint.py
View File

@ -8,8 +8,8 @@ See the file 'doc/COPYING' for copying permission
"""
from lib.core.agent import agent
from lib.core.common import backend
from lib.core.common import format
from lib.core.common import Backend
from lib.core.common import Format
from lib.core.data import conf
from lib.core.data import kb
from lib.core.data import logger
@ -28,13 +28,13 @@ class Fingerprint(GenericFingerprint):
def getFingerprint(self):
value = ""
wsOsFp = format.getOs("web server", kb.headersFp)
wsOsFp = Format.getOs("web server", kb.headersFp)
if wsOsFp:
value += "%s\n" % wsOsFp
if kb.data.banner:
dbmsOsFp = format.getOs("back-end DBMS", kb.bannerFp)
dbmsOsFp = Format.getOs("back-end DBMS", kb.bannerFp)
if dbmsOsFp:
value += "%s\n" % dbmsOsFp
@ -45,16 +45,16 @@ class Fingerprint(GenericFingerprint):
value += DBMS.SQLITE
return value
actVer = format.getDbms()
actVer = Format.getDbms()
blank = " " * 15
value += "active fingerprint: %s" % actVer
if kb.bannerFp:
banVer = kb.bannerFp["dbmsVersion"]
banVer = format.getDbms([banVer])
banVer = Format.getDbms([banVer])
value += "\n%sbanner parsing fingerprint: %s" % (blank, banVer)
htmlErrorFp = format.getErrorParsedDBMSes()
htmlErrorFp = Format.getErrorParsedDBMSes()
if htmlErrorFp:
value += "\n%shtml error message fingerprint: %s" % (blank, htmlErrorFp)
@ -69,7 +69,7 @@ class Fingerprint(GenericFingerprint):
* http://www.sqlite.org/cvstrac/wiki?p=LoadableExtensions
"""
if not conf.extensiveFp and (backend.isDbmsWithin(SQLITE_ALIASES) or conf.dbms in SQLITE_ALIASES):
if not conf.extensiveFp and (Backend.isDbmsWithin(SQLITE_ALIASES) or conf.dbms in SQLITE_ALIASES):
setDbms(DBMS.SQLITE)
self.getBanner()
@ -98,7 +98,7 @@ class Fingerprint(GenericFingerprint):
result = inject.checkBooleanExpression("RANDOMBLOB(-1)>0")
version = '3' if result else '2'
backend.setVersion(version)
Backend.setVersion(version)
setDbms(DBMS.SQLITE)

24
plugins/dbms/sybase/fingerprint.py
View File

@ -8,8 +8,8 @@ See the file 'doc/COPYING' for copying permission
"""
from lib.core.agent import agent
from lib.core.common import backend
from lib.core.common import format
from lib.core.common import Backend
from lib.core.common import Format
from lib.core.common import randomInt
from lib.core.data import conf
from lib.core.data import kb
@ -28,13 +28,13 @@ class Fingerprint(GenericFingerprint):
def getFingerprint(self):
value = ""
wsOsFp = format.getOs("web server", kb.headersFp)
wsOsFp = Format.getOs("web server", kb.headersFp)
if wsOsFp:
value += "%s\n" % wsOsFp
if kb.data.banner:
dbmsOsFp = format.getOs("back-end DBMS", kb.bannerFp)
dbmsOsFp = Format.getOs("back-end DBMS", kb.bannerFp)
if dbmsOsFp:
value += "%s\n" % dbmsOsFp
@ -45,16 +45,16 @@ class Fingerprint(GenericFingerprint):
value += DBMS.SYBASE
return value
actVer = format.getDbms()
actVer = Format.getDbms()
blank = " " * 15
value += "active fingerprint: %s" % actVer
if kb.bannerFp:
banVer = kb.bannerFp["dbmsVersion"]
banVer = format.getDbms([banVer])
banVer = Format.getDbms([banVer])
value += "\n%sbanner parsing fingerprint: %s" % (blank, banVer)
htmlErrorFp = format.getErrorParsedDBMSes()
htmlErrorFp = Format.getErrorParsedDBMSes()
if htmlErrorFp:
value += "\n%shtml error message fingerprint: %s" % (blank, htmlErrorFp)
@ -62,10 +62,10 @@ class Fingerprint(GenericFingerprint):
return value
def checkDbms(self):
if not conf.extensiveFp and (backend.isDbmsWithin(SYBASE_ALIASES) \
or conf.dbms in SYBASE_ALIASES) and backend.getVersion() and \
backend.getVersion().isdigit():
setDbms("%s %s" % (DBMS.SYBASE, backend.getVersion()))
if not conf.extensiveFp and (Backend.isDbmsWithin(SYBASE_ALIASES) \
or conf.dbms in SYBASE_ALIASES) and Backend.getVersion() and \
Backend.getVersion().isdigit():
setDbms("%s %s" % (DBMS.SYBASE, Backend.getVersion()))
self.getBanner()
@ -107,7 +107,7 @@ class Fingerprint(GenericFingerprint):
result = inject.checkBooleanExpression("@@VERSION_NUMBER/1000=%d" % version)
if result:
backend.setVersion(str(version))
Backend.setVersion(str(version))
break
return True

240
plugins/generic/enumeration.py
View File

@ -12,13 +12,13 @@ import time
from lib.core.agent import agent
from lib.core.common import arrayizeValue
from lib.core.common import backend
from lib.core.common import Backend
from lib.core.common import dataToStdout
from lib.core.common import getRange
from lib.core.common import getCompiledRegex
from lib.core.common import getConsoleWidth
from lib.core.common import getFileItems
from lib.core.common import backend
from lib.core.common import Backend
from lib.core.common import getUnicode
from lib.core.common import isNumPosStrValue
from lib.core.common import isTechniqueAvailable
@ -86,7 +86,7 @@ class Enumeration:
infoMsg = "fetching banner"
logger.info(infoMsg)
query = queries[backend.getIdentifiedDbms()].banner.query
query = queries[Backend.getIdentifiedDbms()].banner.query
kb.data.banner = inject.getValue(query)
bannerParser(kb.data.banner)
@ -108,7 +108,7 @@ class Enumeration:
infoMsg = "fetching current user"
logger.info(infoMsg)
query = queries[backend.getIdentifiedDbms()].current_user.query
query = queries[Backend.getIdentifiedDbms()].current_user.query
if not kb.data.currentUser:
kb.data.currentUser = inject.getValue(query)
@ -119,7 +119,7 @@ class Enumeration:
infoMsg = "fetching current database"
logger.info(infoMsg)
query = queries[backend.getIdentifiedDbms()].current_db.query
query = queries[Backend.getIdentifiedDbms()].current_db.query
if not kb.data.currentDb:
kb.data.currentDb = inject.getValue(query)
@ -130,11 +130,11 @@ class Enumeration:
infoMsg = "testing if current user is DBA"
logger.info(infoMsg)
if backend.getIdentifiedDbms() == DBMS.MYSQL:
if Backend.getIdentifiedDbms() == DBMS.MYSQL:
self.getCurrentUser()
query = queries[backend.getIdentifiedDbms()].is_dba.query % kb.data.currentUser.split("@")[0]
