mirror of
https://github.com/sqlmapproject/sqlmap.git
synced 2024-11-22 09:36:35 +03:00
refactoring (class names should always be Capital cased)
This commit is contained in:
parent
ddd296030d
commit
367d0639f0
|
@ -1036,7 +1036,7 @@ class CallgrindParser(LineParser):
|
|||
"""Parser for valgrind's callgrind tool.
|
||||
|
||||
See also:
|
||||
- http://valgrind.org/docs/manual/cl-format.html
|
||||
- http://valgrind.org/docs/manual/cl-Format.html
|
||||
"""
|
||||
|
||||
_call_re = re.compile('^calls=\s*(\d+)\s+((\d+|\+\d+|-\d+|\*)\s+)+$')
|
||||
|
|
|
@ -16,7 +16,7 @@
|
|||
# along with this program. If not, see <http://www.gnu.org/licenses/>.
|
||||
#
|
||||
|
||||
'''Visualize dot graphs via the xdot format.'''
|
||||
'''Visualize dot graphs via the xdot Format.'''
|
||||
|
||||
__author__ = "Jose Fonseca"
|
||||
|
||||
|
|
|
@ -8,8 +8,8 @@ See the file 'doc/COPYING' for copying permission
|
|||
"""
|
||||
|
||||
from lib.controller.handler import setHandler
|
||||
from lib.core.common import backend
|
||||
from lib.core.common import format
|
||||
from lib.core.common import Backend
|
||||
from lib.core.common import Format
|
||||
from lib.core.common import dataToStdout
|
||||
from lib.core.data import conf
|
||||
from lib.core.data import kb
|
||||
|
@ -31,8 +31,8 @@ def action():
|
|||
# system to be able to go ahead with the injection
|
||||
setHandler()
|
||||
|
||||
if not backend.getDbms() or not conf.dbmsHandler:
|
||||
htmlParsed = format.getErrorParsedDBMSes()
|
||||
if not Backend.getDbms() or not conf.dbmsHandler:
|
||||
htmlParsed = Format.getErrorParsedDBMSes()
|
||||
|
||||
errMsg = "sqlmap was not able to fingerprint the "
|
||||
errMsg += "back-end database management system"
|
||||
|
|
|
@ -13,11 +13,11 @@ import time
|
|||
|
||||
from lib.core.agent import agent
|
||||
from lib.core.common import aliasToDbmsEnum
|
||||
from lib.core.common import backend
|
||||
from lib.core.common import Backend
|
||||
from lib.core.common import beep
|
||||
from lib.core.common import extractRegexResult
|
||||
from lib.core.common import findDynamicContent
|
||||
from lib.core.common import format
|
||||
from lib.core.common import Format
|
||||
from lib.core.common import getComparePageRatio
|
||||
from lib.core.common import getCompiledRegex
|
||||
from lib.core.common import getSortedInjectionTests
|
||||
|
@ -140,19 +140,19 @@ def checkSqlInjection(place, parameter, value):
|
|||
|
||||
continue
|
||||
|
||||
if len(backend.getErrorParsedDBMSes()) > 0 and dbms not in backend.getErrorParsedDBMSes() and kb.skipOthersDbms is None:
|
||||
if len(Backend.getErrorParsedDBMSes()) > 0 and dbms not in Backend.getErrorParsedDBMSes() and kb.skipOthersDbms is None:
|
||||
msg = "parsed error message(s) showed that the "
|
||||
msg += "back-end DBMS could be %s. " % format.getErrorParsedDBMSes()
|
||||
msg += "back-end DBMS could be %s. " % Format.getErrorParsedDBMSes()
|
||||
msg += "Do you want to skip test payloads specific for other DBMSes? [Y/n]"
|
||||
|
||||
if conf.realTest or readInput(msg, default="Y") in ("y", "Y"):
|
||||
kb.skipOthersDbms = backend.getErrorParsedDBMSes()
|
||||
kb.skipOthersDbms = Backend.getErrorParsedDBMSes()
|
||||
|
||||
if kb.skipOthersDbms and dbms not in kb.skipOthersDbms:
|
||||
debugMsg = "skipping test '%s' because " % title
|
||||
debugMsg += "the parsed error message(s) showed "
|
||||
debugMsg += "that the back-end DBMS could be "
|
||||
debugMsg += "%s" % format.getErrorParsedDBMSes()
|
||||
debugMsg += "%s" % Format.getErrorParsedDBMSes()
|
||||
logger.debug(debugMsg)
|
||||
|
||||
continue
|
||||
|
@ -350,7 +350,7 @@ def checkSqlInjection(place, parameter, value):
|
|||
|
||||
# Force back-end DBMS according to the current
|
||||
# test value for proper payload unescaping
|
||||
backend.forceDbms(dbms)
|
||||
Backend.forceDbms(dbms)
|
||||
|
||||
# Skip test if the user provided custom column
|
||||
# range and this is not a custom UNION test
|
||||
|
@ -362,7 +362,7 @@ def checkSqlInjection(place, parameter, value):
|
|||
|
||||
configUnion(test.request.char, test.request.columns)
|
||||
|
||||
if not backend.getIdentifiedDbms():
|
||||
if not Backend.getIdentifiedDbms():
|
||||
warnMsg = "using unescaped version of the test "
|
||||
warnMsg += "because of zero knowledge of the "
|
||||
warnMsg += "back-end DBMS"
|
||||
|
@ -382,7 +382,7 @@ def checkSqlInjection(place, parameter, value):
|
|||
where = vector[6]
|
||||
|
||||
# Reset forced back-end DBMS value
|
||||
backend.flushForcedDbms()
|
||||
Backend.flushForcedDbms()
|
||||
|
||||
# If the injection test was successful feed the injection
|
||||
# object with the test's details
|
||||
|
@ -421,11 +421,11 @@ def checkSqlInjection(place, parameter, value):
|
|||
if hasattr(test, "details"):
|
||||
for dKey, dValue in test.details.items():
|
||||
if dKey == "dbms":
|
||||
injection.dbms = backend.setDbms(dValue)
|
||||
injection.dbms = Backend.setDbms(dValue)
|
||||
elif dKey == "dbms_version" and injection.dbms_version is None:
|
||||
injection.dbms_version = backend.setVersion(dValue)
|
||||
injection.dbms_version = Backend.setVersion(dValue)
|
||||
elif dKey == "os" and injection.os is None:
|
||||
injection.os = backend.setOs(dValue)
|
||||
injection.os = Backend.setOs(dValue)
|
||||
|
||||
if conf.beep or conf.realTest:
|
||||
beep()
|
||||
|
@ -488,7 +488,7 @@ def heuristicCheckSqlInjection(place, parameter):
|
|||
infoMsg += "parameter '%s' might " % parameter
|
||||
|
||||
if result:
|
||||
infoMsg += "be injectable (possible DBMS: %s)" % (format.getErrorParsedDBMSes() or UNKNOWN_DBMS_VERSION)
|
||||
infoMsg += "be injectable (possible DBMS: %s)" % (Format.getErrorParsedDBMSes() or UNKNOWN_DBMS_VERSION)
|
||||
logger.info(infoMsg)
|
||||
else:
|
||||
infoMsg += "not be injectable"
|
||||
|
|
|
@ -7,7 +7,7 @@ Copyright (c) 2006-2010 sqlmap developers (http://sqlmap.sourceforge.net/)
|
|||
See the file 'doc/COPYING' for copying permission
|
||||
"""
|
||||
|
||||
from lib.core.common import backend
|
||||
from lib.core.common import Backend
|
||||
from lib.core.common import popValue
|
||||
from lib.core.common import pushValue
|
||||
from lib.core.data import conf
|
||||
|
@ -63,11 +63,11 @@ def setHandler():
|
|||
( SYBASE_ALIASES, SybaseMap, SybaseConn ),
|
||||
]
|
||||
|
||||
if backend.getIdentifiedDbms() is not None:
|
||||
if Backend.getIdentifiedDbms() is not None:
|
||||
for i in xrange(len(dbmsObj)):
|
||||
dbmsAliases, _, _ = dbmsObj[i]
|
||||
|
||||
if backend.getIdentifiedDbms().lower() in dbmsAliases:
|
||||
if Backend.getIdentifiedDbms().lower() in dbmsAliases:
|
||||
if i > 0:
|
||||
pushValue(dbmsObj[i])
|
||||
dbmsObj.remove(dbmsObj[i])
|
||||
|
@ -102,4 +102,4 @@ def setHandler():
|
|||
|
||||
# At this point back-end DBMS is correctly fingerprinted, no need
|
||||
# to enforce it anymore
|
||||
backend.flushForcedDbms()
|
||||
Backend.flushForcedDbms()
|
||||
|
|
|
@ -11,7 +11,7 @@ import re
|
|||
|
||||
from xml.etree import ElementTree as ET
|
||||
|
||||
from lib.core.common import backend
|
||||
from lib.core.common import Backend
|
||||
from lib.core.common import getCompiledRegex
|
||||
from lib.core.common import isDBMSVersionAtLeast
|
||||
from lib.core.common import isTechniqueAvailable
|
||||
|
@ -222,8 +222,8 @@ class Agent:
|
|||
payload = payload.replace("[ORIGVALUE]", origvalue)
|
||||
|
||||
if "[INFERENCE]" in payload:
|
||||
if backend.getIdentifiedDbms() is not None:
|
||||
inference = queries[backend.getIdentifiedDbms()].inference
|
||||
if Backend.getIdentifiedDbms() is not None:
|
||||
inference = queries[Backend.getIdentifiedDbms()].inference
|
||||
|
||||
if "dbms_version" in inference:
|
||||
if isDBMSVersionAtLeast(inference.dbms_version):
|
||||
|
@ -281,17 +281,17 @@ class Agent:
|
|||
|
||||
# SQLite version 2 does not support neither CAST() nor IFNULL(),
|
||||
# introduced only in SQLite version 3
|
||||
if backend.getIdentifiedDbms() == DBMS.SQLITE:
|
||||
if Backend.getIdentifiedDbms() == DBMS.SQLITE:
|
||||
return field
|
||||
|
||||
if field.startswith("(CASE"):
|
||||
nulledCastedField = field
|
||||
else:
|
||||
nulledCastedField = queries[backend.getIdentifiedDbms()].cast.query % field
|
||||
if backend.getIdentifiedDbms() == DBMS.ACCESS:
|
||||
nulledCastedField = queries[backend.getIdentifiedDbms()].isnull.query % (nulledCastedField, nulledCastedField)
|
||||
nulledCastedField = queries[Backend.getIdentifiedDbms()].cast.query % field
|
||||
if Backend.getIdentifiedDbms() == DBMS.ACCESS:
|
||||
nulledCastedField = queries[Backend.getIdentifiedDbms()].isnull.query % (nulledCastedField, nulledCastedField)
|
||||
else:
|
||||
nulledCastedField = queries[backend.getIdentifiedDbms()].isnull.query % nulledCastedField
|
||||
nulledCastedField = queries[Backend.getIdentifiedDbms()].isnull.query % nulledCastedField
|
||||
|
||||
return nulledCastedField
|
||||
|
||||
|
@ -325,7 +325,7 @@ class Agent:
|
|||
@rtype: C{str}
|
||||
"""
|
||||
|
||||
if not backend.getDbms():
|
||||
if not Backend.getDbms():
|
||||
return fields
|
||||
|
||||
if fields.startswith("(CASE"):
|
||||
|
@ -333,7 +333,7 @@ class Agent:
|
|||
else:
|
||||
fields = fields.replace(", ", ",")
|
||||
fieldsSplitted = fields.split(",")
|
||||
dbmsDelimiter = queries[backend.getIdentifiedDbms()].delimiter.query
|
||||
dbmsDelimiter = queries[Backend.getIdentifiedDbms()].delimiter.query
|
||||
nulledCastedFields = []
|
||||
|
||||
for field in fieldsSplitted:
|
||||
|
@ -396,13 +396,13 @@ class Agent:
|
|||
def simpleConcatQuery(self, query1, query2):
|
||||
concatenatedQuery = ""
|
||||
|
||||
if backend.getIdentifiedDbms() == DBMS.MYSQL:
|
||||
if Backend.getIdentifiedDbms() == DBMS.MYSQL:
|
||||
concatenatedQuery = "CONCAT(%s,%s)" % (query1, query2)
|
||||
|
||||
elif backend.getIdentifiedDbms() in (DBMS.PGSQL, DBMS.ORACLE, DBMS.SQLITE):
|
||||
elif Backend.getIdentifiedDbms() in (DBMS.PGSQL, DBMS.ORACLE, DBMS.SQLITE):
|
||||
concatenatedQuery = "%s||%s" % (query1, query2)
|
||||
|
||||
elif backend.getIdentifiedDbms() in (DBMS.MSSQL, DBMS.SYBASE):
|
||||
elif Backend.getIdentifiedDbms() in (DBMS.MSSQL, DBMS.SYBASE):
|
||||
concatenatedQuery = "%s+%s" % (query1, query2)
|
||||
|
||||
return concatenatedQuery
|
||||
|
@ -444,7 +444,7 @@ class Agent:
|
|||
concatenatedQuery = query
|
||||
fieldsSelectFrom, fieldsSelect, fieldsNoSelect, fieldsSelectTop, fieldsSelectCase, _, fieldsToCastStr, fieldsExists = self.getFields(query)
|
||||
|
||||
if backend.getIdentifiedDbms() == DBMS.MYSQL:
|
||||
if Backend.getIdentifiedDbms() == DBMS.MYSQL:
|
||||
if fieldsExists:
|
||||
concatenatedQuery = concatenatedQuery.replace("SELECT ", "CONCAT('%s'," % kb.misc.start, 1)
|
||||
concatenatedQuery += ",'%s')" % kb.misc.stop
|
||||
|
@ -460,7 +460,7 @@ class Agent:
|
|||
elif fieldsNoSelect:
|
||||
concatenatedQuery = "CONCAT('%s',%s,'%s')" % (kb.misc.start, concatenatedQuery, kb.misc.stop)
|
||||
|
||||
elif backend.getIdentifiedDbms() in (DBMS.PGSQL, DBMS.ORACLE, DBMS.SQLITE):
|
||||
elif Backend.getIdentifiedDbms() in (DBMS.PGSQL, DBMS.ORACLE, DBMS.SQLITE):
|
||||
if fieldsExists:
|
||||
concatenatedQuery = concatenatedQuery.replace("SELECT ", "'%s'||" % kb.misc.start, 1)
|
||||
concatenatedQuery += "||'%s'" % kb.misc.stop
|
||||
|
@ -476,7 +476,7 @@ class Agent:
|
|||
elif fieldsNoSelect:
|
||||
concatenatedQuery = "'%s'||%s||'%s'" % (kb.misc.start, concatenatedQuery, kb.misc.stop)
|
||||
|
||||
elif backend.getIdentifiedDbms() in (DBMS.MSSQL, DBMS.SYBASE):
|
||||
elif Backend.getIdentifiedDbms() in (DBMS.MSSQL, DBMS.SYBASE):
|
||||
if fieldsExists:
|
||||
concatenatedQuery = concatenatedQuery.replace("SELECT ", "'%s'+" % kb.misc.start, 1)
|
||||
concatenatedQuery += "+'%s'" % kb.misc.stop
|
||||
|
@ -545,8 +545,8 @@ class Agent:
|
|||
intoRegExp = intoRegExp.group(1)
|
||||
query = query[:query.index(intoRegExp)]
|
||||
|
||||
if backend.getIdentifiedDbms() in FROM_TABLE and inbandQuery.endswith(FROM_TABLE[backend.getIdentifiedDbms()]):
|
||||
inbandQuery = inbandQuery[:-len(FROM_TABLE[backend.getIdentifiedDbms()])]
|
||||
if Backend.getIdentifiedDbms() in FROM_TABLE and inbandQuery.endswith(FROM_TABLE[Backend.getIdentifiedDbms()]):
|
||||
inbandQuery = inbandQuery[:-len(FROM_TABLE[Backend.getIdentifiedDbms()])]
|
||||
|
||||
for element in range(0, count):
|
||||
if element > 0:
|
||||
|
@ -565,9 +565,9 @@ class Agent:
|
|||
conditionIndex = query.index(" FROM ")
|
||||
inbandQuery += query[conditionIndex:]
|
||||
|
||||
if backend.getIdentifiedDbms() in FROM_TABLE:
|
||||
if Backend.getIdentifiedDbms() in FROM_TABLE:
|
||||
if " FROM " not in inbandQuery or "(CASE " in inbandQuery:
|
||||
inbandQuery += FROM_TABLE[backend.getIdentifiedDbms()]
|
||||
inbandQuery += FROM_TABLE[Backend.getIdentifiedDbms()]
|
||||
|
||||
if intoRegExp:
|
||||
inbandQuery += intoRegExp
|
||||
|
@ -584,8 +584,8 @@ class Agent:
|
|||
else:
|
||||
inbandQuery += char
|
||||
|
||||
if backend.getIdentifiedDbms() in FROM_TABLE:
|
||||
inbandQuery += FROM_TABLE[backend.getIdentifiedDbms()]
|
||||
if Backend.getIdentifiedDbms() in FROM_TABLE:
|
||||
inbandQuery += FROM_TABLE[Backend.getIdentifiedDbms()]
|
||||
|
||||
inbandQuery = self.suffixQuery(inbandQuery, comment, suffix)
|
||||
|
||||
|
@ -614,21 +614,21 @@ class Agent:
|
|||
"""
|
||||
|
||||
limitedQuery = query
|
||||
limitStr = queries[backend.getIdentifiedDbms()].limit.query
|
||||
limitStr = queries[Backend.getIdentifiedDbms()].limit.query
|
||||
fromIndex = limitedQuery.index(" FROM ")
|
||||
untilFrom = limitedQuery[:fromIndex]
|
||||
fromFrom = limitedQuery[fromIndex+1:]
|
||||
orderBy = False
|
||||
|
||||
if backend.getIdentifiedDbms() in (DBMS.MYSQL, DBMS.PGSQL, DBMS.SQLITE):
|
||||
limitStr = queries[backend.getIdentifiedDbms()].limit.query % (num, 1)
|
||||
if Backend.getIdentifiedDbms() in (DBMS.MYSQL, DBMS.PGSQL, DBMS.SQLITE):
|
||||
limitStr = queries[Backend.getIdentifiedDbms()].limit.query % (num, 1)
|
||||
limitedQuery += " %s" % limitStr
|
||||
|
||||
elif backend.getIdentifiedDbms() == DBMS.FIREBIRD:
|
||||
limitStr = queries[backend.getIdentifiedDbms()].limit.query % (num+1, num+1)
|
||||
elif Backend.getIdentifiedDbms() == DBMS.FIREBIRD:
|
||||
limitStr = queries[Backend.getIdentifiedDbms()].limit.query % (num+1, num+1)
|
||||
limitedQuery += " %s" % limitStr
|
||||
|
||||
elif backend.getIdentifiedDbms() == DBMS.ORACLE:
|
||||
elif Backend.getIdentifiedDbms() == DBMS.ORACLE:
|
||||
if " ORDER BY " in limitedQuery and "(SELECT " in limitedQuery:
|
||||
orderBy = limitedQuery[limitedQuery.index(" ORDER BY "):]
|
||||
limitedQuery = limitedQuery[:limitedQuery.index(" ORDER BY ")]
|
||||
|
@ -640,7 +640,7 @@ class Agent:
|
|||
limitedQuery = limitedQuery % fromFrom
|
||||
limitedQuery += "=%d" % (num + 1)
|
||||
|
||||
elif backend.getIdentifiedDbms() in (DBMS.MSSQL, DBMS.SYBASE):
|
||||
elif Backend.getIdentifiedDbms() in (DBMS.MSSQL, DBMS.SYBASE):
|
||||
forgeNotIn = True
|
||||
|
||||
if " ORDER BY " in limitedQuery:
|
||||
|
@ -654,7 +654,7 @@ class Agent:
|
|||
limitedQuery = limitedQuery.replace("DISTINCT %s" % notDistinct, notDistinct)
|
||||
|
||||
if limitedQuery.startswith("SELECT TOP ") or limitedQuery.startswith("TOP "):
|
||||
topNums = re.search(queries[backend.getIdentifiedDbms()].limitregexp.query, limitedQuery, re.I)
|
||||
topNums = re.search(queries[Backend.getIdentifiedDbms()].limitregexp.query, limitedQuery, re.I)
|
||||
|
||||
if topNums:
|
||||
topNums = topNums.groups()
|
||||
|
@ -700,8 +700,8 @@ class Agent:
|
|||
@rtype: C{str}
|
||||
"""
|
||||
|
||||
if backend.getIdentifiedDbms() is not None and hasattr(queries[backend.getIdentifiedDbms()], "case"):
|
||||
return queries[backend.getIdentifiedDbms()].case.query % expression
|
||||
if Backend.getIdentifiedDbms() is not None and hasattr(queries[Backend.getIdentifiedDbms()], "case"):
|
||||
return queries[Backend.getIdentifiedDbms()].case.query % expression
|
||||
else:
|
||||
return expression
|
||||
|
||||
|
|
|
@ -127,6 +127,279 @@ class DynamicContentItem:
|
|||
self.lineContentBefore = lineContentBefore
|
||||
self.lineContentAfter = lineContentAfter
|
||||
|
||||
class Format:
|
||||
@staticmethod
|
||||
def humanize(values, chain=" or "):
|
||||
strJoin = "|".join([v for v in values])
|
||||
|
||||
return strJoin.replace("|", chain)
|
||||
|
||||
# Get methods
|
||||
@staticmethod
|
||||
def getDbms(versions=None):
|
||||
"""
|
||||
Format the back-end DBMS fingerprint value and return its
|
||||
values formatted as a human readable string.
|
||||
|
||||
@return: detected back-end DBMS based upon fingerprint techniques.
|
||||
@rtype: C{str}
|
||||
"""
|
||||
|
||||
if versions is None and Backend.getVersionList():
|
||||
versions = Backend.getVersionList()
|
||||
|
||||
if versions is None:
|
||||
return Backend.getDbms()
|
||||
else:
|
||||
return "%s %s" % (Backend.getDbms(), " and ".join([v for v in versions]))
|
||||
|
||||
@staticmethod
|
||||
def getErrorParsedDBMSes():
|
||||
"""
|
||||
Parses the knowledge base htmlFp list and return its values
|
||||
formatted as a human readable string.
|
||||
|
||||
@return: list of possible back-end DBMS based upon error messages
|
||||
parsing.
|
||||
@rtype: C{str}
|
||||
"""
|
||||
|
||||
htmlParsed = ""
|
||||
|
||||
if len(kb.htmlFp) == 0:
|
||||
return None
|
||||
elif len(kb.htmlFp) == 1:
|
||||
htmlParsed = kb.htmlFp[0]
|
||||
elif len(kb.htmlFp) > 1:
|
||||
htmlParsed = " or ".join([htmlFp for htmlFp in kb.htmlFp])
|
||||
|
||||
return htmlParsed
|
||||
|
||||
@staticmethod
|
||||
def getOs(target, info):
|
||||
"""
|
||||
Formats the back-end operating system fingerprint value
|
||||
and return its values formatted as a human readable string.
|
||||
|
||||
Example of info (kb.headersFp) dictionary:
|
||||
|
||||
{
|
||||
'distrib': set(['Ubuntu']),
|
||||
'type': set(['Linux']),
|
||||
'technology': set(['PHP 5.2.6', 'Apache 2.2.9']),
|
||||
'release': set(['8.10'])
|
||||
}
|
||||
|
||||
Example of info (kb.bannerFp) dictionary:
|
||||
|
||||
{
|
||||
'sp': set(['Service Pack 4']),
|
||||
'dbmsVersion': '8.00.194',
|
||||
'dbmsServicePack': '0',
|
||||
'distrib': set(['2000']),
|
||||
'dbmsRelease': '2000',
|
||||
'type': set(['Windows'])
|
||||
}
|
||||
|
||||
@return: detected back-end operating system based upon fingerprint
|
||||
techniques.
|
||||
@rtype: C{str}
|
||||
"""
|
||||
|
||||
infoStr = ""
|
||||
|
||||
if info and "type" in info:
|
||||
infoStr += "%s operating system: %s" % (target, Format.humanize(info["type"]))
|
||||
|
||||
if "distrib" in info:
|
||||
infoStr += " %s" % Format.humanize(info["distrib"])
|
||||
|
||||
if "release" in info:
|
||||
infoStr += " %s" % Format.humanize(info["release"])
|
||||
|
||||
if "sp" in info:
|
||||
infoStr += " %s" % Format.humanize(info["sp"])
|
||||
|
||||
if "codename" in info:
|
||||
infoStr += " (%s)" % Format.humanize(info["codename"])
|
||||
|
||||
if "technology" in info:
|
||||
infoStr += "\nweb application technology: %s" % Format.humanize(info["technology"], ", ")
|
||||
|
||||
return infoStr
|
||||
|
||||
class Backend:
|
||||
# Set methods
|
||||
@staticmethod
|
||||
def setDbms(dbms):
|
||||
dbms = aliasToDbmsEnum(dbms)
|
||||
|
||||
if dbms is None:
|
||||
return None
|
||||
|
||||
# Little precaution, in theory this condition should always be false
|
||||
elif kb.dbms is not None and kb.dbms != dbms:
|
||||
msg = "sqlmap previously fingerprinted back-end DBMS "
|
||||
msg += "%s. However now it has been fingerprinted " % kb.dbms
|
||||
msg += "to be %s. " % dbms
|
||||
msg += "Please, specify which DBMS is "
|
||||
msg += "correct [%s (default)/%s] " % (kb.dbms, dbms)
|
||||
|
||||
while True:
|
||||
inp = readInput(msg, default=kb.dbms)
|
||||
|
||||
if aliasToDbmsEnum(inp) == kb.dbms:
|
||||
break
|
||||
elif aliasToDbmsEnum(inp) == dbms:
|
||||
kb.dbms = aliasToDbmsEnum(inp)
|
||||
break
|
||||
else:
|
||||
warnMsg = "invalid value"
|
||||
logger.warn(warnMsg)
|
||||
|
||||
elif kb.dbms is None:
|
||||
kb.dbms = aliasToDbmsEnum(dbms)
|
||||
|
||||
return kb.dbms
|
||||
|
||||
@staticmethod
|
||||
def setVersion(version):
|
||||
if isinstance(version, basestring):
|
||||
kb.dbmsVersion = [ version ]
|
||||
|
||||
return kb.dbmsVersion
|
||||
|
||||
@staticmethod
|
||||
def setVersionList(versionsList):
|
||||
if isinstance(versionsList, list):
|
||||
kb.dbmsVersion = versionsList
|
||||
elif isinstance(version, basestring):
|
||||
Backend.setVersion(versionsList)
|
||||
else:
|
||||
logger.error("invalid format of versionsList")
|
||||
|
||||
@staticmethod
|
||||
def forceDbms(dbms):
|
||||
kb.misc.forcedDbms = aliasToDbmsEnum(dbms)
|
||||
|
||||
@staticmethod
|
||||
def flushForcedDbms():
|
||||
kb.misc.forcedDbms = None
|
||||
|
||||
@staticmethod
|
||||
def setOs(os):
|
||||
if os is None:
|
||||
return None
|
||||
|
||||
# Little precaution, in theory this condition should always be false
|
||||
elif kb.os is not None and kb.os != os:
|
||||
msg = "sqlmap previously fingerprinted back-end DBMS "
|
||||
msg += "operating system %s. However now it has " % kb.os
|
||||
msg += "been fingerprinted to be %s. " % os
|
||||
msg += "Please, specify which OS is "
|
||||
msg += "correct [%s (default)/%s] " % (kb.os, os)
|
||||
|
||||
while True:
|
||||
inp = readInput(msg, default=kb.os)
|
||||
|
||||
if inp == kb.os:
|
||||
break
|
||||
elif inp == os:
|
||||
kb.os = inp
|
||||
break
|
||||
else:
|
||||
warnMsg = "invalid value"
|
||||
logger.warn(warnMsg)
|
||||
|
||||
elif kb.os is None:
|
||||
kb.os = os
|
||||
|
||||
return kb.os
|
||||
|
||||
# Get methods
|
||||
@staticmethod
|
||||
def getForcedDbms():
|
||||
return aliasToDbmsEnum(kb.misc.forcedDbms)
|
||||
|
||||
@staticmethod
|
||||
def getDbms():
|
||||
return aliasToDbmsEnum(kb.dbms)
|
||||
|
||||
@staticmethod
|
||||
def getErrorParsedDBMSes():
|
||||
"""
|
||||
Returns array with parsed DBMS names till now
|
||||
|
||||
This functions is called to:
|
||||
|
||||
1. Sort the tests, getSortedInjectionTests() - detection phase.
|
||||
2. Ask user whether or not skip specific DBMS tests in detection phase,
|
||||
lib/controller/checks.py - detection phase.
|
||||
3. Sort the fingerprint of the DBMS, lib/controller/handler.py -
|
||||
fingerprint phase.