query = queries[Backend.getIdentifiedDbms()].is_dba.query % kb.data.currentUser.split("@")[0]
else:
query = queries[backend.getIdentifiedDbms()].is_dba.query
query = queries[Backend.getIdentifiedDbms()].is_dba.query
query = agent.forgeCaseStatement(query)
@ -146,10 +146,10 @@ class Enumeration:
infoMsg = "fetching database users"
logger.info(infoMsg)
rootQuery = queries[backend.getIdentifiedDbms()].users
rootQuery = queries[Backend.getIdentifiedDbms()].users
condition = ( backend.getIdentifiedDbms() == DBMS.MSSQL and backend.isVersionWithin(("2005", "2008")) )
condition |= ( backend.getIdentifiedDbms() == DBMS.MYSQL and not kb.data.has_information_schema )
condition = ( Backend.getIdentifiedDbms() == DBMS.MSSQL and Backend.isVersionWithin(("2005", "2008")) )
condition |= ( Backend.getIdentifiedDbms() == DBMS.MYSQL and not kb.data.has_information_schema )
if isTechniqueAvailable(PAYLOAD.TECHNIQUE.UNION) or isTechniqueAvailable(PAYLOAD.TECHNIQUE.ERROR) or conf.direct:
if condition:
@ -175,14 +175,14 @@ class Enumeration:
errMsg = "unable to retrieve the number of database users"
raise sqlmapNoneDataException, errMsg
if backend.getIdentifiedDbms() == DBMS.ORACLE:
if Backend.getIdentifiedDbms() == DBMS.ORACLE:
plusOne = True
else:
plusOne = False
indexRange = getRange(count, plusOne=plusOne)
for index in indexRange:
if backend.getIdentifiedDbms() in (DBMS.SYBASE, DBMS.MAXDB):
if Backend.getIdentifiedDbms() in (DBMS.SYBASE, DBMS.MAXDB):
query = rootQuery.blind.query % (kb.data.cachedUsers[-1] if kb.data.cachedUsers else " ")
elif condition:
query = rootQuery.blind.query2 % index
@ -202,7 +202,7 @@ class Enumeration:
def getPasswordHashes(self):
infoMsg = "fetching database users password hashes"
rootQuery = queries[backend.getIdentifiedDbms()].passwords
rootQuery = queries[Backend.getIdentifiedDbms()].passwords
if conf.user == "CU":
infoMsg += " for current user"
@ -211,7 +211,7 @@ class Enumeration:
logger.info(infoMsg)
if isTechniqueAvailable(PAYLOAD.TECHNIQUE.UNION) or isTechniqueAvailable(PAYLOAD.TECHNIQUE.ERROR) or conf.direct:
if backend.getIdentifiedDbms() == DBMS.MSSQL and backend.isVersionWithin(("2005", "2008")):
if Backend.getIdentifiedDbms() == DBMS.MSSQL and Backend.isVersionWithin(("2005", "2008")):
query = rootQuery.inband.query2
else:
query = rootQuery.inband.query
@ -224,7 +224,7 @@ class Enumeration:
query += " WHERE "
query += " OR ".join("%s = '%s'" % (condition, user) for user in users)
else:
if backend.getIdentifiedDbms() == DBMS.MYSQL:
if Backend.getIdentifiedDbms() == DBMS.MYSQL:
parsedUser = re.search("[\047]*(.*?)[\047]*\@", conf.user)
if parsedUser:
@ -261,7 +261,7 @@ class Enumeration:
retrievedUsers = set()
for user in users:
if backend.getIdentifiedDbms() == DBMS.MYSQL:
if Backend.getIdentifiedDbms() == DBMS.MYSQL:
parsedUser = re.search("[\047]*(.*?)[\047]*\@", user)
if parsedUser:
@ -274,7 +274,7 @@ class Enumeration:
infoMsg += "for user '%s'" % user
logger.info(infoMsg)
if backend.getIdentifiedDbms() == DBMS.MSSQL and backend.isVersionWithin(("2005", "2008")):
if Backend.getIdentifiedDbms() == DBMS.MSSQL and Backend.isVersionWithin(("2005", "2008")):
query = rootQuery.blind.count2 % user
else:
query = rootQuery.blind.count % user
@ -291,14 +291,14 @@ class Enumeration:
passwords = []
if backend.getIdentifiedDbms() == DBMS.ORACLE:
if Backend.getIdentifiedDbms() == DBMS.ORACLE:
plusOne = True
else:
plusOne = False
indexRange = getRange(count, plusOne=plusOne)
for index in indexRange:
if backend.getIdentifiedDbms() == DBMS.SYBASE:
if Backend.getIdentifiedDbms() == DBMS.SYBASE:
if index > 0:
warnMsg = "unable to retrieve other password "
warnMsg += "hashes for user '%s'" % user
@ -307,15 +307,15 @@ class Enumeration:
else:
query = rootQuery.blind.query % user
getCurrentThreadData().disableStdOut = True
elif backend.getIdentifiedDbms() == DBMS.MSSQL:
if backend.isVersionWithin(("2005", "2008")):
elif Backend.getIdentifiedDbms() == DBMS.MSSQL:
if Backend.isVersionWithin(("2005", "2008")):
query = rootQuery.blind.query2 % (user, index, user)
else:
query = rootQuery.blind.query % (user, index, user)
else:
query = rootQuery.blind.query % (user, index)
password = inject.getValue(query, inband=False, error=False)
if backend.getIdentifiedDbms() == DBMS.SYBASE:
if Backend.getIdentifiedDbms() == DBMS.SYBASE:
getCurrentThreadData().disableStdOut = False
password = "0x%s" % strToHex(password)
infoMsg = "retrieved: %s" % password
@ -352,31 +352,31 @@ class Enumeration:
def __isAdminFromPrivileges(self, privileges):
# In PostgreSQL the usesuper privilege means that the
# user is DBA
dbaCondition = ( backend.getIdentifiedDbms() == DBMS.PGSQL and "super" in privileges )
dbaCondition = ( Backend.getIdentifiedDbms() == DBMS.PGSQL and "super" in privileges )
# In Oracle the DBA privilege means that the
# user is DBA
dbaCondition |= ( backend.getIdentifiedDbms() == DBMS.ORACLE and "DBA" in privileges )
dbaCondition |= ( Backend.getIdentifiedDbms() == DBMS.ORACLE and "DBA" in privileges )
# In MySQL >= 5.0 the SUPER privilege means
# that the user is DBA
dbaCondition |= ( backend.getIdentifiedDbms() == DBMS.MYSQL and kb.data.has_information_schema and "SUPER" in privileges )
dbaCondition |= ( Backend.getIdentifiedDbms() == DBMS.MYSQL and kb.data.has_information_schema and "SUPER" in privileges )
# In MySQL < 5.0 the super_priv privilege means
# that the user is DBA
dbaCondition |= ( backend.getIdentifiedDbms() == DBMS.MYSQL and not kb.data.has_information_schema and "super_priv" in privileges )
dbaCondition |= ( Backend.getIdentifiedDbms() == DBMS.MYSQL and not kb.data.has_information_schema and "super_priv" in privileges )