|
||||
"""
|
||||
|
||||
return kb.htmlFp
|
||||
|
||||
@staticmethod
|
||||
def getIdentifiedDbms():
|
||||
dbms = None
|
||||
|
||||
if Backend.getForcedDbms() is not None:
|
||||
dbms = Backend.getForcedDbms()
|
||||
elif Backend.getDbms() is not None:
|
||||
dbms = kb.dbms
|
||||
elif conf.dbms is not None:
|
||||
dbms = conf.dbms
|
||||
elif len(Backend.getErrorParsedDBMSes()) > 0:
|
||||
dbms = Backend.getErrorParsedDBMSes()[0]
|
||||
|
||||
return aliasToDbmsEnum(dbms)
|
||||
|
||||
@staticmethod
|
||||
def getVersion():
|
||||
if len(kb.dbmsVersion) > 0:
|
||||
return kb.dbmsVersion[0]
|
||||
else:
|
||||
return None
|
||||
|
||||
@staticmethod
|
||||
def getVersionList():
|
||||
if len(kb.dbmsVersion) > 0:
|
||||
return kb.dbmsVersion
|
||||
else:
|
||||
return None
|
||||
|
||||
# Comparison methods
|
||||
@staticmethod
|
||||
def isDbms(dbms):
|
||||
return Backend.getDbms() is not None and Backend.getDbms() == aliasToDbmsEnum(dbms)
|
||||
|
||||
@staticmethod
|
||||
def isDbmsWithin(aliases):
|
||||
return Backend.getDbms() is not None and Backend.getDbms().lower() in aliases
|
||||
|
||||
@staticmethod
|
||||
def isVersion(version):
|
||||
return Backend.getVersion() is not None and Backend.getVersion() == version
|
||||
|
||||
@staticmethod
|
||||
def isVersionWithin(versionList):
|
||||
if Backend.getVersionList() is None:
|
||||
return False
|
||||
|
||||
for dbmsVersion in Backend.getVersionList():
|
||||
if dbmsVersion == UNKNOWN_DBMS_VERSION:
|
||||
continue
|
||||
elif dbmsVersion in versionList:
|
||||
return True
|
||||
|
||||
return False
|
||||
|
||||
@staticmethod
|
||||
def isVersionGreaterOrEqualThan(version):
|
||||
return Backend.getVersion() is not None and str(Backend.getVersion()) >= str(version)
|
||||
|
||||
def paramToDict(place, parameters=None):
|
||||
"""
|
||||
Split the parameters into names and values, check if these parameters
|
||||
|
@ -512,14 +785,14 @@ def parsePasswordHash(password):
|
|||
if not password or password == " ":
|
||||
password = "NULL"
|
||||
|
||||
if backend.getIdentifiedDbms() == DBMS.MSSQL and password != "NULL" and isHexEncodedString(password):
|
||||
if Backend.getIdentifiedDbms() == DBMS.MSSQL and password != "NULL" and isHexEncodedString(password):
|
||||
hexPassword = password
|
||||
password = "%s\n" % hexPassword
|
||||
password += "%sheader: %s\n" % (blank, hexPassword[:6])
|
||||
password += "%ssalt: %s\n" % (blank, hexPassword[6:14])
|
||||
password += "%smixedcase: %s\n" % (blank, hexPassword[14:54])
|
||||
|
||||
if not backend.isVersionWithin(("2005", "2008")):
|
||||
if not Backend.isVersionWithin(("2005", "2008")):
|
||||
password += "%suppercase: %s" % (blank, hexPassword[54:])
|
||||
|
||||
return password
|
||||
|
@ -817,25 +1090,25 @@ def parseUnionPage(output, expression, partial=False, condition=None, sort=True)
|
|||
def getDelayQuery(andCond=False):
|
||||
query = None
|
||||
|
||||
if backend.getIdentifiedDbms() in (DBMS.MYSQL, DBMS.PGSQL):
|
||||
if Backend.getIdentifiedDbms() in (DBMS.MYSQL, DBMS.PGSQL):
|
||||
if not kb.data.banner:
|
||||
conf.dbmsHandler.getVersionFromBanner()
|
||||
|
||||
banVer = kb.bannerFp["dbmsVersion"] if 'dbmsVersion' in kb.bannerFp else None
|
||||
|
||||
if banVer is None or (backend.getIdentifiedDbms() == DBMS.MYSQL and banVer >= "5.0.12") or (backend.getIdentifiedDbms() == DBMS.PGSQL and banVer >= "8.2"):
|
||||
query = queries[backend.getIdentifiedDbms()].timedelay.query % conf.timeSec
|
||||
if banVer is None or (Backend.getIdentifiedDbms() == DBMS.MYSQL and banVer >= "5.0.12") or (Backend.getIdentifiedDbms() == DBMS.PGSQL and banVer >= "8.2"):
|
||||
query = queries[Backend.getIdentifiedDbms()].timedelay.query % conf.timeSec
|
||||
else:
|
||||
query = queries[backend.getIdentifiedDbms()].timedelay.query2 % conf.timeSec
|
||||
elif backend.getIdentifiedDbms() == DBMS.FIREBIRD:
|
||||
query = queries[backend.getIdentifiedDbms()].timedelay.query
|
||||
query = queries[Backend.getIdentifiedDbms()].timedelay.query2 % conf.timeSec
|
||||
elif Backend.getIdentifiedDbms() == DBMS.FIREBIRD:
|
||||
query = queries[Backend.getIdentifiedDbms()].timedelay.query
|
||||
else:
|
||||
query = queries[backend.getIdentifiedDbms()].timedelay.query % conf.timeSec
|
||||
query = queries[Backend.getIdentifiedDbms()].timedelay.query % conf.timeSec
|
||||
|
||||
if andCond:
|
||||
if backend.getIdentifiedDbms() in ( DBMS.MYSQL, DBMS.SQLITE ):
|
||||
if Backend.getIdentifiedDbms() in ( DBMS.MYSQL, DBMS.SQLITE ):
|
||||
query = query.replace("SELECT ", "")
|
||||
elif backend.getIdentifiedDbms() == DBMS.FIREBIRD:
|
||||
elif Backend.getIdentifiedDbms() == DBMS.FIREBIRD:
|
||||
query = "(%s)>0" % query
|
||||
|
||||
return query
|
||||
|
@ -1791,8 +2064,8 @@ def isDBMSVersionAtLeast(version):
|
|||
|
||||
retVal = None
|
||||
|
||||
if backend.getVersion() and backend.getVersion() != UNKNOWN_DBMS_VERSION:
|
||||
value = backend.getVersion().replace(" ", "").rstrip('.')
|
||||
if Backend.getVersion() and Backend.getVersion() != UNKNOWN_DBMS_VERSION:
|
||||
value = Backend.getVersion().replace(" ", "").rstrip('.')
|
||||
|
||||
while True:
|
||||
index = value.find('.', value.find('.') + 1)
|
||||
|
@ -1910,14 +2183,14 @@ def getSortedInjectionTests():
|
|||
retVal = SORTORDER.LAST
|
||||
|
||||
elif 'details' in test and 'dbms' in test.details:
|
||||
if test.details.dbms in backend.getErrorParsedDBMSes():
|
||||
if test.details.dbms in Backend.getErrorParsedDBMSes():
|
||||
retVal = SORTORDER.SECOND
|
||||
else:
|
||||
retVal = SORTORDER.THIRD
|
||||
|
||||
return retVal
|
||||
|
||||
if backend.getErrorParsedDBMSes():
|
||||
if Backend.getErrorParsedDBMSes():
|
||||
retVal = sorted(retVal, key=priorityFunction)
|
||||
|
||||
return retVal
|
||||
|
@ -1955,279 +2228,6 @@ def unicodeToSafeHTMLValue(value):
|
|||
|
||||
return retVal
|
||||
|
||||
class format:
|
||||
@staticmethod
|
||||
def humanize(values, chain=" or "):
|
||||
strJoin = "|".join([v for v in values])
|
||||
|
||||
return strJoin.replace("|", chain)
|
||||
|
||||
# Get methods
|
||||
@staticmethod
|
||||
def getDbms(versions=None):
|
||||
"""
|
||||
Format the back-end DBMS fingerprint value and return its
|
||||
values formatted as a human readable string.
|
||||
|
||||
@return: detected back-end DBMS based upon fingerprint techniques.
|
||||
@rtype: C{str}
|
||||
"""
|
||||
|
||||
if versions is None and backend.getVersionList():
|
||||
versions = backend.getVersionList()
|
||||
|
||||
if versions is None:
|
||||
return backend.getDbms()
|
||||
else:
|
||||
return "%s %s" % (backend.getDbms(), " and ".join([v for v in versions]))
|
||||
|
||||
@staticmethod
|
||||
def getErrorParsedDBMSes():
|
||||
"""
|
||||
Parses the knowledge base htmlFp list and return its values
|
||||
formatted as a human readable string.
|
||||
|
||||
@return: list of possible back-end DBMS based upon error messages
|
||||
parsing.
|
||||
@rtype: C{str}
|
||||
"""
|
||||
|
||||
htmlParsed = ""
|
||||
|
||||
if len(kb.htmlFp) == 0:
|
||||
return None
|
||||
elif len(kb.htmlFp) == 1:
|
||||
htmlParsed = kb.htmlFp[0]
|
||||
elif len(kb.htmlFp) > 1:
|
||||
htmlParsed = " or ".join([htmlFp for htmlFp in kb.htmlFp])
|
||||
|
||||
return htmlParsed
|
||||
|
||||
@staticmethod
|
||||
def getOs(target, info):
|
||||
"""
|
||||
Formats the back-end operating system fingerprint value
|
||||
and return its values formatted as a human readable string.
|
||||
|
||||
Example of info (kb.headersFp) dictionary:
|
||||
|
||||
{
|
||||
'distrib': set(['Ubuntu']),
|
||||
'type': set(['Linux']),
|
||||
'technology': set(['PHP 5.2.6', 'Apache 2.2.9']),
|
||||
'release': set(['8.10'])
|
||||
}
|
||||
|
||||
Example of info (kb.bannerFp) dictionary:
|
||||
|
||||
{
|
||||
'sp': set(['Service Pack 4']),
|
||||
'dbmsVersion': '8.00.194',
|
||||
'dbmsServicePack': '0',
|
||||
'distrib': set(['2000']),
|
||||
'dbmsRelease': '2000',
|
||||
'type': set(['Windows'])
|
||||
}
|
||||
|
||||
@return: detected back-end operating system based upon fingerprint
|
||||
techniques.
|
||||
@rtype: C{str}
|
||||
"""
|
||||
|
||||
infoStr = ""
|
||||
|
||||
if info and "type" in info:
|
||||
infoStr += "%s operating system: %s" % (target, format.humanize(info["type"]))
|
||||
|
||||
if "distrib" in info:
|
||||
infoStr += " %s" % format.humanize(info["distrib"])
|
||||
|
||||
if "release" in info:
|
||||
infoStr += " %s" % format.humanize(info["release"])
|
||||
|
||||
if "sp" in info:
|
||||
infoStr += " %s" % format.humanize(info["sp"])
|
||||
|
||||
if "codename" in info:
|
||||
infoStr += " (%s)" % format.humanize(info["codename"])
|
||||
|
||||
if "technology" in info:
|
||||
infoStr += "\nweb application technology: %s" % format.humanize(info["technology"], ", ")
|
||||
|
||||
return infoStr
|
||||
|
||||
class backend:
|
||||
# Set methods
|
||||
@staticmethod
|
||||
def setDbms(dbms):
|
||||
dbms = aliasToDbmsEnum(dbms)
|
||||
|
||||
if dbms is None:
|
||||
return None
|
||||
|
||||
# Little precaution, in theory this condition should always be false
|
||||
elif kb.dbms is not None and kb.dbms != dbms:
|
||||
msg = "sqlmap previously fingerprinted back-end DBMS "
|
||||
msg += "%s. However now it has been fingerprinted " % kb.dbms
|
||||
msg += "to be %s. " % dbms
|
||||
msg += "Please, specify which DBMS is "
|
||||
msg += "correct [%s (default)/%s] " % (kb.dbms, dbms)
|
||||
|
||||
while True:
|
||||
inp = readInput(msg, default=kb.dbms)
|
||||
|
||||
if aliasToDbmsEnum(inp) == kb.dbms:
|
||||
break
|
||||
elif aliasToDbmsEnum(inp) == dbms:
|
||||
kb.dbms = aliasToDbmsEnum(inp)
|
||||
break
|
||||
else:
|
||||
warnMsg = "invalid value"
|
||||
logger.warn(warnMsg)
|
||||
|
||||
elif kb.dbms is None:
|
||||
kb.dbms = aliasToDbmsEnum(dbms)
|
||||
|
||||
return kb.dbms
|
||||
|
||||
@staticmethod
|
||||
def setVersion(version):
|
||||
if isinstance(version, basestring):
|
||||
kb.dbmsVersion = [ version ]
|
||||
|
||||
return kb.dbmsVersion
|
||||
|
||||
@staticmethod
|
||||
def setVersionList(versionsList):
|
||||
if isinstance(versionsList, list):
|
||||
kb.dbmsVersion = versionsList
|
||||
elif isinstance(version, basestring):
|
||||
backend.setVersion(versionsList)
|
||||
else:
|
||||
logger.error("invalid format of versionsList")
|
||||
|
||||
@staticmethod
|
||||
def forceDbms(dbms):
|
||||
kb.misc.forcedDbms = aliasToDbmsEnum(dbms)
|
||||
|
||||
@staticmethod
|
||||
def flushForcedDbms():
|
||||
kb.misc.forcedDbms = None
|
||||
|
||||
@staticmethod
|
||||
def setOs(os):
|
||||
if os is None:
|
||||
return None
|
||||
|
||||
# Little precaution, in theory this condition should always be false
|
||||
elif kb.os is not None and kb.os != os:
|
||||
msg = "sqlmap previously fingerprinted back-end DBMS "
|
||||
msg += "operating system %s. However now it has " % kb.os
|
||||
msg += "been fingerprinted to be %s. " % os
|
||||
msg += "Please, specify which OS is "
|
||||
msg += "correct [%s (default)/%s] " % (kb.os, os)
|
||||
|
||||
while True:
|
||||
inp = readInput(msg, default=kb.os)
|
||||
|
||||
if inp == kb.os:
|
||||
break
|
||||
elif inp == os:
|
||||
kb.os = inp
|
||||
break
|
||||
else:
|
||||
warnMsg = "invalid value"
|
||||
logger.warn(warnMsg)
|
||||
|
||||
elif kb.os is None:
|
||||
kb.os = os
|
||||
|
||||
return kb.os
|
||||
|
||||
# Get methods
|
||||
@staticmethod
|
||||
def getForcedDbms():
|
||||
return aliasToDbmsEnum(kb.misc.forcedDbms)
|
||||
|
||||
@staticmethod
|
||||
def getDbms():
|
||||
return aliasToDbmsEnum(kb.dbms)
|
||||
|
||||
@staticmethod
|
||||
def getErrorParsedDBMSes():
|
||||
"""
|
||||
Returns array with parsed DBMS names till now
|
||||
|
||||
This functions is called to:
|
||||
|
||||
1. Sort the tests, getSortedInjectionTests() - detection phase.
|
||||
2. Ask user whether or not skip specific DBMS tests in detection phase,
|
||||
lib/controller/checks.py - detection phase.
|
||||
3. Sort the fingerprint of the DBMS, lib/controller/handler.py -
|
||||
fingerprint phase.
|
||||
"""
|
||||
|
||||
return kb.htmlFp
|
||||
|
||||
@staticmethod
|
||||
def getIdentifiedDbms():
|
||||
dbms = None
|
||||
|
||||
if backend.getForcedDbms() is not None:
|
||||
dbms = backend.getForcedDbms()
|
||||
elif backend.getDbms() is not None:
|
||||
dbms = kb.dbms
|
||||
elif conf.dbms is not None:
|
||||
dbms = conf.dbms
|
||||
elif len(backend.getErrorParsedDBMSes()) > 0:
|
||||
dbms = backend.getErrorParsedDBMSes()[0]
|
||||
|
||||
return aliasToDbmsEnum(dbms)
|
||||
|
||||
@staticmethod
|
||||
def getVersion():
|
||||
if len(kb.dbmsVersion) > 0:
|
||||
return kb.dbmsVersion[0]
|
||||
else:
|
||||
return None
|
||||
|
||||
@staticmethod
|
||||
def getVersionList():
|
||||
if len(kb.dbmsVersion) > 0:
|
||||
return kb.dbmsVersion
|
||||
else:
|
||||
return None
|
||||
|
||||
# Comparison methods
|
||||
@staticmethod
|
||||
def isDbms(dbms):
|
||||
return backend.getDbms() is not None and backend.getDbms() == aliasToDbmsEnum(dbms)
|
||||
|
||||
@staticmethod
|
||||
def isDbmsWithin(aliases):
|
||||
return backend.getDbms() is not None and backend.getDbms().lower() in aliases
|
||||
|
||||
@staticmethod
|
||||
def isVersion(version):
|
||||
return backend.getVersion() is not None and backend.getVersion() == version
|
||||
|
||||
@staticmethod
|
||||
def isVersionWithin(versionList):
|
||||
if backend.getVersionList() is None:
|
||||
return False
|
||||
|
||||
for dbmsVersion in backend.getVersionList():
|
||||
if dbmsVersion == UNKNOWN_DBMS_VERSION:
|
||||
continue
|
||||
elif dbmsVersion in versionList:
|
||||
return True
|
||||
|
||||
return False
|
||||
|
||||
@staticmethod
|
||||
def isVersionGreaterOrEqualThan(version):
|
||||
return backend.getVersion() is not None and str(backend.getVersion()) >= str(version)
|
||||
|
||||
def showHttpErrorCodes():
|
||||
"""
|
||||
Shows all HTTP error codes raised till now
|
||||
|
|
|
@ -24,7 +24,7 @@ from extra.clientform.clientform import ParseResponse
|
|||
from extra.keepalive import keepalive
|
||||
from extra.xmlobject import xmlobject
|
||||
from lib.controller.checks import checkConnection
|
||||
from lib.core.common import backend
|
||||
from lib.core.common import Backend
|
||||
from lib.core.common import extractRegexResult
|
||||
from lib.core.common import getConsoleWidth
|
||||
from lib.core.common import getFileItems
|
||||
|
@ -595,7 +595,7 @@ def __setDBMS():
|
|||
dbmsRegExp = re.search("%s ([\d\.]+)" % firstRegExp, conf.dbms, re.I)
|
||||
|
||||
if dbmsRegExp:
|
||||
backend.setVersion(str(dbmsRegExp.group(2)))
|
||||
Backend.setVersion(str(dbmsRegExp.group(2)))
|
||||
|
||||
if conf.dbms not in SUPPORTED_DBMS:
|
||||
errMsg = "you provided an unsupported back-end database management "
|
||||
|
@ -1255,7 +1255,7 @@ def __setKnowledgeBaseAttributes(flushAll=True):
|
|||
def __saveCmdline():
|
||||
"""
|
||||
Saves the command line options on a sqlmap configuration INI file
|
||||
format.
|
||||
Format.
|
||||
"""
|
||||
|
||||
if not conf.saveCmdline:
|
||||
|
|
|
@ -9,8 +9,8 @@ See the file 'doc/COPYING' for copying permission
|
|||
|
||||
import re
|
||||
|
||||
from lib.core.common import backend
|
||||
from lib.core.common import format
|
||||
from lib.core.common import Backend
|
||||
from lib.core.common import Format
|
||||
from lib.core.common import dataToSessionFile
|
||||
from lib.core.common import getFilteredPageContent
|
||||
from lib.core.common import readInput
|
||||
|
@ -91,9 +91,9 @@ def setDbms(dbms):
|
|||
if dbmsRegExp:
|
||||
dbms = dbmsRegExp.group(1)
|
||||
|
||||
backend.setDbms(dbms)
|
||||
Backend.setDbms(dbms)
|
||||
|
||||
logger.info("the back-end DBMS is %s" % backend.getDbms())
|
||||
logger.info("the back-end DBMS is %s" % Backend.getDbms())
|
||||
|
||||
def setOs():
|
||||
"""
|
||||
|
@ -120,15 +120,15 @@ def setOs():
|
|||
return
|
||||
|
||||
if "type" in kb.bannerFp:
|
||||
kb.os = format.humanize(kb.bannerFp["type"])
|
||||
kb.os = Format.humanize(kb.bannerFp["type"])
|
||||
infoMsg = "the back-end DBMS operating system is %s" % kb.os
|
||||
|
||||
if "distrib" in kb.bannerFp:
|
||||
kb.osVersion = format.humanize(kb.bannerFp["distrib"])
|
||||
kb.osVersion = Format.humanize(kb.bannerFp["distrib"])
|
||||
infoMsg += " %s" % kb.osVersion
|
||||
|
||||
if "sp" in kb.bannerFp:
|
||||
kb.osSP = int(format.humanize(kb.bannerFp["sp"]).replace("Service Pack ", ""))
|
||||
kb.osSP = int(Format.humanize(kb.bannerFp["sp"]).replace("Service Pack ", ""))
|
||||
|
||||
elif "sp" not in kb.bannerFp and kb.os == "Windows":
|
||||
kb.osSP = 0
|
||||
|
@ -195,11 +195,11 @@ def resumeConfKb(expression, url, value):
|
|||
test = readInput(message, default="N")
|
||||
|
||||
if not test or test[0] in ("n", "N"):
|
||||
backend.setDbms(dbms)
|
||||
backend.setVersionList(dbmsVersion)
|
||||
Backend.setDbms(dbms)
|
||||
Backend.setVersionList(dbmsVersion)
|
||||
else:
|
||||
backend.setDbms(dbms)
|
||||
backend.setVersionList(dbmsVersion)
|
||||
Backend.setDbms(dbms)
|
||||
Backend.setVersionList(dbmsVersion)
|
||||
|
||||
elif expression == "OS" and url == conf.url:
|
||||
os = unSafeFormatString(value[:-1])
|
||||
|
@ -236,7 +236,7 @@ def resumeConfKb(expression, url, value):
|
|||
if '.' in table:
|
||||
db, table = table.split('.')
|
||||
else:
|
||||
db = "%s%s" % (backend.getIdentifiedDbms(), METADB_SUFFIX)
|
||||
db = "%s%s" % (Backend.getIdentifiedDbms(), METADB_SUFFIX)
|
||||
|
||||
logMsg = "resuming brute forced table name "
|
||||
logMsg += "'%s' from session file" % table
|
||||
|
@ -251,7 +251,7 @@ def resumeConfKb(expression, url, value):
|
|||
if '.' in table:
|
||||
db, table = table.split('.')
|
||||
else:
|
||||
db = "%s%s" % (backend.getIdentifiedDbms(), METADB_SUFFIX)
|
||||
db = "%s%s" % (Backend.getIdentifiedDbms(), METADB_SUFFIX)
|
||||
|
||||
logMsg = "resuming brute forced column name "
|
||||
logMsg += "'%s' for table '%s' from session file" % (colName, table)
|
||||
|
|
|
@ -12,7 +12,7 @@ import os
|
|||
import rlcompleter
|
||||
|
||||
from lib.core import readlineng as readline
|
||||
from lib.core.common import backend
|
||||
from lib.core.common import Backend
|
||||
from lib.core.data import kb
|
||||
from lib.core.data import logger
|
||||
from lib.core.data import paths
|
||||
|
@ -35,7 +35,7 @@ def loadHistory():
|
|||
def queriesForAutoCompletion():
|
||||
autoComplQueries = {}
|
||||
|
||||
for item in queries[backend.getIdentifiedDbms()]._toflat():
|
||||
for item in queries[Backend.getIdentifiedDbms()]._toflat():
|
||||
if item._has_key('query') and len(item.query) > 1 and item._name != 'blind':
|
||||
autoComplQueries[item.query] = None
|
||||
|
||||
|
|
|
@ -7,12 +7,12 @@ Copyright (c) 2006-2010 sqlmap developers (http://sqlmap.sourceforge.net/)
|
|||
See the file 'doc/COPYING' for copying permission
|
||||
"""
|
||||
|
||||
from lib.core.common import backend
|
||||
from lib.core.common import Backend
|
||||
from lib.core.datatype import advancedDict
|
||||
|
||||
class Unescaper(advancedDict):
|
||||
def unescape(self, expression, quote=True, dbms=None):
|
||||
identifiedDbms = backend.getIdentifiedDbms()
|
||||
identifiedDbms = Backend.getIdentifiedDbms()
|
||||
|
||||
if not expression:
|
||||
return expression
|
||||
|
|
|
@ -76,7 +76,7 @@ ENTITIES = {'"':'"',"'":"'"}
|
|||
|
||||
class XMLDump:
|
||||
'''
|
||||
This class purpose is to dump the data into an xml format.
|
||||
This class purpose is to dump the data into an xml Format.
|
||||
The format of the xml file is described in the scheme file xml/sqlmap.xsd
|
||||
'''
|
||||
|
||||
|
@ -118,7 +118,7 @@ class XMLDump:
|
|||
def __createTextNode(self,data):
|
||||
'''
|
||||
Creates a text node with utf8 data inside.
|
||||
The text is escaped to an fit the xml text format.
|
||||
The text is escaped to an fit the xml text Format.
|
||||
'''
|
||||
if data is None :
|
||||
return self.__doc.createTextNode(u'')
|
||||
|
@ -129,7 +129,7 @@ class XMLDump:
|
|||
def __createAttribute(self,attrName,attrValue):
|
||||
'''
|
||||
Creates an attribute node with utf8 data inside.
|
||||
The text is escaped to an fit the xml text format.
|
||||
The text is escaped to an fit the xml text Format.
|
||||
'''
|
||||
attr = self.__doc.createAttribute(attrName)
|
||||
if attrValue is None :
|
||||
|
|
|
@ -13,7 +13,7 @@ from xml.sax.handler import ContentHandler
|
|||
|
||||
from lib.core.common import checkFile
|
||||
from lib.core.common import getCompiledRegex
|
||||
from lib.core.common import backend
|
||||
from lib.core.common import Backend
|
||||
from lib.core.common import parseXmlFile
|
||||
from lib.core.common import sanitizeStr
|
||||
from lib.core.data import kb
|
||||
|
@ -97,13 +97,13 @@ def bannerParser(banner):
|
|||
|
||||
xmlfile = None
|
||||
|
||||
if backend.getIdentifiedDbms() == DBMS.MSSQL:
|
||||
if Backend.getIdentifiedDbms() == DBMS.MSSQL:
|
||||
xmlfile = paths.MSSQL_XML
|
||||
elif backend.getIdentifiedDbms() == DBMS.MYSQL:
|
||||
elif Backend.getIdentifiedDbms() == DBMS.MYSQL:
|
||||
xmlfile = paths.MYSQL_XML
|
||||
elif backend.getIdentifiedDbms() == DBMS.ORACLE:
|
||||
elif Backend.getIdentifiedDbms() == DBMS.ORACLE:
|
||||
xmlfile = paths.ORACLE_XML
|
||||
elif backend.getIdentifiedDbms() == DBMS.PGSQL:
|
||||
elif Backend.getIdentifiedDbms() == DBMS.PGSQL:
|
||||
xmlfile = paths.PGSQL_XML
|
||||
|
||||
if not xmlfile:
|
||||
|
@ -111,7 +111,7 @@ def bannerParser(banner):
|
|||
|
||||
checkFile(xmlfile)
|
||||
|
||||
if backend.getIdentifiedDbms() == DBMS.MSSQL:
|
||||
if Backend.getIdentifiedDbms() == DBMS.MSSQL:
|
||||
handler = MSSQLBannerHandler(banner, kb.bannerFp)
|
||||
parseXmlFile(xmlfile, handler)
|
||||
|
||||
|
|
|
@ -9,7 +9,7 @@ See the file 'doc/COPYING' for copying permission
|
|||
|
||||
from lib.core.agent import agent
|
||||
from lib.core.common import dataToSessionFile
|
||||
from lib.core.common import backend
|
||||
from lib.core.common import Backend
|
||||
from lib.core.common import getUnicode
|
||||
from lib.core.convert import base64pickle
|
||||
from lib.core.convert import base64unpickle
|
||||
|
@ -26,7 +26,7 @@ def direct(query, content=True):
|
|||
select = True
|
||||
query = agent.payloadDirect(query)
|
||||
|
||||
if backend.getIdentifiedDbms() == DBMS.ORACLE and query.startswith("SELECT ") and " FROM " not in query:
|
||||
if Backend.getIdentifiedDbms() == DBMS.ORACLE and query.startswith("SELECT ") and " FROM " not in query:
|
||||
query = "%s FROM DUAL" % query
|
||||
|
||||
for sqlTitle, sqlStatements in SQL_STATEMENTS.items():
|
||||
|
|
|
@ -11,7 +11,7 @@ import re
|
|||
import time
|
||||
|
||||
from lib.core.agent import agent
|
||||
from lib.core.common import backend
|
||||
from lib.core.common import Backend
|
||||
from lib.core.common import calculateDeltaSeconds
|
||||
from lib.core.common import cleanQuery
|
||||
from lib.core.common import dataToSessionFile
|
||||
|
@ -54,7 +54,7 @@ def __goInference(payload, expression, charsetType=None, firstChar=None, lastCha
|
|||
|
||||
timeBasedCompare = (kb.technique in (PAYLOAD.TECHNIQUE.TIME, PAYLOAD.TECHNIQUE.STACKED))
|
||||
|
||||
if (conf.eta or conf.threads > 1) and backend.getIdentifiedDbms() and not timeBasedCompare:
|
||||
if (conf.eta or conf.threads > 1) and Backend.getIdentifiedDbms() and not timeBasedCompare:
|
||||
_, length, _ = queryOutputLength(expression, payload)
|
||||
else:
|
||||
length = None
|
||||
|
@ -140,7 +140,7 @@ def __goInferenceProxy(expression, fromUser=False, expected=None, batch=False, r