# In Firebird there is no specific privilege that means
# that the user is DBA
# TODO: confirm
dbaCondition |= ( backend.getIdentifiedDbms() == DBMS.FIREBIRD and "SELECT" in privileges and "INSERT" in privileges and "UPDATE" in privileges and "DELETE" in privileges and "REFERENCES" in privileges and "EXECUTE" in privileges )
dbaCondition |= ( Backend.getIdentifiedDbms() == DBMS.FIREBIRD and "SELECT" in privileges and "INSERT" in privileges and "UPDATE" in privileges and "DELETE" in privileges and "REFERENCES" in privileges and "EXECUTE" in privileges )
return dbaCondition
def getPrivileges(self, query2=False):
infoMsg = "fetching database users privileges"
rootQuery = queries[backend.getIdentifiedDbms()].privileges
rootQuery = queries[Backend.getIdentifiedDbms()].privileges
if conf.user == "CU":
infoMsg += " for current user"
@ -432,10 +432,10 @@ class Enumeration:
}
if isTechniqueAvailable(PAYLOAD.TECHNIQUE.UNION) or isTechniqueAvailable(PAYLOAD.TECHNIQUE.ERROR) or conf.direct:
if backend.getIdentifiedDbms() == DBMS.MYSQL and not kb.data.has_information_schema:
if Backend.getIdentifiedDbms() == DBMS.MYSQL and not kb.data.has_information_schema:
query = rootQuery.inband.query2
condition = rootQuery.inband.condition2
elif backend.getIdentifiedDbms() == DBMS.ORACLE and query2:
elif Backend.getIdentifiedDbms() == DBMS.ORACLE and query2:
query = rootQuery.inband.query2
condition = rootQuery.inband.condition2
else:
@ -447,7 +447,7 @@ class Enumeration:
query += " WHERE "
# NOTE: I assume that the user provided is not in
# MySQL >= 5.0 syntax 'user'@'host'
if backend.getIdentifiedDbms() == DBMS.MYSQL and kb.data.has_information_schema:
if Backend.getIdentifiedDbms() == DBMS.MYSQL and kb.data.has_information_schema:
queryUser = "%" + conf.user + "%"
query += " OR ".join("%s LIKE '%s'" % (condition, "%" + user + "%") for user in users)
else:
@ -455,7 +455,7 @@ class Enumeration:
values = inject.getValue(query, blind=False)
if not values and backend.getIdentifiedDbms() == DBMS.ORACLE and not query2:
if not values and Backend.getIdentifiedDbms() == DBMS.ORACLE and not query2:
infoMsg = "trying with table USER_SYS_PRIVS"
logger.info(infoMsg)
@ -477,19 +477,19 @@ class Enumeration:
# In PostgreSQL we get 1 if the privilege is
# True, 0 otherwise
if backend.getIdentifiedDbms() == DBMS.PGSQL and getUnicode(privilege).isdigit():
if Backend.getIdentifiedDbms() == DBMS.PGSQL and getUnicode(privilege).isdigit():
for position, pgsqlPriv in pgsqlPrivs:
if count == position and int(privilege) == 1:
privileges.add(pgsqlPriv)
# In MySQL >= 5.0 and Oracle we get the list
# of privileges as string
elif backend.getIdentifiedDbms() == DBMS.ORACLE or ( backend.getIdentifiedDbms() == DBMS.MYSQL and kb.data.has_information_schema ):
elif Backend.getIdentifiedDbms() == DBMS.ORACLE or ( Backend.getIdentifiedDbms() == DBMS.MYSQL and kb.data.has_information_schema ):
privileges.add(privilege)
# In MySQL < 5.0 we get Y if the privilege is
# True, N otherwise
elif backend.getIdentifiedDbms() == DBMS.MYSQL and not kb.data.has_information_schema:
elif Backend.getIdentifiedDbms() == DBMS.MYSQL and not kb.data.has_information_schema:
for position, mysqlPriv in mysqlPrivs:
if count == position and privilege.upper() == "Y":
privileges.add(mysqlPriv)
@ -506,7 +506,7 @@ class Enumeration:
conditionChar = "="
if conf.user:
if backend.getIdentifiedDbms() == DBMS.MYSQL and kb.data.has_information_schema:
if Backend.getIdentifiedDbms() == DBMS.MYSQL and kb.data.has_information_schema:
conditionChar = " LIKE "
if "," in conf.user:
@ -533,7 +533,7 @@ class Enumeration:
for user in users:
unescapedUser = None
if backend.getIdentifiedDbms() == DBMS.MYSQL and kb.data.has_information_schema:
if Backend.getIdentifiedDbms() == DBMS.MYSQL and kb.data.has_information_schema:
unescapedUser = unescaper.unescape(user, quote=False)
if user in retrievedUsers:
@ -548,18 +548,18 @@ class Enumeration:
else:
queryUser = user
if backend.getIdentifiedDbms() == DBMS.MYSQL and not kb.data.has_information_schema:
if Backend.getIdentifiedDbms() == DBMS.MYSQL and not kb.data.has_information_schema:
query = rootQuery.blind.count2 % queryUser
elif backend.getIdentifiedDbms() == DBMS.MYSQL and kb.data.has_information_schema:
elif Backend.getIdentifiedDbms() == DBMS.MYSQL and kb.data.has_information_schema:
query = rootQuery.blind.count % (conditionChar, queryUser)
elif backend.getIdentifiedDbms() == DBMS.ORACLE and query2:
elif Backend.getIdentifiedDbms() == DBMS.ORACLE and query2:
query = rootQuery.blind.count2 % queryUser
else:
query = rootQuery.blind.count % queryUser
count = inject.getValue(query, inband=False, error=False, expected=EXPECTED.INT, charsetType=2)
if not isNumPosStrValue(count):
if not (isinstance(count, basestring) and count.isdigit()) and backend.getIdentifiedDbms() == DBMS.ORACLE and not query2:
if not (isinstance(count, basestring) and count.isdigit()) and Backend.getIdentifiedDbms() == DBMS.ORACLE and not query2:
infoMsg = "trying with table USER_SYS_PRIVS"
logger.info(infoMsg)
@ -575,20 +575,20 @@ class Enumeration:
privileges = set()
if backend.getIdentifiedDbms() == DBMS.ORACLE:
if Backend.getIdentifiedDbms() == DBMS.ORACLE:
plusOne = True
else:
plusOne = False
indexRange = getRange(count, plusOne=plusOne)
for index in indexRange:
if backend.getIdentifiedDbms() == DBMS.MYSQL and not kb.data.has_information_schema:
if Backend.getIdentifiedDbms() == DBMS.MYSQL and not kb.data.has_information_schema:
query = rootQuery.blind.query2 % (queryUser, index)
elif backend.getIdentifiedDbms() == DBMS.MYSQL and kb.data.has_information_schema:
elif Backend.getIdentifiedDbms() == DBMS.MYSQL and kb.data.has_information_schema:
query = rootQuery.blind.query % (conditionChar, queryUser, index)
elif backend.getIdentifiedDbms() == DBMS.ORACLE and query2:
elif Backend.getIdentifiedDbms() == DBMS.ORACLE and query2:
query = rootQuery.blind.query2 % (queryUser, index)
elif backend.getIdentifiedDbms() == DBMS.FIREBIRD:
elif Backend.getIdentifiedDbms() == DBMS.FIREBIRD:
query = rootQuery.blind.query % (index, queryUser)
else:
query = rootQuery.blind.query % (queryUser, index)
@ -596,7 +596,7 @@ class Enumeration:
# In PostgreSQL we get 1 if the privilege is True,
# 0 otherwise
if backend.getIdentifiedDbms() == DBMS.PGSQL and ", " in privilege:
if Backend.getIdentifiedDbms() == DBMS.PGSQL and ", " in privilege:
privilege = privilege.replace(", ", ",")
privs = privilege.split(",")
i = 1
@ -611,12 +611,12 @@ class Enumeration:
# In MySQL >= 5.0 and Oracle we get the list
# of privileges as string
elif backend.getIdentifiedDbms() == DBMS.ORACLE or ( backend.getIdentifiedDbms() == DBMS.MYSQL and kb.data.has_information_schema ):
elif Backend.getIdentifiedDbms() == DBMS.ORACLE or ( Backend.getIdentifiedDbms() == DBMS.MYSQL and kb.data.has_information_schema ):
privileges.add(privilege)
# In MySQL < 5.0 we get Y if the privilege is
# True, N otherwise
elif backend.getIdentifiedDbms() == DBMS.MYSQL and not kb.data.has_information_schema:
elif Backend.getIdentifiedDbms() == DBMS.MYSQL and not kb.data.has_information_schema:
privilege = privilege.replace(", ", ",")
privs = privilege.split(",")
i = 1
@ -630,7 +630,7 @@ class Enumeration:
i += 1
# In Firebird we get one letter for each privilege
elif backend.getIdentifiedDbms() == DBMS.FIREBIRD:
elif Backend.getIdentifiedDbms() == DBMS.FIREBIRD:
privileges.add(firebirdPrivs[privilege.strip()])
if self.__isAdminFromPrivileges(privileges):
@ -639,7 +639,7 @@ class Enumeration:
# In MySQL < 5.0 we break the cycle after the first
# time we get the user's privileges otherwise we
# duplicate the same query
if backend.getIdentifiedDbms() == DBMS.MYSQL and not kb.data.has_information_schema:
if Backend.getIdentifiedDbms() == DBMS.MYSQL and not kb.data.has_information_schema:
break
if privileges:
@ -659,14 +659,14 @@ class Enumeration:
return ( kb.data.cachedUsersPrivileges, areAdmins )
def getRoles(self, query2=False):
warnMsg = "on %s the concept of roles does not " % backend.getIdentifiedDbms()
warnMsg = "on %s the concept of roles does not " % Backend.getIdentifiedDbms()
warnMsg += "exist. sqlmap will enumerate privileges instead"
logger.warn(warnMsg)
return self.getPrivileges(query2)
def getDbs(self):
if backend.getIdentifiedDbms() == DBMS.MYSQL and not kb.data.has_information_schema:
if Backend.getIdentifiedDbms() == DBMS.MYSQL and not kb.data.has_information_schema:
warnMsg = "information_schema not available, "
warnMsg += "back-end DBMS is MySQL < 5. database "
warnMsg += "names will be fetched from 'mysql' database"
@ -675,10 +675,10 @@ class Enumeration:
infoMsg = "fetching database names"
logger.info(infoMsg)
rootQuery = queries[backend.getIdentifiedDbms()].dbs
rootQuery = queries[Backend.getIdentifiedDbms()].dbs
if isTechniqueAvailable(PAYLOAD.TECHNIQUE.UNION) or isTechniqueAvailable(PAYLOAD.TECHNIQUE.ERROR) or conf.direct:
if backend.getIdentifiedDbms() == DBMS.MYSQL and not kb.data.has_information_schema:
if Backend.getIdentifiedDbms() == DBMS.MYSQL and not kb.data.has_information_schema:
query = rootQuery.inband.query2
else:
query = rootQuery.inband.query
@ -691,7 +691,7 @@ class Enumeration:
infoMsg = "fetching number of databases"
logger.info(infoMsg)
if backend.getIdentifiedDbms() == DBMS.MYSQL and not kb.data.has_information_schema:
if Backend.getIdentifiedDbms() == DBMS.MYSQL and not kb.data.has_information_schema:
query = rootQuery.blind.count2
else:
query = rootQuery.blind.count
@ -704,9 +704,9 @@ class Enumeration:
indexRange = getRange(count)
for index in indexRange:
if backend.getIdentifiedDbms() == DBMS.SYBASE:
if Backend.getIdentifiedDbms() == DBMS.SYBASE:
query = rootQuery.blind.query % (kb.data.cachedDbs[-1] if kb.data.cachedDbs else " ")
elif backend.getIdentifiedDbms() == DBMS.MYSQL and not kb.data.has_information_schema:
elif Backend.getIdentifiedDbms() == DBMS.MYSQL and not kb.data.has_information_schema:
query = rootQuery.blind.query2 % index
else:
query = rootQuery.blind.query % index
@ -726,13 +726,13 @@ class Enumeration:
self.forceDbmsEnum()
if backend.getIdentifiedDbms() == DBMS.MYSQL and not kb.data.has_information_schema:
if Backend.getIdentifiedDbms() == DBMS.MYSQL and not kb.data.has_information_schema:
errMsg = "information_schema not available, "
errMsg += "back-end DBMS is MySQL < 5.0"
logger.error(errMsg)
bruteForce = True
elif backend.getIdentifiedDbms() == DBMS.ACCESS:
elif Backend.getIdentifiedDbms() == DBMS.ACCESS:
errMsg = "cannot retrieve table names, "
errMsg += "back-end DBMS is Access"
logger.error(errMsg)
@ -771,7 +771,7 @@ class Enumeration:
infoMsg += " for database '%s'" % conf.db
logger.info(infoMsg)
rootQuery = queries[backend.getIdentifiedDbms()].tables
rootQuery = queries[Backend.getIdentifiedDbms()].tables
if conf.db:
if "," in conf.db:
@ -789,7 +789,7 @@ class Enumeration:
condition = rootQuery.inband.condition if 'condition' in rootQuery.inband else None
if condition:
if conf.db and backend.getIdentifiedDbms() != DBMS.SQLITE:
if conf.db and Backend.getIdentifiedDbms() != DBMS.SQLITE:
if "," in conf.db:
dbs = conf.db.split(",")
query += " WHERE "
@ -802,12 +802,12 @@ class Enumeration:
infoMsg = "skipping system databases '%s'" % ", ".join(db for db in self.excludeDbsList)
logger.info(infoMsg)
if backend.getIdentifiedDbms() in (DBMS.MSSQL, DBMS.SYBASE):
if Backend.getIdentifiedDbms() in (DBMS.MSSQL, DBMS.SYBASE):
query = safeStringFormat(query, conf.db)
value = inject.getValue(query, blind=False)
if value:
if backend.getIdentifiedDbms() == DBMS.SQLITE:
if Backend.getIdentifiedDbms() == DBMS.SQLITE:
if isinstance(value, basestring):
value = [[ DBMS.SQLITE, value ]]
elif isinstance(value, (list, tuple, set)):
@ -836,7 +836,7 @@ class Enumeration:
infoMsg += "database '%s'" % db