|
|||
_, _, _, _, _, expressionFieldsList, expressionFields, _ = agent.getFields(expression)
|
||||
|
||||
rdbRegExp = re.search("RDB\$GET_CONTEXT\([^)]+\)", expression, re.I)
|
||||
if rdbRegExp and backend.getIdentifiedDbms() == DBMS.FIREBIRD:
|
||||
if rdbRegExp and Backend.getIdentifiedDbms() == DBMS.FIREBIRD:
|
||||
expressionFieldsList = [expressionFields]
|
||||
|
||||
if len(expressionFieldsList) > 1:
|
||||
|
@ -155,14 +155,14 @@ def __goInferenceProxy(expression, fromUser=False, expected=None, batch=False, r
|
|||
# forge the SQL limiting the query output one entry per time
|
||||
# NOTE: I assume that only queries that get data from a table
|
||||
# can return multiple entries
|
||||
if fromUser and " FROM " in expression.upper() and ((backend.getIdentifiedDbms() not in FROM_TABLE) or (backend.getIdentifiedDbms() in FROM_TABLE and not expression.upper().endswith(FROM_TABLE[backend.getIdentifiedDbms()]))):
|
||||
limitRegExp = re.search(queries[backend.getIdentifiedDbms()].limitregexp.query, expression, re.I)
|
||||
if fromUser and " FROM " in expression.upper() and ((Backend.getIdentifiedDbms() not in FROM_TABLE) or (Backend.getIdentifiedDbms() in FROM_TABLE and not expression.upper().endswith(FROM_TABLE[Backend.getIdentifiedDbms()]))):
|
||||
limitRegExp = re.search(queries[Backend.getIdentifiedDbms()].limitregexp.query, expression, re.I)
|
||||
topLimit = re.search("TOP\s+([\d]+)\s+", expression, re.I)
|
||||
|
||||
if limitRegExp or (backend.getIdentifiedDbms() in (DBMS.MSSQL, DBMS.SYBASE) and topLimit):
|
||||
if backend.getIdentifiedDbms() in (DBMS.MYSQL, DBMS.PGSQL):
|
||||
limitGroupStart = queries[backend.getIdentifiedDbms()].limitgroupstart.query
|
||||
limitGroupStop = queries[backend.getIdentifiedDbms()].limitgroupstop.query
|
||||
if limitRegExp or (Backend.getIdentifiedDbms() in (DBMS.MSSQL, DBMS.SYBASE) and topLimit):
|
||||
if Backend.getIdentifiedDbms() in (DBMS.MYSQL, DBMS.PGSQL):
|
||||
limitGroupStart = queries[Backend.getIdentifiedDbms()].limitgroupstart.query
|
||||
limitGroupStop = queries[Backend.getIdentifiedDbms()].limitgroupstop.query
|
||||
|
||||
if limitGroupStart.isdigit():
|
||||
startLimit = int(limitRegExp.group(int(limitGroupStart)))
|
||||
|
@ -170,10 +170,10 @@ def __goInferenceProxy(expression, fromUser=False, expected=None, batch=False, r
|
|||
stopLimit = limitRegExp.group(int(limitGroupStop))
|
||||
limitCond = int(stopLimit) > 1
|
||||
|
||||
elif backend.getIdentifiedDbms() in (DBMS.MSSQL, DBMS.SYBASE):
|
||||
elif Backend.getIdentifiedDbms() in (DBMS.MSSQL, DBMS.SYBASE):
|
||||
if limitRegExp:
|
||||
limitGroupStart = queries[backend.getIdentifiedDbms()].limitgroupstart.query
|
||||
limitGroupStop = queries[backend.getIdentifiedDbms()].limitgroupstop.query
|
||||
limitGroupStart = queries[Backend.getIdentifiedDbms()].limitgroupstart.query
|
||||
limitGroupStop = queries[Backend.getIdentifiedDbms()].limitgroupstop.query
|
||||
|
||||
if limitGroupStart.isdigit():
|
||||
startLimit = int(limitRegExp.group(int(limitGroupStart)))
|
||||
|
@ -185,7 +185,7 @@ def __goInferenceProxy(expression, fromUser=False, expected=None, batch=False, r
|
|||
stopLimit = int(topLimit.group(1))
|
||||
limitCond = int(stopLimit) > 1
|
||||
|
||||
elif backend.getIdentifiedDbms() == DBMS.ORACLE:
|
||||
elif Backend.getIdentifiedDbms() == DBMS.ORACLE:
|
||||
limitCond = False
|
||||
else:
|
||||
limitCond = True
|
||||
|
@ -199,23 +199,23 @@ def __goInferenceProxy(expression, fromUser=False, expected=None, batch=False, r
|
|||
|
||||
# From now on we need only the expression until the " LIMIT "
|
||||
# (or similar, depending on the back-end DBMS) word
|
||||
if backend.getIdentifiedDbms() in (DBMS.MYSQL, DBMS.PGSQL):
|
||||
if Backend.getIdentifiedDbms() in (DBMS.MYSQL, DBMS.PGSQL):
|
||||
stopLimit += startLimit
|
||||
untilLimitChar = expression.index(queries[backend.getIdentifiedDbms()].limitstring.query)
|
||||
untilLimitChar = expression.index(queries[Backend.getIdentifiedDbms()].limitstring.query)
|
||||
expression = expression[:untilLimitChar]
|
||||
|
||||
elif backend.getIdentifiedDbms() in (DBMS.MSSQL, DBMS.SYBASE):
|
||||
elif Backend.getIdentifiedDbms() in (DBMS.MSSQL, DBMS.SYBASE):
|
||||
stopLimit += startLimit
|
||||
|
||||
if not stopLimit or stopLimit <= 1:
|
||||
if backend.getIdentifiedDbms() in FROM_TABLE and expression.upper().endswith(FROM_TABLE[backend.getIdentifiedDbms()]):
|
||||
if Backend.getIdentifiedDbms() in FROM_TABLE and expression.upper().endswith(FROM_TABLE[Backend.getIdentifiedDbms()]):
|
||||
test = False
|
||||
else:
|
||||
test = True
|
||||
|
||||
if test:
|
||||
# Count the number of SQL query entries output
|
||||
countFirstField = queries[backend.getIdentifiedDbms()].count.query % expressionFieldsList[0]
|
||||
countFirstField = queries[Backend.getIdentifiedDbms()].count.query % expressionFieldsList[0]
|
||||
countedExpression = expression.replace(expressionFields, countFirstField, 1)
|
||||
|
||||
if re.search(" ORDER BY ", expression, re.I):
|
||||
|
@ -309,8 +309,8 @@ def __goInferenceProxy(expression, fromUser=False, expected=None, batch=False, r
|
|||
|
||||
return outputs
|
||||
|
||||
elif backend.getIdentifiedDbms() in FROM_TABLE and expression.upper().startswith("SELECT ") and " FROM " not in expression.upper():
|
||||
expression += FROM_TABLE[backend.getIdentifiedDbms()]
|
||||
elif Backend.getIdentifiedDbms() in FROM_TABLE and expression.upper().startswith("SELECT ") and " FROM " not in expression.upper():
|
||||
expression += FROM_TABLE[Backend.getIdentifiedDbms()]
|
||||
|
||||
outputs = __goInferenceFields(expression, expressionFields, expressionFieldsList, payload, expected, resumeValue=resumeValue, charsetType=charsetType, firstChar=firstChar, lastChar=lastChar)
|
||||
returnValue = ", ".join([output for output in outputs])
|
||||
|
@ -492,7 +492,7 @@ def goStacked(expression, silent=False):
|
|||
if conf.direct:
|
||||
return direct(expression), None
|
||||
|
||||
comment = queries[backend.getIdentifiedDbms()].comment.query
|
||||
comment = queries[Backend.getIdentifiedDbms()].comment.query
|
||||
query = agent.prefixQuery("; %s" % expression)
|
||||
query = agent.suffixQuery("%s;%s" % (query, comment))
|
||||
payload = agent.payload(newValue=query)
|
||||
|
|
|
@ -8,7 +8,7 @@ See the file 'doc/COPYING' for copying permission
|
|||
"""
|
||||
|
||||
from lib.core.common import dataToStdout
|
||||
from lib.core.common import backend
|
||||
from lib.core.common import Backend
|
||||
from lib.core.common import isTechniqueAvailable
|
||||
from lib.core.common import readInput
|
||||
from lib.core.data import conf
|
||||
|
@ -41,10 +41,10 @@ class Abstraction(Web, UDF, xp_cmdshell):
|
|||
if self.webBackdoorUrl and not isTechniqueAvailable(PAYLOAD.TECHNIQUE.STACKED):
|
||||
self.webBackdoorRunCmd(cmd)
|
||||
|
||||
elif backend.getIdentifiedDbms() in ( DBMS.MYSQL, DBMS.PGSQL ):
|
||||
elif Backend.getIdentifiedDbms() in ( DBMS.MYSQL, DBMS.PGSQL ):
|
||||
self.udfExecCmd(cmd, silent=silent)
|
||||
|
||||
elif backend.getIdentifiedDbms() == DBMS.MSSQL:
|
||||
elif Backend.getIdentifiedDbms() == DBMS.MSSQL:
|
||||
self.xpCmdshellExecCmd(cmd, silent=silent)
|
||||
|
||||
else:
|
||||
|
@ -55,10 +55,10 @@ class Abstraction(Web, UDF, xp_cmdshell):
|
|||
if self.webBackdoorUrl and not isTechniqueAvailable(PAYLOAD.TECHNIQUE.STACKED):
|
||||
return self.webBackdoorRunCmd(cmd)
|
||||
|
||||
elif backend.getIdentifiedDbms() in ( DBMS.MYSQL, DBMS.PGSQL ):
|
||||
elif Backend.getIdentifiedDbms() in ( DBMS.MYSQL, DBMS.PGSQL ):
|
||||
return self.udfEvalCmd(cmd, first, last)
|
||||
|
||||
elif backend.getIdentifiedDbms() == DBMS.MSSQL:
|
||||
elif Backend.getIdentifiedDbms() == DBMS.MSSQL:
|
||||
return self.xpCmdshellEvalCmd(cmd, first, last)
|
||||
|
||||
else:
|
||||
|
@ -93,13 +93,13 @@ class Abstraction(Web, UDF, xp_cmdshell):
|
|||
logger.info(infoMsg)
|
||||
|
||||
else:
|
||||
if backend.getIdentifiedDbms() in ( DBMS.MYSQL, DBMS.PGSQL ):
|
||||
if Backend.getIdentifiedDbms() in ( DBMS.MYSQL, DBMS.PGSQL ):
|
||||
infoMsg = "going to use injected sys_eval and sys_exec "
|
||||
infoMsg += "user-defined functions for operating system "
|
||||
infoMsg += "command execution"
|
||||
logger.info(infoMsg)
|
||||
|
||||
elif backend.getIdentifiedDbms() == DBMS.MSSQL:
|
||||
elif Backend.getIdentifiedDbms() == DBMS.MSSQL:
|
||||
infoMsg = "going to use xp_cmdshell extended procedure for "
|
||||
infoMsg += "operating system command execution"
|
||||
logger.info(infoMsg)
|
||||
|
@ -151,9 +151,9 @@ class Abstraction(Web, UDF, xp_cmdshell):
|
|||
warnMsg += "the session user is not a database administrator"
|
||||
logger.warn(warnMsg)
|
||||
|
||||
if backend.getIdentifiedDbms() in ( DBMS.MYSQL, DBMS.PGSQL ):
|
||||
if Backend.getIdentifiedDbms() in ( DBMS.MYSQL, DBMS.PGSQL ):
|
||||
self.udfInjectSys()
|
||||
elif backend.getIdentifiedDbms() == DBMS.MSSQL:
|
||||
elif Backend.getIdentifiedDbms() == DBMS.MSSQL:
|
||||
if mandatory:
|
||||
self.xpCmdshellInit()
|
||||
else:
|
||||
|
|
|
@ -19,7 +19,7 @@ from subprocess import PIPE
|
|||
from subprocess import Popen as execute
|
||||
|
||||
from lib.core.common import dataToStdout
|
||||
from lib.core.common import backend
|
||||
from lib.core.common import Backend
|
||||
from lib.core.common import getLocalIP
|
||||
from lib.core.common import getRemoteIP
|
||||
from lib.core.common import getUnicode
|
||||
|
@ -187,13 +187,13 @@ class Metasploit:
|
|||
if __payloadStr == "windows/vncinject":
|
||||
choose = False
|
||||
|
||||
if backend.getIdentifiedDbms() == DBMS.MYSQL:
|
||||
if Backend.getIdentifiedDbms() == DBMS.MYSQL:
|
||||
debugMsg = "by default MySQL on Windows runs as SYSTEM "
|
||||
debugMsg += "user, it is likely that the the VNC "
|
||||
debugMsg += "injection will be successful"
|
||||
logger.debug(debugMsg)
|
||||
|
||||
elif backend.getIdentifiedDbms() == DBMS.PGSQL:
|
||||
elif Backend.getIdentifiedDbms() == DBMS.PGSQL:
|
||||
choose = True
|
||||
|
||||
warnMsg = "by default PostgreSQL on Windows runs as "
|
||||
|
@ -201,12 +201,12 @@ class Metasploit:
|
|||
warnMsg += "injection will be successful"
|
||||
logger.warn(warnMsg)
|
||||
|
||||
elif backend.getIdentifiedDbms() == DBMS.MSSQL and backend.isVersionWithin(("2005", "2008")):
|
||||
elif Backend.getIdentifiedDbms() == DBMS.MSSQL and Backend.isVersionWithin(("2005", "2008")):
|
||||
choose = True
|
||||
|
||||
warnMsg = "it is unlikely that the VNC injection will be "
|
||||
warnMsg += "successful because usually Microsoft SQL Server "
|
||||
warnMsg += "%s runs as Network Service " % backend.getVersion()
|
||||
warnMsg += "%s runs as Network Service " % Backend.getVersion()
|
||||
warnMsg += "or the Administrator is not logged in"
|
||||
logger.warn(warnMsg)
|
||||
|
||||
|
@ -230,12 +230,12 @@ class Metasploit:
|
|||
break
|
||||
|
||||
elif choice == "1":
|
||||
if backend.getIdentifiedDbms() == DBMS.PGSQL:
|
||||
if Backend.getIdentifiedDbms() == DBMS.PGSQL:
|
||||
logger.warn("beware that the VNC injection might not work")
|
||||
|
||||
break
|
||||
|
||||
elif backend.getIdentifiedDbms() == DBMS.MSSQL and backend.isVersionWithin(("2005", "2008")):
|
||||
elif Backend.getIdentifiedDbms() == DBMS.MSSQL and Backend.isVersionWithin(("2005", "2008")):
|
||||
break
|
||||
|
||||
elif not choice.isdigit():
|
||||
|
@ -555,7 +555,7 @@ class Metasploit:
|
|||
# This is useful for sqlmap because on PostgreSQL it is not
|
||||
# possible to write files bigger than 8192 bytes abusing the
|
||||
# lo_export() feature implemented in sqlmap.
|
||||
if backend.getIdentifiedDbms() == DBMS.PGSQL:
|
||||
if Backend.getIdentifiedDbms() == DBMS.PGSQL:
|
||||
self.__fileFormat = "exe-small"
|
||||
else:
|
||||
self.__fileFormat = "exe"
|
||||
|
@ -657,7 +657,7 @@ class Metasploit:
|
|||
self.__forgeMsfConsoleResource()
|
||||
self.__forgeMsfConsoleCmd()
|
||||
|
||||
if backend.getIdentifiedDbms() in ( DBMS.MYSQL, DBMS.PGSQL ):
|
||||
if Backend.getIdentifiedDbms() in ( DBMS.MYSQL, DBMS.PGSQL ):
|
||||
self.uncPath = "\\\\\\\\%s\\\\%s" % (self.lhostStr, self.__randFile)
|
||||
else:
|
||||
self.uncPath = "\\\\%s\\%s" % (self.lhostStr, self.__randFile)
|
||||
|
|
|
@ -11,7 +11,7 @@ import os
|
|||
|
||||
from lib.core.agent import agent
|
||||
from lib.core.common import dataToStdout
|
||||
from lib.core.common import backend
|
||||
from lib.core.common import Backend
|
||||
from lib.core.common import isTechniqueAvailable
|
||||
from lib.core.common import readInput
|
||||
from lib.core.data import conf
|
||||
|
@ -51,7 +51,7 @@ class UDF:
|
|||
def __checkExistUdf(self, udf):
|
||||
logger.info("checking if UDF '%s' already exist" % udf)
|
||||
|
||||
query = agent.forgeCaseStatement(queries[backend.getIdentifiedDbms()].check_udf.query % (udf, udf))
|
||||
query = agent.forgeCaseStatement(queries[Backend.getIdentifiedDbms()].check_udf.query % (udf, udf))
|
||||
exists = inject.getValue(query, resumeValue=False, unpack=False, charsetType=2)
|
||||
|
||||
if exists == "1":
|
||||
|
@ -104,7 +104,7 @@ class UDF:
|
|||
return output
|
||||
|
||||
def udfCheckNeeded(self):
|
||||
if ( not conf.rFile or ( conf.rFile and backend.getIdentifiedDbms() != DBMS.PGSQL ) ) and "sys_fileread" in self.sysUdfs:
|
||||
if ( not conf.rFile or ( conf.rFile and Backend.getIdentifiedDbms() != DBMS.PGSQL ) ) and "sys_fileread" in self.sysUdfs:
|
||||
self.sysUdfs.pop("sys_fileread")
|
||||
|
||||
if not conf.osPwn:
|
||||
|
@ -143,9 +143,9 @@ class UDF:
|
|||
if udf in self.udfToCreate and udf not in self.createdUdf:
|
||||
self.udfCreateFromSharedLib(udf, inpRet)
|
||||
|
||||
if backend.getIdentifiedDbms() == DBMS.MYSQL:
|
||||
if Backend.getIdentifiedDbms() == DBMS.MYSQL:
|
||||
supportTblType = "longtext"
|
||||
elif backend.getIdentifiedDbms() == DBMS.PGSQL:
|
||||
elif Backend.getIdentifiedDbms() == DBMS.PGSQL:
|
||||
supportTblType = "text"
|
||||
|
||||
self.udfCreateSupportTbl(supportTblType)
|
||||
|
@ -156,8 +156,8 @@ class UDF:
|
|||
self.udfInjectCore(self.sysUdfs)
|
||||
|
||||
def udfInjectCustom(self):
|
||||
if backend.getIdentifiedDbms() not in ( DBMS.MYSQL, DBMS.PGSQL ):
|
||||
errMsg = "UDF injection feature is not yet implemented on %s" % backend.getIdentifiedDbms()
|
||||
if Backend.getIdentifiedDbms() not in ( DBMS.MYSQL, DBMS.PGSQL ):
|
||||
errMsg = "UDF injection feature is not yet implemented on %s" % Backend.getIdentifiedDbms()
|
||||
raise sqlmapUnsupportedFeatureException(errMsg)
|
||||
|
||||
if not isTechniqueAvailable(PAYLOAD.TECHNIQUE.STACKED) and not conf.direct:
|
||||
|
@ -236,9 +236,9 @@ class UDF:
|
|||
else:
|
||||
logger.warn("you need to specify the name of the UDF")
|
||||
|
||||
if backend.getIdentifiedDbms() == DBMS.MYSQL:
|
||||
if Backend.getIdentifiedDbms() == DBMS.MYSQL:
|
||||
defaultType = "string"
|
||||
elif backend.getIdentifiedDbms() == DBMS.PGSQL:
|
||||
elif Backend.getIdentifiedDbms() == DBMS.PGSQL:
|
||||
defaultType = "text"
|
||||
|
||||
self.udfs[udfName]["input"] = []
|
||||
|
|
|
@ -7,7 +7,7 @@ Copyright (c) 2006-2010 sqlmap developers (http://sqlmap.sourceforge.net/)
|
|||
See the file 'doc/COPYING' for copying permission
|
||||
"""
|
||||
|
||||
from lib.core.common import backend
|
||||
from lib.core.common import Backend
|
||||
from lib.core.common import randomStr
|
||||
from lib.core.common import readInput
|
||||
from lib.core.common import wasLastRequestDelayed
|
||||
|
@ -30,7 +30,7 @@ class xp_cmdshell:
|
|||
def __xpCmdshellCreate(self):
|
||||
cmd = ""
|
||||
|
||||
if backend.isVersionWithin(("2005", "2008")):
|
||||
if Backend.isVersionWithin(("2005", "2008")):
|
||||
logger.debug("activating sp_OACreate")
|
||||
|
||||
cmd += "EXEC master..sp_configure 'show advanced options', 1; "
|
||||
|
@ -49,7 +49,7 @@ class xp_cmdshell:
|
|||
cmd += "EXEC sp_OADestroy @ID'; "
|
||||
cmd += "EXEC master..sp_executesql @%s;" % self.__randStr
|
||||
|
||||
if backend.isVersionWithin(("2005", "2008")):
|
||||
if Backend.isVersionWithin(("2005", "2008")):
|
||||
cmd += " RECONFIGURE WITH OVERRIDE;"
|
||||
|
||||
inject.goStacked(cmd)
|
||||
|
@ -81,7 +81,7 @@ class xp_cmdshell:
|
|||
return cmd
|
||||
|
||||
def __xpCmdshellConfigure(self, mode):
|
||||
if backend.isVersionWithin(("2005", "2008")):
|
||||
if Backend.isVersionWithin(("2005", "2008")):
|
||||
cmd = self.__xpCmdshellConfigure2005(mode)
|
||||
else:
|
||||
cmd = self.__xpCmdshellConfigure2000(mode)
|
||||
|
|
|
@ -12,7 +12,7 @@ import time
|
|||
import traceback
|
||||
|
||||
from lib.core.agent import agent
|
||||
from lib.core.common import backend
|
||||
from lib.core.common import Backend
|
||||
from lib.core.common import dataToSessionFile
|
||||
from lib.core.common import dataToStdout
|
||||
from lib.core.common import decodeIntToUnicode
|
||||
|
@ -75,7 +75,7 @@ def bisection(payload, expression, length=None, charsetType=None, firstChar=None
|
|||
elif ( isinstance(lastChar, basestring) and lastChar.isdigit() ) or isinstance(lastChar, int):
|
||||
lastChar = int(lastChar)
|
||||
|
||||
if backend.getDbms():
|
||||
if Backend.getDbms():
|
||||
_, _, _, _, _, _, fieldToCastStr, _ = agent.getFields(expression)
|
||||
nulledCastedField = agent.nullAndCastField(fieldToCastStr)
|
||||
expressionReplaced = expression.replace(fieldToCastStr, nulledCastedField, 1)
|
||||
|
@ -125,7 +125,7 @@ def bisection(payload, expression, length=None, charsetType=None, firstChar=None
|
|||
hintlock.release()
|
||||
|
||||
if hintValue is not None and len(hintValue) >= idx:
|
||||
if backend.getIdentifiedDbms() in (DBMS.SQLITE, DBMS.ACCESS, DBMS.MAXDB):
|
||||
if Backend.getIdentifiedDbms() in (DBMS.SQLITE, DBMS.ACCESS, DBMS.MAXDB):
|
||||
posValue = hintValue[idx-1]
|
||||
else:
|
||||
posValue = ord(hintValue[idx-1])
|
||||
|
@ -459,7 +459,7 @@ def bisection(payload, expression, length=None, charsetType=None, firstChar=None
|
|||
# check it via equal against the substring-query output
|
||||
if commonPattern is not None:
|
||||
# Substring-query containing equals commonPattern
|
||||
subquery = queries[backend.getIdentifiedDbms()].substring.query % (expressionUnescaped, 1, len(commonPattern))
|
||||
subquery = queries[Backend.getIdentifiedDbms()].substring.query % (expressionUnescaped, 1, len(commonPattern))
|
||||
testValue = unescaper.unescape("'%s'" % commonPattern) if "'" not in commonPattern else unescaper.unescape("%s" % commonPattern, quote=False)
|
||||
query = agent.prefixQuery(safeStringFormat("AND (%s) = %s", (subquery, testValue)))
|
||||
query = agent.suffixQuery(query)
|
||||
|
|
|
@ -15,7 +15,7 @@ from lib.core.common import dataToSessionFile
|
|||
from lib.core.common import dataToStdout
|
||||
from lib.core.common import filterListValue
|
||||
from lib.core.common import getFileItems
|
||||
from lib.core.common import backend
|
||||
from lib.core.common import Backend
|
||||
from lib.core.common import getPageTextWordsSet
|
||||
from lib.core.common import popValue
|
||||
from lib.core.common import pushValue
|
||||
|
@ -32,7 +32,7 @@ from lib.core.session import safeFormatString
|
|||
from lib.request import inject
|
||||
|
||||
def tableExists(tableFile, regex=None):
|
||||
tables = getFileItems(tableFile, lowercase=backend.getIdentifiedDbms() in (DBMS.ACCESS), unique=True)
|
||||
tables = getFileItems(tableFile, lowercase=Backend.getIdentifiedDbms() in (DBMS.ACCESS), unique=True)
|
||||
retVal = []
|
||||
|
||||
infoMsg = "checking table existence using items from '%s'" % tableFile
|
||||
|
|
|
@ -14,7 +14,7 @@ from lib.core.agent import agent
|
|||
from lib.core.common import calculateDeltaSeconds
|
||||
from lib.core.common import dataToSessionFile
|
||||
from lib.core.common import extractRegexResult
|
||||
from lib.core.common import backend
|
||||
from lib.core.common import Backend
|
||||
from lib.core.common import initTechnique
|
||||
from lib.core.common import isNumPosStrValue
|
||||
from lib.core.common import randomInt
|
||||
|
@ -40,7 +40,7 @@ def __oneShotErrorUse(expression, field):
|
|||
check = "%s(?P<result>.*?)%s" % (kb.misc.start, kb.misc.stop)
|
||||
nulledCastedField = agent.nullAndCastField(field)
|
||||
|
||||
if backend.getIdentifiedDbms() == DBMS.MYSQL:
|
||||
if Backend.getIdentifiedDbms() == DBMS.MYSQL:
|
||||
# Fix for MySQL odd behaviour ('Subquery returns more than 1 row')
|
||||
nulledCastedField = nulledCastedField.replace("AS CHAR)", "AS CHAR(100))")
|
||||
|
||||
|
@ -143,14 +143,14 @@ def errorUse(expression, expected=None, resumeValue=True, dump=False):
|
|||
# entry per time
|
||||
# NOTE: I assume that only queries that get data from a table can
|
||||
# return multiple entries
|
||||
if " FROM " in expression.upper() and ((backend.getIdentifiedDbms() not in FROM_TABLE) or (backend.getIdentifiedDbms() in FROM_TABLE and not expression.upper().endswith(FROM_TABLE[backend.getIdentifiedDbms()]))) and "EXISTS(" not in expression.upper():
|
||||
limitRegExp = re.search(queries[backend.getIdentifiedDbms()].limitregexp.query, expression, re.I)
|
||||
if " FROM " in expression.upper() and ((Backend.getIdentifiedDbms() not in FROM_TABLE) or (Backend.getIdentifiedDbms() in FROM_TABLE and not expression.upper().endswith(FROM_TABLE[Backend.getIdentifiedDbms()]))) and "EXISTS(" not in expression.upper():
|
||||
limitRegExp = re.search(queries[Backend.getIdentifiedDbms()].limitregexp.query, expression, re.I)
|
||||
topLimit = re.search("TOP\s+([\d]+)\s+", expression, re.I)
|
||||
|
||||
if limitRegExp or (backend.getIdentifiedDbms() in (DBMS.MSSQL, DBMS.SYBASE) and topLimit):
|
||||
if backend.getIdentifiedDbms() in (DBMS.MYSQL, DBMS.PGSQL):
|
||||
limitGroupStart = queries[backend.getIdentifiedDbms()].limitgroupstart.query
|
||||
limitGroupStop = queries[backend.getIdentifiedDbms()].limitgroupstop.query
|
||||
if limitRegExp or (Backend.getIdentifiedDbms() in (DBMS.MSSQL, DBMS.SYBASE) and topLimit):
|
||||
if Backend.getIdentifiedDbms() in (DBMS.MYSQL, DBMS.PGSQL):
|
||||
limitGroupStart = queries[Backend.getIdentifiedDbms()].limitgroupstart.query
|
||||
limitGroupStop = queries[Backend.getIdentifiedDbms()].limitgroupstop.query
|
||||
|
||||
if limitGroupStart.isdigit():
|
||||
startLimit = int(limitRegExp.group(int(limitGroupStart)))
|
||||
|
@ -158,10 +158,10 @@ def errorUse(expression, expected=None, resumeValue=True, dump=False):
|
|||
stopLimit = limitRegExp.group(int(limitGroupStop))
|
||||
limitCond = int(stopLimit) > 1
|
||||
|
||||
elif backend.getIdentifiedDbms() in (DBMS.MSSQL, DBMS.SYBASE):
|
||||
elif Backend.getIdentifiedDbms() in (DBMS.MSSQL, DBMS.SYBASE):
|
||||
if limitRegExp:
|
||||
limitGroupStart = queries[backend.getIdentifiedDbms()].limitgroupstart.query
|
||||
limitGroupStop = queries[backend.getIdentifiedDbms()].limitgroupstop.query
|
||||
limitGroupStart = queries[Backend.getIdentifiedDbms()].limitgroupstart.query
|
||||