logger.info(infoMsg)
if backend.getIdentifiedDbms() in (DBMS.SQLITE, DBMS.FIREBIRD, DBMS.MAXDB):
if Backend.getIdentifiedDbms() in (DBMS.SQLITE, DBMS.FIREBIRD, DBMS.MAXDB):
query = rootQuery.blind.count
else:
query = rootQuery.blind.count % db
@ -850,18 +850,18 @@ class Enumeration:
tables = []
if backend.getIdentifiedDbms() in ( DBMS.MSSQL, DBMS.ORACLE ):
if Backend.getIdentifiedDbms() in ( DBMS.MSSQL, DBMS.ORACLE ):
plusOne = True
else:
plusOne = False
indexRange = getRange(count, plusOne=plusOne)
for index in indexRange:
if backend.getIdentifiedDbms() == DBMS.SYBASE:
if Backend.getIdentifiedDbms() == DBMS.SYBASE:
query = rootQuery.blind.query % (db, (kb.data.cachedTables[-1] if kb.data.cachedTables else " "))
elif backend.getIdentifiedDbms() == DBMS.MAXDB:
elif Backend.getIdentifiedDbms() == DBMS.MAXDB:
query = rootQuery.blind.query % (kb.data.cachedTables[-1] if kb.data.cachedTables else " ")
elif backend.getIdentifiedDbms() in (DBMS.SQLITE, DBMS.FIREBIRD):
elif Backend.getIdentifiedDbms() in (DBMS.SQLITE, DBMS.FIREBIRD):
query = rootQuery.blind.query % index
else:
query = rootQuery.blind.query % (db, index)
@ -902,13 +902,13 @@ class Enumeration:
conf.db = self.getCurrentDb()
if backend.getIdentifiedDbms() == DBMS.MYSQL and not kb.data.has_information_schema:
if Backend.getIdentifiedDbms() == DBMS.MYSQL and not kb.data.has_information_schema:
errMsg = "information_schema not available, "
errMsg += "back-end DBMS is MySQL < 5.0"
logger.error(errMsg)
bruteForce = True
elif backend.getIdentifiedDbms() == DBMS.ACCESS:
elif Backend.getIdentifiedDbms() == DBMS.ACCESS:
errMsg = "cannot retrieve column names, "
errMsg += "back-end DBMS is Access"
logger.error(errMsg)
@ -959,13 +959,13 @@ class Enumeration:
"37":"VARCHAR"
}
rootQuery = queries[backend.getIdentifiedDbms()].columns
rootQuery = queries[Backend.getIdentifiedDbms()].columns
condition = rootQuery.blind.condition if 'condition' in rootQuery.blind else None
infoMsg = "fetching columns "
if conf.col:
if backend.getIdentifiedDbms() == DBMS.ORACLE:
if Backend.getIdentifiedDbms() == DBMS.ORACLE:
conf.col = conf.col.upper()
colList = conf.col.split(",")
condQuery = " AND (" + " OR ".join("%s LIKE '%s'" % (condition, "%" + col + "%") for col in colList) + ")"
@ -978,24 +978,24 @@ class Enumeration:
logger.info(infoMsg)
if isTechniqueAvailable(PAYLOAD.TECHNIQUE.UNION) or isTechniqueAvailable(PAYLOAD.TECHNIQUE.ERROR) or conf.direct:
if backend.getIdentifiedDbms() in ( DBMS.MYSQL, DBMS.PGSQL ):
if Backend.getIdentifiedDbms() in ( DBMS.MYSQL, DBMS.PGSQL ):
query = rootQuery.inband.query % (conf.tbl, conf.db)
query += condQuery
elif backend.getIdentifiedDbms() == DBMS.ORACLE:
elif Backend.getIdentifiedDbms() == DBMS.ORACLE:
query = rootQuery.inband.query % conf.tbl.upper()
query += condQuery
elif backend.getIdentifiedDbms() == DBMS.MSSQL:
elif Backend.getIdentifiedDbms() == DBMS.MSSQL:
query = rootQuery.inband.query % (conf.db, conf.db,
conf.db, conf.db,
conf.db, conf.db,
conf.db, conf.tbl)
query += condQuery.replace("[DB]", conf.db)
elif backend.getIdentifiedDbms() == DBMS.SQLITE:
elif Backend.getIdentifiedDbms() == DBMS.SQLITE:
query = rootQuery.inband.query % conf.tbl
value = inject.getValue(query, blind=False)
if backend.getIdentifiedDbms() == DBMS.SQLITE:
if Backend.getIdentifiedDbms() == DBMS.SQLITE:
parseSqliteTableSchema(value)
elif value:
table = {}
@ -1018,19 +1018,19 @@ class Enumeration:
infoMsg += " on database '%s'" % conf.db
logger.info(infoMsg)
if backend.getIdentifiedDbms() in ( DBMS.MYSQL, DBMS.PGSQL ):
if Backend.getIdentifiedDbms() in ( DBMS.MYSQL, DBMS.PGSQL ):
query = rootQuery.blind.count % (conf.tbl, conf.db)
query += condQuery
elif backend.getIdentifiedDbms() == DBMS.ORACLE:
elif Backend.getIdentifiedDbms() == DBMS.ORACLE:
query = rootQuery.blind.count % conf.tbl.upper()
query += condQuery
elif backend.getIdentifiedDbms() == DBMS.MSSQL:
elif Backend.getIdentifiedDbms() == DBMS.MSSQL:
query = rootQuery.blind.count % (conf.db, conf.db, conf.tbl)
query += condQuery.replace("[DB]", conf.db)
elif backend.getIdentifiedDbms() == DBMS.FIREBIRD:
elif Backend.getIdentifiedDbms() == DBMS.FIREBIRD:
query = rootQuery.blind.count % (conf.tbl)
query += condQuery
elif backend.getIdentifiedDbms() == DBMS.SQLITE:
elif Backend.getIdentifiedDbms() == DBMS.SQLITE:
query = rootQuery.blind.query % conf.tbl
value = inject.getValue(query, inband=False, error=False)
@ -1052,22 +1052,22 @@ class Enumeration:
indexRange = getRange(count)
for index in indexRange:
if backend.getIdentifiedDbms() in ( DBMS.MYSQL, DBMS.PGSQL ):
if Backend.getIdentifiedDbms() in ( DBMS.MYSQL, DBMS.PGSQL ):
query = rootQuery.blind.query % (conf.tbl, conf.db)
query += condQuery
field = None
elif backend.getIdentifiedDbms() == DBMS.ORACLE:
elif Backend.getIdentifiedDbms() == DBMS.ORACLE:
query = rootQuery.blind.query % (conf.tbl.upper())
query += condQuery
field = None
elif backend.getIdentifiedDbms() == DBMS.MSSQL:
elif Backend.getIdentifiedDbms() == DBMS.MSSQL:
query = rootQuery.blind.query % (conf.db, conf.db,
conf.db, conf.db,
conf.db, conf.db,
conf.tbl)
query += condQuery.replace("[DB]", conf.db)
field = condition.replace("[DB]", conf.db)
elif backend.getIdentifiedDbms() == DBMS.FIREBIRD:
elif Backend.getIdentifiedDbms() == DBMS.FIREBIRD:
query = rootQuery.blind.query % (conf.tbl)
query += condQuery
field = None
@ -1076,20 +1076,20 @@ class Enumeration:
column = inject.getValue(query, inband=False, error=False)
if not onlyColNames:
if backend.getIdentifiedDbms() in ( DBMS.MYSQL, DBMS.PGSQL ):
if Backend.getIdentifiedDbms() in ( DBMS.MYSQL, DBMS.PGSQL ):
query = rootQuery.blind.query2 % (conf.tbl, column, conf.db)
elif backend.getIdentifiedDbms() == DBMS.ORACLE:
elif Backend.getIdentifiedDbms() == DBMS.ORACLE:
query = rootQuery.blind.query2 % (conf.tbl.upper(), column)