limitGroupStop = queries[Backend.getIdentifiedDbms()].limitgroupstop.query
|
||||
|
||||
if limitGroupStart.isdigit():
|
||||
startLimit = int(limitRegExp.group(int(limitGroupStart)))
|
||||
|
@ -173,7 +173,7 @@ def errorUse(expression, expected=None, resumeValue=True, dump=False):
|
|||
stopLimit = int(topLimit.group(1))
|
||||
limitCond = int(stopLimit) > 1
|
||||
|
||||
elif backend.getIdentifiedDbms() == DBMS.ORACLE:
|
||||
elif Backend.getIdentifiedDbms() == DBMS.ORACLE:
|
||||
limitCond = False
|
||||
else:
|
||||
limitCond = True
|
||||
|
@ -187,12 +187,12 @@ def errorUse(expression, expected=None, resumeValue=True, dump=False):
|
|||
|
||||
# From now on we need only the expression until the " LIMIT "
|
||||
# (or similar, depending on the back-end DBMS) word
|
||||
if backend.getIdentifiedDbms() in (DBMS.MYSQL, DBMS.PGSQL):
|
||||
if Backend.getIdentifiedDbms() in (DBMS.MYSQL, DBMS.PGSQL):
|
||||
stopLimit += startLimit
|
||||
untilLimitChar = expression.index(queries[backend.getIdentifiedDbms()].limitstring.query)
|
||||
untilLimitChar = expression.index(queries[Backend.getIdentifiedDbms()].limitstring.query)
|
||||
expression = expression[:untilLimitChar]
|
||||
|
||||
elif backend.getIdentifiedDbms() in (DBMS.MSSQL, DBMS.SYBASE):
|
||||
elif Backend.getIdentifiedDbms() in (DBMS.MSSQL, DBMS.SYBASE):
|
||||
stopLimit += startLimit
|
||||
elif dump:
|
||||
if conf.limitStart:
|
||||
|
@ -201,14 +201,14 @@ def errorUse(expression, expected=None, resumeValue=True, dump=False):
|
|||
stopLimit = conf.limitStop
|
||||
|
||||
if not stopLimit or stopLimit <= 1:
|
||||
if backend.getIdentifiedDbms() in FROM_TABLE and expression.upper().endswith(FROM_TABLE[backend.getIdentifiedDbms()]):
|
||||
if Backend.getIdentifiedDbms() in FROM_TABLE and expression.upper().endswith(FROM_TABLE[Backend.getIdentifiedDbms()]):
|
||||
test = False
|
||||
else:
|
||||
test = True
|
||||
|
||||
if test:
|
||||
# Count the number of SQL query entries output
|
||||
countFirstField = queries[backend.getIdentifiedDbms()].count.query % expressionFieldsList[0]
|
||||
countFirstField = queries[Backend.getIdentifiedDbms()].count.query % expressionFieldsList[0]
|
||||
countedExpression = expression.replace(expressionFields, countFirstField, 1)
|
||||
|
||||
if re.search(" ORDER BY ", expression, re.I):
|
||||
|
|
|
@ -13,7 +13,7 @@ import time
|
|||
from lib.core.agent import agent
|
||||
from lib.core.common import clearConsoleLine
|
||||
from lib.core.common import dataToStdout
|
||||
from lib.core.common import backend
|
||||
from lib.core.common import Backend
|
||||
from lib.core.common import extractRegexResult
|
||||
from lib.core.common import getUnicode
|
||||
from lib.core.common import parseUnionPage
|
||||
|
@ -102,14 +102,14 @@ def __unionTestByCharBruteforce(comment, place, parameter, value, prefix, suffix
|
|||
query = agent.prefixQuery("UNION ALL SELECT %s" % conf.uChar)
|
||||
|
||||
for count in range(conf.uColsStart, conf.uColsStop+1):
|
||||
if backend.getIdentifiedDbms() in FROM_TABLE and query.endswith(FROM_TABLE[backend.getIdentifiedDbms()]):
|
||||
query = query[:-len(FROM_TABLE[backend.getIdentifiedDbms()])]
|
||||
if Backend.getIdentifiedDbms() in FROM_TABLE and query.endswith(FROM_TABLE[Backend.getIdentifiedDbms()]):
|
||||
query = query[:-len(FROM_TABLE[Backend.getIdentifiedDbms()])]
|
||||
|
||||
if count:
|
||||
query += ", %s" % conf.uChar
|
||||
|
||||
if backend.getIdentifiedDbms() in FROM_TABLE:
|
||||
query += FROM_TABLE[backend.getIdentifiedDbms()]
|
||||
if Backend.getIdentifiedDbms() in FROM_TABLE:
|
||||
query += FROM_TABLE[Backend.getIdentifiedDbms()]
|
||||
|
||||
status = "%d/%d" % (count, conf.uColsStop)
|
||||
debugMsg = "testing %s columns (%d%%)" % (status, round(100.0*count/conf.uColsStop))
|
||||
|
|
|
@ -12,7 +12,7 @@ import time
|
|||
|
||||
from lib.core.agent import agent
|
||||
from lib.core.common import calculateDeltaSeconds
|
||||
from lib.core.common import backend
|
||||
from lib.core.common import Backend
|
||||
from lib.core.common import getUnicode
|
||||
from lib.core.common import initTechnique
|
||||
from lib.core.common import isNumPosStrValue
|
||||
|
@ -101,14 +101,14 @@ def unionUse(expression, direct=False, unescape=True, resetCounter=False, unpack
|
|||
# entry per time
|
||||
# NOTE: I assume that only queries that get data from a table can
|
||||
# return multiple entries
|
||||
if " FROM " in expression.upper() and ((backend.getIdentifiedDbms() not in FROM_TABLE) or (backend.getIdentifiedDbms() in FROM_TABLE and not expression.upper().endswith(FROM_TABLE[backend.getIdentifiedDbms()]))) and "EXISTS(" not in expression.upper():
|
||||
limitRegExp = re.search(queries[backend.getIdentifiedDbms()].limitregexp.query, expression, re.I)
|
||||
if " FROM " in expression.upper() and ((Backend.getIdentifiedDbms() not in FROM_TABLE) or (Backend.getIdentifiedDbms() in FROM_TABLE and not expression.upper().endswith(FROM_TABLE[Backend.getIdentifiedDbms()]))) and "EXISTS(" not in expression.upper():
|
||||
limitRegExp = re.search(queries[Backend.getIdentifiedDbms()].limitregexp.query, expression, re.I)
|
||||
topLimit = re.search("TOP\s+([\d]+)\s+", expression, re.I)
|
||||
|
||||
if limitRegExp or (backend.getIdentifiedDbms() in (DBMS.MSSQL, DBMS.SYBASE) and topLimit):
|
||||
if backend.getIdentifiedDbms() in (DBMS.MYSQL, DBMS.PGSQL):
|
||||
limitGroupStart = queries[backend.getIdentifiedDbms()].limitgroupstart.query
|
||||
limitGroupStop = queries[backend.getIdentifiedDbms()].limitgroupstop.query
|
||||
if limitRegExp or (Backend.getIdentifiedDbms() in (DBMS.MSSQL, DBMS.SYBASE) and topLimit):
|
||||
if Backend.getIdentifiedDbms() in (DBMS.MYSQL, DBMS.PGSQL):
|
||||
limitGroupStart = queries[Backend.getIdentifiedDbms()].limitgroupstart.query
|
||||
limitGroupStop = queries[Backend.getIdentifiedDbms()].limitgroupstop.query
|
||||
|
||||
if limitGroupStart.isdigit():
|
||||
startLimit = int(limitRegExp.group(int(limitGroupStart)))
|
||||
|
@ -116,10 +116,10 @@ def unionUse(expression, direct=False, unescape=True, resetCounter=False, unpack
|
|||
stopLimit = limitRegExp.group(int(limitGroupStop))
|
||||
limitCond = int(stopLimit) > 1
|
||||
|
||||
elif backend.getIdentifiedDbms() in (DBMS.MSSQL, DBMS.SYBASE):
|
||||
elif Backend.getIdentifiedDbms() in (DBMS.MSSQL, DBMS.SYBASE):
|
||||
if limitRegExp:
|
||||
limitGroupStart = queries[backend.getIdentifiedDbms()].limitgroupstart.query
|
||||
limitGroupStop = queries[backend.getIdentifiedDbms()].limitgroupstop.query
|
||||
limitGroupStart = queries[Backend.getIdentifiedDbms()].limitgroupstart.query
|
||||
limitGroupStop = queries[Backend.getIdentifiedDbms()].limitgroupstop.query
|
||||
|
||||
if limitGroupStart.isdigit():
|
||||
startLimit = int(limitRegExp.group(int(limitGroupStart)))
|
||||
|
@ -131,7 +131,7 @@ def unionUse(expression, direct=False, unescape=True, resetCounter=False, unpack
|
|||
stopLimit = int(topLimit.group(1))
|
||||
limitCond = int(stopLimit) > 1
|
||||
|
||||
elif backend.getIdentifiedDbms() == DBMS.ORACLE:
|
||||
elif Backend.getIdentifiedDbms() == DBMS.ORACLE:
|
||||
limitCond = False
|
||||
else:
|
||||
limitCond = True
|
||||
|
@ -145,12 +145,12 @@ def unionUse(expression, direct=False, unescape=True, resetCounter=False, unpack
|
|||
|
||||
# From now on we need only the expression until the " LIMIT "
|
||||
# (or similar, depending on the back-end DBMS) word
|
||||
if backend.getIdentifiedDbms() in (DBMS.MYSQL, DBMS.PGSQL):
|
||||
if Backend.getIdentifiedDbms() in (DBMS.MYSQL, DBMS.PGSQL):
|
||||
stopLimit += startLimit
|
||||
untilLimitChar = expression.index(queries[backend.getIdentifiedDbms()].limitstring.query)
|
||||
untilLimitChar = expression.index(queries[Backend.getIdentifiedDbms()].limitstring.query)
|
||||
expression = expression[:untilLimitChar]
|
||||
|
||||
elif backend.getIdentifiedDbms() in (DBMS.MSSQL, DBMS.SYBASE):
|
||||
elif Backend.getIdentifiedDbms() in (DBMS.MSSQL, DBMS.SYBASE):
|
||||
stopLimit += startLimit
|
||||
elif dump:
|
||||
if conf.limitStart:
|
||||
|
@ -159,14 +159,14 @@ def unionUse(expression, direct=False, unescape=True, resetCounter=False, unpack
|
|||
stopLimit = conf.limitStop
|
||||
|
||||
if not stopLimit or stopLimit <= 1:
|
||||
if backend.getIdentifiedDbms() in FROM_TABLE and expression.upper().endswith(FROM_TABLE[backend.getIdentifiedDbms()]):
|
||||
if Backend.getIdentifiedDbms() in FROM_TABLE and expression.upper().endswith(FROM_TABLE[Backend.getIdentifiedDbms()]):
|
||||
test = False
|
||||
else:
|
||||
test = True
|
||||
|
||||
if test:
|
||||
# Count the number of SQL query entries output
|
||||
countFirstField = queries[backend.getIdentifiedDbms()].count.query % expressionFieldsList[0]
|
||||
countFirstField = queries[Backend.getIdentifiedDbms()].count.query % expressionFieldsList[0]
|
||||
countedExpression = origExpr.replace(expressionFields, countFirstField, 1)
|
||||
|
||||
if re.search(" ORDER BY ", expression, re.I):
|
||||
|
@ -214,9 +214,9 @@ def unionUse(expression, direct=False, unescape=True, resetCounter=False, unpack
|
|||
|
||||
try:
|
||||
for num in xrange(startLimit, stopLimit):
|
||||
if backend.getIdentifiedDbms() in (DBMS.MSSQL, DBMS.SYBASE):
|
||||
if Backend.getIdentifiedDbms() in (DBMS.MSSQL, DBMS.SYBASE):
|
||||
field = expressionFieldsList[0]
|
||||
elif backend.getIdentifiedDbms() == DBMS.ORACLE:
|
||||
elif Backend.getIdentifiedDbms() == DBMS.ORACLE:
|
||||
field = expressionFieldsList
|
||||
else:
|
||||
field = None
|
||||
|
|
|
@ -22,7 +22,7 @@ from lib.core.common import clearConsoleLine
|
|||
from lib.core.common import dataToStdout
|
||||
from lib.core.common import getCompiledRegex
|
||||
from lib.core.common import getFileItems
|
||||
from lib.core.common import backend
|
||||
from lib.core.common import Backend
|
||||
from lib.core.common import getPublicTypeMembers
|
||||
from lib.core.common import getUnicode
|
||||
from lib.core.common import paths
|
||||
|
@ -270,9 +270,9 @@ def hashRecognition(value):
|
|||
if value:
|
||||
for name, regex in getPublicTypeMembers(HASH):
|
||||
# Hashes for Oracle and old MySQL look the same hence these checks
|
||||
if backend.getIdentifiedDbms() == DBMS.ORACLE and regex == HASH.MYSQL_OLD:
|
||||
if Backend.getIdentifiedDbms() == DBMS.ORACLE and regex == HASH.MYSQL_OLD:
|
||||
continue
|
||||
elif backend.getIdentifiedDbms() == DBMS.MYSQL and regex == HASH.ORACLE_OLD:
|
||||
elif Backend.getIdentifiedDbms() == DBMS.MYSQL and regex == HASH.ORACLE_OLD:
|
||||
continue
|
||||
elif getCompiledRegex(regex).match(value):
|
||||
retVal = regex
|
||||
|
@ -454,7 +454,7 @@ def dictionaryAttack(attack_dict):
|
|||
clearConsoleLine()
|
||||
|
||||
if len(hash_regexes) == 0:
|
||||
warnMsg = "unknown hash format. "
|
||||
warnMsg = "unknown hash Format. "
|
||||
warnMsg += "Please report by e-mail to sqlmap-users@lists.sourceforge.net."
|
||||
logger.warn(warnMsg)
|
||||
|
||||
|
|
|
@ -13,7 +13,7 @@ import time
|
|||
from lib.core.common import calculateDeltaSeconds
|
||||
from lib.core.common import dataToSessionFile
|
||||
from lib.core.common import dataToStdout
|
||||
from lib.core.common import backend
|
||||
from lib.core.common import Backend
|
||||
from lib.core.common import safeStringFormat
|
||||
from lib.core.common import randomStr
|
||||
from lib.core.common import replaceNewlineTabs
|
||||
|
@ -35,7 +35,7 @@ def queryOutputLength(expression, payload):
|
|||
Returns the query output length.