elif backend.getIdentifiedDbms() == DBMS.MSSQL:
elif Backend.getIdentifiedDbms() == DBMS.MSSQL:
query = rootQuery.blind.query2 % (conf.db, conf.db, conf.db,
conf.db, column, conf.db,
conf.db, conf.db, conf.tbl)
elif backend.getIdentifiedDbms() == DBMS.FIREBIRD:
elif Backend.getIdentifiedDbms() == DBMS.FIREBIRD:
query = rootQuery.blind.query2 % (conf.tbl, column)
colType = inject.getValue(query, inband=False, error=False)
if backend.getIdentifiedDbms() == DBMS.FIREBIRD:
if Backend.getIdentifiedDbms() == DBMS.FIREBIRD:
colType = firebirdTypes[colType] if colType in firebirdTypes else colType
columns[column] = colType
@ -1135,9 +1135,9 @@ class Enumeration:
conf.db = self.getCurrentDb()
rootQuery = queries[backend.getIdentifiedDbms()].dump_table
rootQuery = queries[Backend.getIdentifiedDbms()].dump_table
if backend.getIdentifiedDbms() == DBMS.MYSQL:
if Backend.getIdentifiedDbms() == DBMS.MYSQL:
if '-' in conf.tbl:
conf.tbl = "`%s`" % conf.tbl
if '-' in conf.db:
@ -1180,9 +1180,9 @@ class Enumeration:
entriesCount = 0
if isTechniqueAvailable(PAYLOAD.TECHNIQUE.UNION) or isTechniqueAvailable(PAYLOAD.TECHNIQUE.ERROR) or conf.direct:
if backend.getIdentifiedDbms() == DBMS.ORACLE:
if Backend.getIdentifiedDbms() == DBMS.ORACLE:
query = rootQuery.inband.query % (colString, conf.tbl.upper())
elif backend.getIdentifiedDbms() == DBMS.SQLITE:
elif Backend.getIdentifiedDbms() == DBMS.SQLITE:
query = rootQuery.inband.query % (colString, conf.tbl)
else:
query = rootQuery.inband.query % (colString, conf.db, conf.tbl)
@ -1228,9 +1228,9 @@ class Enumeration:
infoMsg += "on database '%s'" % conf.db
logger.info(infoMsg)
if backend.getIdentifiedDbms() == DBMS.ORACLE:
if Backend.getIdentifiedDbms() == DBMS.ORACLE:
query = rootQuery.blind.count % conf.tbl.upper()
elif backend.getIdentifiedDbms() in (DBMS.SQLITE, DBMS.ACCESS, DBMS.FIREBIRD):
elif Backend.getIdentifiedDbms() in (DBMS.SQLITE, DBMS.ACCESS, DBMS.FIREBIRD):
query = rootQuery.blind.count % conf.tbl
else:
query = rootQuery.blind.count % (conf.db, conf.tbl)
@ -1250,14 +1250,14 @@ class Enumeration:
lengths = {}
entries = {}
if backend.getIdentifiedDbms() in (DBMS.ORACLE, DBMS.MSSQL, DBMS.SYBASE):
if Backend.getIdentifiedDbms() in (DBMS.ORACLE, DBMS.MSSQL, DBMS.SYBASE):
plusOne = True
else:
plusOne = False
indexRange = getRange(count, dump=True, plusOne=plusOne)
try:
if backend.getIdentifiedDbms() == DBMS.ACCESS:
if Backend.getIdentifiedDbms() == DBMS.ACCESS:
validColumnList = False
validPivotValue = False
@ -1334,22 +1334,22 @@ class Enumeration:
if column not in entries:
entries[column] = []
if backend.getIdentifiedDbms() in ( DBMS.MYSQL, DBMS.PGSQL ):
if Backend.getIdentifiedDbms() in ( DBMS.MYSQL, DBMS.PGSQL ):
query = rootQuery.blind.query % (column, conf.db,
conf.tbl, index)
elif backend.getIdentifiedDbms() == DBMS.ORACLE:
elif Backend.getIdentifiedDbms() == DBMS.ORACLE:
query = rootQuery.blind.query % (column, column,
conf.tbl.upper(),
index)
elif backend.getIdentifiedDbms() in (DBMS.MSSQL, DBMS.SYBASE):
elif Backend.getIdentifiedDbms() in (DBMS.MSSQL, DBMS.SYBASE):
query = rootQuery.blind.query % (column, index, conf.db,
conf.tbl, colList[0],
colList[0], colList[0])
elif backend.getIdentifiedDbms() == DBMS.SQLITE:
elif Backend.getIdentifiedDbms() == DBMS.SQLITE:
query = rootQuery.blind.query % (column, conf.tbl, index)
elif backend.getIdentifiedDbms() == DBMS.FIREBIRD:
elif Backend.getIdentifiedDbms() == DBMS.FIREBIRD:
query = rootQuery.blind.query % (index, column, conf.tbl)
value = inject.getValue(query, inband=False, error=False)
@ -1393,7 +1393,7 @@ class Enumeration:
return kb.data.dumpedTable
def dumpAll(self):
if backend.getIdentifiedDbms() == DBMS.MYSQL and not kb.data.has_information_schema:
if Backend.getIdentifiedDbms() == DBMS.MYSQL and not kb.data.has_information_schema:
errMsg = "information_schema not available, "
errMsg += "back-end DBMS is MySQL < 5.0"
raise sqlmapUnsupportedFeatureException, errMsg
@ -1494,10 +1494,10 @@ class Enumeration:
def searchDb(self):
foundDbs = []
rootQuery = queries[backend.getIdentifiedDbms()].search_db
rootQuery = queries[Backend.getIdentifiedDbms()].search_db
dbList = conf.db.split(",")
if backend.getIdentifiedDbms() == DBMS.MYSQL and not kb.data.has_information_schema:
if Backend.getIdentifiedDbms() == DBMS.MYSQL and not kb.data.has_information_schema:
dbCond = rootQuery.inband.condition2
else:
dbCond = rootQuery.inband.condition
@ -1522,7 +1522,7 @@ class Enumeration:
dbQuery = dbQuery % db
if isTechniqueAvailable(PAYLOAD.TECHNIQUE.UNION) or isTechniqueAvailable(PAYLOAD.TECHNIQUE.ERROR) or conf.direct:
if backend.getIdentifiedDbms() == DBMS.MYSQL and not kb.data.has_information_schema:
if Backend.getIdentifiedDbms() == DBMS.MYSQL and not kb.data.has_information_schema:
query = rootQuery.inband.query2
else:
query = rootQuery.inband.query
@ -1543,7 +1543,7 @@ class Enumeration:
infoMsg += " '%s'" % db
logger.info(infoMsg)
if backend.getIdentifiedDbms() == DBMS.MYSQL and not kb.data.has_information_schema:
if Backend.getIdentifiedDbms() == DBMS.MYSQL and not kb.data.has_information_schema:
query = rootQuery.blind.count2
else:
query = rootQuery.blind.count
@ -1563,7 +1563,7 @@ class Enumeration:
indexRange = getRange(count)
for index in indexRange:
if backend.getIdentifiedDbms() == DBMS.MYSQL and not kb.data.has_information_schema:
if Backend.getIdentifiedDbms() == DBMS.MYSQL and not kb.data.has_information_schema:
query = rootQuery.blind.query2
else:
query = rootQuery.blind.query
@ -1578,12 +1578,12 @@ class Enumeration:
def searchTable(self):
bruteForce = False
if backend.getIdentifiedDbms() == DBMS.MYSQL and not kb.data.has_information_schema:
if Backend.getIdentifiedDbms() == DBMS.MYSQL and not kb.data.has_information_schema:
errMsg = "information_schema not available, "
errMsg += "back-end DBMS is MySQL < 5.0"
bruteForce = True
elif backend.getIdentifiedDbms() == DBMS.ACCESS:
elif Backend.getIdentifiedDbms() == DBMS.ACCESS:
errMsg = "cannot retrieve table names, "
errMsg += "back-end DBMS is Access"
logger.error(errMsg)
@ -1601,7 +1601,7 @@ class Enumeration:
regex = "|".join(conf.tbl.split(","))
return tableExists(paths.COMMON_TABLES, regex)
rootQuery = queries[backend.getIdentifiedDbms()].search_table
rootQuery = queries[Backend.getIdentifiedDbms()].search_table
foundTbls = {}
tblList = conf.tbl.split(",")
tblCond = rootQuery.inband.condition
@ -1610,7 +1610,7 @@ class Enumeration:
tblConsider, tblCondParam = self.likeOrExact("table")
for tbl in tblList:
if backend.getIdentifiedDbms() == DBMS.ORACLE:
if Backend.getIdentifiedDbms() == DBMS.ORACLE:
tbl = tbl.upper()
infoMsg = "searching table"
@ -1720,12 +1720,12 @@ class Enumeration:
def searchColumn(self):
bruteForce = False
if backend.getIdentifiedDbms() == DBMS.MYSQL and not kb.data.has_information_schema:
if Backend.getIdentifiedDbms() == DBMS.MYSQL and not kb.data.has_information_schema:
errMsg = "information_schema not available, "
errMsg += "back-end DBMS is MySQL < 5.0"
bruteForce = True
elif backend.getIdentifiedDbms() == DBMS.ACCESS:
elif Backend.getIdentifiedDbms() == DBMS.ACCESS:
errMsg = "cannot retrieve column names, "
errMsg += "back-end DBMS is Access"
logger.error(errMsg)
@ -1751,7 +1751,7 @@ class Enumeration:
return
rootQuery = queries[backend.getIdentifiedDbms()].search_column
rootQuery = queries[Backend.getIdentifiedDbms()].search_column
foundCols = {}
dbs = {}
colList = conf.col.split(",")
@ -1968,7 +1968,7 @@ class Enumeration:
return output
def sqlShell(self):
infoMsg = "calling %s shell. To quit type " % backend.getIdentifiedDbms()
infoMsg = "calling %s shell. To quit type " % Backend.getIdentifiedDbms()
infoMsg += "'x' or 'q' and press ENTER"
logger.info(infoMsg)

12
plugins/generic/filesystem.py
View File

@ -13,7 +13,7 @@ import os
from lib.core.agent import agent
from lib.core.common import dataToOutFile
from lib.core.common import backend
from lib.core.common import Backend
from lib.core.common import isTechniqueAvailable
from lib.core.common import randomStr
from lib.core.common import readInput
@ -87,13 +87,13 @@ class Filesystem:
return fileLines
def __checkWrittenFile(self, wFile, dFile, fileType):
if backend.getIdentifiedDbms() == DBMS.MYSQL:
if Backend.getIdentifiedDbms() == DBMS.MYSQL:
lengthQuery = "SELECT LENGTH(LOAD_FILE('%s'))" % dFile
elif backend.getIdentifiedDbms() == DBMS.PGSQL:
elif Backend.getIdentifiedDbms() == DBMS.PGSQL:
lengthQuery = "SELECT LENGTH(data) FROM pg_largeobject WHERE loid=%d" % self.oid
elif backend.getIdentifiedDbms() == DBMS.MSSQL:
elif Backend.getIdentifiedDbms() == DBMS.MSSQL:
self.createSupportTbl(self.fileTblName, self.tblField, "text")
# Reference: http://msdn.microsoft.com/en-us/library/ms188365.aspx
@ -271,7 +271,7 @@ class Filesystem:
fileContent = self.unionReadFile(rFile)
if fileContent in ( None, "" ) and backend.getIdentifiedDbms() != DBMS.PGSQL:
if fileContent in ( None, "" ) and Backend.getIdentifiedDbms() != DBMS.PGSQL:
self.cleanup(onlyFileTbl=True)
return
@ -289,7 +289,7 @@ class Filesystem:
fileContent = self.__unhexString(fileContent)
rFilePath = dataToOutFile(fileContent)
if backend.getIdentifiedDbms() != DBMS.PGSQL:
if Backend.getIdentifiedDbms() != DBMS.PGSQL:
self.cleanup(onlyFileTbl=True)
return rFilePath

4
plugins/generic/fingerprint.py
View File

@ -7,7 +7,7 @@ Copyright (c) 2006-2010 sqlmap developers (http://sqlmap.sourceforge.net/)
See the file 'doc/COPYING' for copying permission
"""
from lib.core.common import backend
from lib.core.common import Backend
from lib.core.common import readInput
from lib.core.data import kb
from lib.core.data import logger
@ -19,7 +19,7 @@ class Fingerprint:
"""
def __init__(self, dbms):
backend.forceDbms(dbms)
Backend.forceDbms(dbms)
def getFingerprint(self):
errMsg = "'getFingerprint' method must be defined "

14
plugins/generic/misc.py
View File

@ -10,7 +10,7 @@ See the file 'doc/COPYING' for copying permission
import re
from lib.core.common import getCompiledRegex
from lib.core.common import backend
from lib.core.common import Backend
from lib.core.common import isTechniqueAvailable
from lib.core.common import normalizePath
from lib.core.common import ntToPosixSlashes
@ -57,19 +57,19 @@ class Miscellaneous:
infoMsg = "detecting back-end DBMS version from its banner"
logger.info(infoMsg)
if backend.getIdentifiedDbms() == DBMS.MYSQL:
if Backend.getIdentifiedDbms() == DBMS.MYSQL:
first, last = 1, 6
elif backend.getIdentifiedDbms() == DBMS.PGSQL:
elif Backend.getIdentifiedDbms() == DBMS.PGSQL:
first, last = 12, 6
elif backend.getIdentifiedDbms() == DBMS.MSSQL:
elif Backend.getIdentifiedDbms() == DBMS.MSSQL:
first, last = 29, 9
else:
raise sqlmapUnsupportedFeatureException, "unsupported DBMS"
query = queries[backend.getIdentifiedDbms()].substring.query % (queries[backend.getIdentifiedDbms()].banner.query, first, last)
query = queries[Backend.getIdentifiedDbms()].substring.query % (queries[Backend.getIdentifiedDbms()].banner.query, first, last)
if conf.direct:
query = "SELECT %s" % query
@ -120,7 +120,7 @@ class Miscellaneous:
if not onlyFileTbl:
inject.goStacked("DROP TABLE %s" % self.cmdTblName, silent=True)
if backend.getIdentifiedDbms() == DBMS.MSSQL:
if Backend.getIdentifiedDbms() == DBMS.MSSQL:
return
if udfDict is None:
@ -133,7 +133,7 @@ class Miscellaneous:
if not output or output in ("y", "Y"):
dropStr = "DROP FUNCTION %s" % udf
if backend.getIdentifiedDbms() == DBMS.PGSQL:
if Backend.getIdentifiedDbms() == DBMS.PGSQL:
inp = ", ".join(i for i in inpRet["input"])
dropStr += "(%s)" % inp

30
plugins/generic/takeover.py
View File

@ -9,7 +9,7 @@ See the file 'doc/COPYING' for copying permission
import os
from lib.core.common import backend
from lib.core.common import Backend
from lib.core.common import isTechniqueAvailable
from lib.core.common import readInput
from lib.core.common import runningAsAdmin
@ -45,7 +45,7 @@ class Takeover(Abstraction, Metasploit, ICMPsh, Registry, Miscellaneous):
def osCmd(self):
if isTechniqueAvailable(PAYLOAD.TECHNIQUE.STACKED) or conf.direct:
web = False
elif not isTechniqueAvailable(PAYLOAD.TECHNIQUE.STACKED) and backend.getIdentifiedDbms() == DBMS.MYSQL:
elif not isTechniqueAvailable(PAYLOAD.TECHNIQUE.STACKED) and Backend.getIdentifiedDbms() == DBMS.MYSQL:
infoMsg = "going to use a web backdoor for command execution"
logger.info(infoMsg)
@ -66,7 +66,7 @@ class Takeover(Abstraction, Metasploit, ICMPsh, Registry, Miscellaneous):
def osShell(self):
if isTechniqueAvailable(PAYLOAD.TECHNIQUE.STACKED) or conf.direct:
web = False
elif not isTechniqueAvailable(PAYLOAD.TECHNIQUE.STACKED) and backend.getIdentifiedDbms() == DBMS.MYSQL:
elif not isTechniqueAvailable(PAYLOAD.TECHNIQUE.STACKED) and Backend.getIdentifiedDbms() == DBMS.MYSQL:
infoMsg = "going to use a web backdoor for command prompt"
logger.info(infoMsg)
@ -149,7 +149,7 @@ class Takeover(Abstraction, Metasploit, ICMPsh, Registry, Miscellaneous):
errMsg += "is unlikely to receive commands send from you"
logger.error(errMsg)
if backend.getIdentifiedDbms() in ( DBMS.MYSQL, DBMS.PGSQL ):
if Backend.getIdentifiedDbms() in ( DBMS.MYSQL, DBMS.PGSQL ):
self.sysUdfs.pop("sys_bineval")
if isTechniqueAvailable(PAYLOAD.TECHNIQUE.STACKED) or conf.direct:
@ -159,7 +159,7 @@ class Takeover(Abstraction, Metasploit, ICMPsh, Registry, Miscellaneous):
self.initEnv(web=web)
if tunnel == 1:
if backend.getIdentifiedDbms() in ( DBMS.MYSQL, DBMS.PGSQL ):
if Backend.getIdentifiedDbms() in ( DBMS.MYSQL, DBMS.PGSQL ):
msg = "how do you want to execute the Metasploit shellcode "
msg += "on the back-end database underlying operating system?"
msg += "\n[1] Via UDF 'sys_bineval' (in-memory way, anti-forensics, default)"
@ -189,7 +189,7 @@ class Takeover(Abstraction, Metasploit, ICMPsh, Registry, Miscellaneous):
self.uploadMsfPayloadStager()
if kb.os == "Windows" and conf.privEsc:
if backend.getIdentifiedDbms() == DBMS.MYSQL:
if Backend.getIdentifiedDbms() == DBMS.MYSQL:
debugMsg = "by default MySQL on Windows runs as SYSTEM "
debugMsg += "user, no need to privilege escalate"
logger.debug(debugMsg)
@ -207,7 +207,7 @@ class Takeover(Abstraction, Metasploit, ICMPsh, Registry, Miscellaneous):
self.uploadIcmpshSlave(web=web)
self.icmpPwn()
elif not isTechniqueAvailable(PAYLOAD.TECHNIQUE.STACKED) and backend.getIdentifiedDbms() == DBMS.MYSQL:
elif not isTechniqueAvailable(PAYLOAD.TECHNIQUE.STACKED) and Backend.getIdentifiedDbms() == DBMS.MYSQL:
web = True
infoMsg = "going to use a web backdoor to establish the tunnel"
@ -256,13 +256,13 @@ class Takeover(Abstraction, Metasploit, ICMPsh, Registry, Miscellaneous):
raise sqlmapUnsupportedDBMSException(errMsg)
if not isTechniqueAvailable(PAYLOAD.TECHNIQUE.STACKED) and not conf.direct:
if backend.getIdentifiedDbms() in ( DBMS.PGSQL, DBMS.MSSQL ):
if Backend.getIdentifiedDbms() in ( DBMS.PGSQL, DBMS.MSSQL ):
errMsg = "on this back-end DBMS it is only possible to "
errMsg += "perform the SMB relay attack if stacked "
errMsg += "queries are supported"
raise sqlmapUnsupportedDBMSException(errMsg)
elif backend.getIdentifiedDbms() == DBMS.MYSQL:
elif Backend.getIdentifiedDbms() == DBMS.MYSQL:
debugMsg = "since stacked queries are not supported, "
debugMsg += "sqlmap is going to perform the SMB relay "
debugMsg += "attack via inference blind SQL injection"
@ -271,19 +271,19 @@ class Takeover(Abstraction, Metasploit, ICMPsh, Registry, Miscellaneous):
printWarn = True
warnMsg = "it is unlikely that this attack will be successful "
if backend.getIdentifiedDbms() == DBMS.MYSQL:
if Backend.getIdentifiedDbms() == DBMS.MYSQL:
warnMsg += "because by default MySQL on Windows runs as "
warnMsg += "Local System which is not a real user, it does "
warnMsg += "not send the NTLM session hash when connecting to "
warnMsg += "a SMB service"
elif backend.getIdentifiedDbms() == DBMS.PGSQL:
elif Backend.getIdentifiedDbms() == DBMS.PGSQL:
warnMsg += "because by default PostgreSQL on Windows runs "
warnMsg += "as postgres user which is a real user of the "
warnMsg += "system, but not within the Administrators group"
elif backend.getIdentifiedDbms() == DBMS.MSSQL and backend.isVersionWithin(("2005", "2008")):
warnMsg += "because often Microsoft SQL Server %s " % backend.getVersion()
elif Backend.getIdentifiedDbms() == DBMS.MSSQL and Backend.isVersionWithin(("2005", "2008")):
warnMsg += "because often Microsoft SQL Server %s " % Backend.getVersion()
warnMsg += "runs as Network Service which is not a real user, "
warnMsg += "it does not send the NTLM session hash when "
warnMsg += "connecting to a SMB service"
@ -300,14 +300,14 @@ class Takeover(Abstraction, Metasploit, ICMPsh, Registry, Miscellaneous):
if not isTechniqueAvailable(PAYLOAD.TECHNIQUE.STACKED) and not conf.direct:
return
if not backend.getIdentifiedDbms() == DBMS.MSSQL or not backend.isVersionWithin(("2000", "2005")):
if not Backend.getIdentifiedDbms() == DBMS.MSSQL or not Backend.isVersionWithin(("2000", "2005")):
errMsg = "the back-end DBMS must be Microsoft SQL Server "
errMsg += "2000 or 2005 to be able to exploit the heap-based "
errMsg += "buffer overflow in the 'sp_replwritetovarbin' "
errMsg += "stored procedure (MS09-004)"
raise sqlmapUnsupportedDBMSException(errMsg)
infoMsg = "going to exploit the Microsoft SQL Server %s " % backend.getVersion()
infoMsg = "going to exploit the Microsoft SQL Server %s " % Backend.getVersion()
infoMsg += "'sp_replwritetovarbin' stored procedure heap-based "
infoMsg += "buffer overflow (MS09-004)"
logger.info(infoMsg)