|
||||
"""
|
||||
|
||||
lengthQuery = queries[backend.getIdentifiedDbms()].length.query
|
||||
lengthQuery = queries[Backend.getIdentifiedDbms()].length.query
|
||||
select = re.search("\ASELECT\s+", expression, re.I)
|
||||
selectTopExpr = re.search("\ASELECT\s+TOP\s+[\d]+\s+(.+?)\s+FROM", expression, re.I)
|
||||
selectDistinctExpr = re.search("\ASELECT\s+DISTINCT\((.+?)\)\s+FROM", expression, re.I)
|
||||
|
@ -61,7 +61,7 @@ def queryOutputLength(expression, payload):
|
|||
if selectDistinctExpr:
|
||||
lengthExpr = "SELECT %s FROM (%s)" % (lengthQuery % regExpr, expression)
|
||||
|
||||
if backend.getIdentifiedDbms() in ( DBMS.MYSQL, DBMS.PGSQL ):
|
||||
if Backend.getIdentifiedDbms() in ( DBMS.MYSQL, DBMS.PGSQL ):
|
||||
lengthExpr += " AS %s" % randomStr(lowercase=True)
|
||||
elif select:
|
||||
lengthExpr = expression.replace(regExpr, lengthQuery % regExpr, 1)
|
||||
|
@ -146,10 +146,10 @@ def resume(expression, payload):
|
|||
if not payload:
|
||||
return None
|
||||
|
||||
if not backend.getIdentifiedDbms():
|
||||
if not Backend.getIdentifiedDbms():
|
||||
return None
|
||||
|
||||
substringQuery = queries[backend.getIdentifiedDbms()].substring.query
|
||||
substringQuery = queries[Backend.getIdentifiedDbms()].substring.query
|
||||
select = re.search("\ASELECT ", expression, re.I)
|
||||
|
||||
_, length, regExpr = queryOutputLength(expression, payload)
|
||||
|
|
|
@ -10,8 +10,8 @@ See the file 'doc/COPYING' for copying permission
|
|||
import re
|
||||
|
||||
from lib.core.agent import agent
|
||||
from lib.core.common import backend
|
||||
from lib.core.common import format
|
||||
from lib.core.common import Backend
|
||||
from lib.core.common import Format
|
||||
from lib.core.common import getCurrentThreadData
|
||||
from lib.core.common import randomInt
|
||||
from lib.core.common import randomStr
|
||||
|
@ -38,9 +38,9 @@ class Fingerprint(GenericFingerprint):
|
|||
retVal = None
|
||||
table = None
|
||||
|
||||
if backend.isVersionWithin(("97", "2000")):
|
||||
if Backend.isVersionWithin(("97", "2000")):
|
||||
table = "MSysAccessObjects"
|
||||
elif backend.isVersionWithin(("2002-2003", "2007")):
|
||||
elif Backend.isVersionWithin(("2002-2003", "2007")):
|
||||
table = "MSysAccessStorage"
|
||||
|
||||
if table is not None:
|
||||
|
@ -115,13 +115,13 @@ class Fingerprint(GenericFingerprint):
|
|||
|
||||
def getFingerprint(self):
|
||||
value = ""
|
||||
wsOsFp = format.getOs("web server", kb.headersFp)
|
||||
wsOsFp = Format.getOs("web server", kb.headersFp)
|
||||
|
||||
if wsOsFp:
|
||||
value += "%s\n" % wsOsFp
|
||||
|
||||
if kb.data.banner:
|
||||
dbmsOsFp = format.getOs("back-end DBMS", kb.bannerFp)
|
||||
dbmsOsFp = Format.getOs("back-end DBMS", kb.bannerFp)
|
||||
|
||||
if dbmsOsFp:
|
||||
value += "%s\n" % dbmsOsFp
|
||||
|
@ -132,7 +132,7 @@ class Fingerprint(GenericFingerprint):
|
|||
value += DBMS.ACCESS
|
||||
return value
|
||||
|
||||
actVer = format.getDbms() + " (%s)" % (self.__sandBoxCheck())
|
||||
actVer = Format.getDbms() + " (%s)" % (self.__sandBoxCheck())
|
||||
blank = " " * 15
|
||||
value += "active fingerprint: %s" % actVer
|
||||
|
||||
|
@ -142,10 +142,10 @@ class Fingerprint(GenericFingerprint):
|
|||
if re.search("-log$", kb.data.banner):
|
||||
banVer += ", logging enabled"
|
||||
|
||||
banVer = format.getDbms([banVer])
|
||||
banVer = Format.getDbms([banVer])
|
||||
value += "\n%sbanner parsing fingerprint: %s" % (blank, banVer)
|
||||
|
||||
htmlErrorFp = format.getErrorParsedDBMSes()
|
||||
htmlErrorFp = Format.getErrorParsedDBMSes()
|
||||
|
||||
if htmlErrorFp:
|
||||
value += "\n%shtml error message fingerprint: %s" % (blank, htmlErrorFp)
|
||||
|
@ -155,7 +155,7 @@ class Fingerprint(GenericFingerprint):
|
|||
return value
|
||||
|
||||
def checkDbms(self):
|
||||
if not conf.extensiveFp and (backend.isDbmsWithin(ACCESS_ALIASES) or conf.dbms in ACCESS_ALIASES):
|
||||
if not conf.extensiveFp and (Backend.isDbmsWithin(ACCESS_ALIASES) or conf.dbms in ACCESS_ALIASES):
|
||||
setDbms(DBMS.ACCESS)
|
||||
|
||||
return True
|
||||
|
@ -187,7 +187,7 @@ class Fingerprint(GenericFingerprint):
|
|||
version = self.__sysTablesCheck()
|
||||
|
||||
if version is not None:
|
||||
backend.setVersion(version)
|
||||
Backend.setVersion(version)
|
||||
|
||||
return True
|
||||
else:
|
||||
|
|
|
@ -10,8 +10,8 @@ See the file 'doc/COPYING' for copying permission
|
|||
import re
|
||||
|
||||
from lib.core.agent import agent
|
||||
from lib.core.common import backend
|
||||
from lib.core.common import format
|
||||
from lib.core.common import Backend
|
||||
from lib.core.common import Format
|
||||
from lib.core.common import getUnicode
|
||||
from lib.core.common import randomInt
|
||||
from lib.core.common import randomRange
|
||||
|
@ -34,25 +34,25 @@ class Fingerprint(GenericFingerprint):
|
|||
|
||||
def getFingerprint(self):
|
||||
value = ""
|
||||
wsOsFp = format.getOs("web server", kb.headersFp)
|
||||
wsOsFp = Format.getOs("web server", kb.headersFp)
|
||||
|
||||
if wsOsFp:
|
||||
value += "%s\n" % wsOsFp
|
||||
|
||||
if kb.data.banner:
|
||||
dbmsOsFp = format.getOs("back-end DBMS", kb.bannerFp)
|
||||
dbmsOsFp = Format.getOs("back-end DBMS", kb.bannerFp)
|
||||
|
||||
if dbmsOsFp:
|
||||
value += "%s\n" % dbmsOsFp
|
||||
|
||||
value += "back-end DBMS: "
|
||||
actVer = format.getDbms()
|
||||
actVer = Format.getDbms()
|
||||
|
||||
if not conf.extensiveFp:
|
||||
value += actVer
|
||||
return value
|
||||
|
||||
actVer = format.getDbms() + " (%s)" % (self.__dialectCheck())
|
||||
actVer = Format.getDbms() + " (%s)" % (self.__dialectCheck())
|
||||
blank = " " * 15
|
||||
value += "active fingerprint: %s" % actVer
|
||||
|
||||
|
@ -62,10 +62,10 @@ class Fingerprint(GenericFingerprint):
|
|||
if re.search("-log$", kb.data.banner):
|
||||
banVer += ", logging enabled"
|
||||
|
||||
banVer = format.getDbms([banVer])
|
||||
banVer = Format.getDbms([banVer])
|
||||
value += "\n%sbanner parsing fingerprint: %s" % (blank, banVer)
|
||||
|
||||
htmlErrorFp = format.getErrorParsedDBMSes()
|
||||
htmlErrorFp = Format.getErrorParsedDBMSes()
|
||||
|
||||
if htmlErrorFp:
|
||||
value += "\n%shtml error message fingerprint: %s" % (blank, htmlErrorFp)
|
||||
|
@ -101,23 +101,23 @@ class Fingerprint(GenericFingerprint):
|
|||
def __dialectCheck(self):
|
||||
retVal = None
|
||||
|
||||
if backend.getIdentifiedDbms():
|
||||
if Backend.getIdentifiedDbms():
|
||||
result = inject.checkBooleanExpression("EXISTS(SELECT CURRENT_DATE FROM RDB$DATABASE)")
|
||||
retVal = "dialect 3" if result else "dialect 1"
|
||||
|
||||
return retVal
|
||||
|
||||
def checkDbms(self):
|
||||
if not conf.extensiveFp and (backend.isDbmsWithin(FIREBIRD_ALIASES) \
|
||||
or conf.dbms in FIREBIRD_ALIASES) and backend.getVersion() and \
|
||||
backend.getVersion() != UNKNOWN_DBMS_VERSION:
|
||||
v = backend.getVersion().replace(">", "")
|
||||
if not conf.extensiveFp and (Backend.isDbmsWithin(FIREBIRD_ALIASES) \
|
||||
or conf.dbms in FIREBIRD_ALIASES) and Backend.getVersion() and \
|
||||
Backend.getVersion() != UNKNOWN_DBMS_VERSION:
|
||||
v = Backend.getVersion().replace(">", "")
|
||||
v = v.replace("=", "")
|
||||
v = v.replace(" ", "")
|
||||
|
||||
backend.setVersion(v)
|
||||
Backend.setVersion(v)
|
||||
|
||||
setDbms("%s %s" % (DBMS.FIREBIRD, backend.getVersion()))
|
||||
setDbms("%s %s" % (DBMS.FIREBIRD, Backend.getVersion()))
|
||||
|
||||
self.getBanner()
|
||||
|
||||
|
@ -149,7 +149,7 @@ class Fingerprint(GenericFingerprint):
|
|||
version = self.__sysTablesCheck()
|
||||
|
||||
if version is not None:
|
||||
backend.setVersion(version)
|
||||
Backend.setVersion(version)
|
||||
setDbms("%s %s" % (DBMS.FIREBIRD, version))
|
||||
|
||||
self.getBanner()
|
||||
|
|
|
@ -10,8 +10,8 @@ See the file 'doc/COPYING' for copying permission
|
|||
import re
|
||||
|
||||
from lib.core.agent import agent
|
||||
from lib.core.common import backend
|
||||
from lib.core.common import format
|
||||
from lib.core.common import Backend
|
||||
from lib.core.common import Format
|
||||
from lib.core.common import randomInt
|
||||
from lib.core.common import randomRange
|
||||
from lib.core.data import conf
|
||||
|
@ -66,13 +66,13 @@ class Fingerprint(GenericFingerprint):
|
|||
|
||||
def getFingerprint(self):
|
||||
value = ""
|
||||
wsOsFp = format.getOs("web server", kb.headersFp)
|
||||
wsOsFp = Format.getOs("web server", kb.headersFp)
|
||||
|
||||
if wsOsFp:
|
||||
value += "%s\n" % wsOsFp
|
||||
|
||||
if kb.data.banner:
|
||||
dbmsOsFp = format.getOs("back-end DBMS", kb.bannerFp)
|
||||
dbmsOsFp = Format.getOs("back-end DBMS", kb.bannerFp)
|
||||
|
||||
if dbmsOsFp:
|
||||
value += "%s\n" % dbmsOsFp
|
||||
|
@ -84,14 +84,14 @@ class Fingerprint(GenericFingerprint):
|
|||
value += DBMS.MAXDB
|
||||
return value
|
||||
|
||||
actVer = format.getDbms() + " (%s)" % self.__versionCheck()
|
||||
actVer = Format.getDbms() + " (%s)" % self.__versionCheck()
|
||||
blank = " " * 15
|
||||
value += "active fingerprint: %s" % actVer
|
||||
|
||||
if kb.bannerFp:
|
||||
value += "\n%sbanner parsing fingerprint: -" % blank
|
||||
|
||||
htmlErrorFp = format.getErrorParsedDBMSes()
|
||||
htmlErrorFp = Format.getErrorParsedDBMSes()
|
||||
|
||||
if htmlErrorFp:
|
||||
value += "\n%shtml error message fingerprint: %s" % (blank, htmlErrorFp)
|
||||
|
@ -99,7 +99,7 @@ class Fingerprint(GenericFingerprint):
|
|||
return value
|
||||
|
||||
def checkDbms(self):
|
||||
if not conf.extensiveFp and (backend.isDbmsWithin(MAXDB_ALIASES) or conf.dbms in MAXDB_ALIASES):
|
||||
if not conf.extensiveFp and (Backend.isDbmsWithin(MAXDB_ALIASES) or conf.dbms in MAXDB_ALIASES):
|
||||
setDbms(DBMS.MAXDB)
|
||||
|
||||
self.getBanner()
|
||||
|
|
|
@ -9,7 +9,7 @@ See the file 'doc/COPYING' for copying permission
|
|||
|
||||
from lib.core.agent import agent
|
||||
from lib.core.common import arrayizeValue
|
||||
from lib.core.common import backend
|
||||
from lib.core.common import Backend
|
||||
from lib.core.common import getRange
|
||||
from lib.core.common import isNumPosStrValue
|
||||
from lib.core.common import isTechniqueAvailable
|
||||
|
@ -41,7 +41,7 @@ class Enumeration(GenericEnumeration):
|
|||
infoMsg += " for database '%s'" % conf.db
|
||||
logger.info(infoMsg)
|
||||
|
||||
rootQuery = queries[backend.getIdentifiedDbms()].tables
|
||||
rootQuery = queries[Backend.getIdentifiedDbms()].tables
|
||||
|
||||
if not conf.db:
|
||||
if not len(kb.data.cachedDbs):
|
||||
|
@ -111,7 +111,7 @@ class Enumeration(GenericEnumeration):
|
|||
return kb.data.cachedTables
|
||||
|
||||
def searchTable(self):
|
||||
rootQuery = queries[backend.getIdentifiedDbms()].search_table
|
||||
rootQuery = queries[Backend.getIdentifiedDbms()].search_table
|
||||
foundTbls = {}
|
||||
tblList = conf.tbl.split(",")
|
||||
tblCond = rootQuery.inband.condition
|
||||
|
@ -198,7 +198,7 @@ class Enumeration(GenericEnumeration):
|
|||
return foundTbls
|
||||
|
||||
def searchColumn(self):
|
||||
rootQuery = queries[backend.getIdentifiedDbms()].search_column
|
||||
rootQuery = queries[Backend.getIdentifiedDbms()].search_column
|
||||
foundCols = {}
|
||||
dbs = {}
|
||||
colList = conf.col.split(",")
|
||||
|
|
|
@ -8,8 +8,8 @@ See the file 'doc/COPYING' for copying permission
|
|||
"""
|
||||
|
||||
from lib.core.agent import agent
|
||||
from lib.core.common import backend
|
||||
from lib.core.common import format
|
||||
from lib.core.common import Backend
|
||||
from lib.core.common import Format
|
||||
from lib.core.common import getUnicode
|
||||
from lib.core.common import randomInt
|
||||
from lib.core.data import conf
|
||||
|
@ -30,19 +30,19 @@ class Fingerprint(GenericFingerprint):
|
|||
|
||||
def getFingerprint(self):
|
||||
value = ""
|
||||
wsOsFp = format.getOs("web server", kb.headersFp)
|
||||
wsOsFp = Format.getOs("web server", kb.headersFp)
|
||||
|
||||
if wsOsFp:
|
||||
value += "%s\n" % wsOsFp
|
||||
|
||||
if kb.data.banner:
|
||||
dbmsOsFp = format.getOs("back-end DBMS", kb.bannerFp)
|
||||
dbmsOsFp = Format.getOs("back-end DBMS", kb.bannerFp)
|
||||
|
||||
if dbmsOsFp:
|
||||
value += "%s\n" % dbmsOsFp
|
||||
|
||||
value += "back-end DBMS: "
|
||||
actVer = format.getDbms()
|
||||
actVer = Format.getDbms()
|
||||
|
||||
if not conf.extensiveFp:
|
||||
value += actVer
|
||||
|
@ -63,7 +63,7 @@ class Fingerprint(GenericFingerprint):
|
|||
|
||||
value += "\n%sbanner parsing fingerprint: %s" % (blank, banVer)
|
||||
|
||||
htmlErrorFp = format.getErrorParsedDBMSes()
|
||||
htmlErrorFp = Format.getErrorParsedDBMSes()
|
||||
|
||||
if htmlErrorFp:
|
||||
value += "\n%shtml error message fingerprint: %s" % (blank, htmlErrorFp)
|
||||
|
@ -71,10 +71,10 @@ class Fingerprint(GenericFingerprint):
|
|||
return value
|
||||
|
||||
def checkDbms(self):
|
||||
if not conf.extensiveFp and (backend.isDbmsWithin(MSSQL_ALIASES) \
|
||||
or conf.dbms in MSSQL_ALIASES) and backend.getVersion() and \
|
||||
backend.getVersion().isdigit():
|
||||
setDbms("%s %s" % (DBMS.MSSQL, backend.getVersion()))
|
||||
if not conf.extensiveFp and (Backend.isDbmsWithin(MSSQL_ALIASES) \
|
||||
or conf.dbms in MSSQL_ALIASES) and Backend.getVersion() and \
|
||||
Backend.getVersion().isdigit():
|
||||
setDbms("%s %s" % (DBMS.MSSQL, Backend.getVersion()))
|
||||
|
||||
self.getBanner()
|
||||
|
||||
|
@ -103,10 +103,10 @@ class Fingerprint(GenericFingerprint):
|
|||
result = inject.checkBooleanExpression(check)
|
||||
|
||||
if result:
|
||||
backend.setVersion(version)
|
||||
Backend.setVersion(version)
|
||||
|
||||
if backend.getVersion():
|
||||
setDbms("%s %s" % (DBMS.MSSQL, backend.getVersion()))
|
||||
if Backend.getVersion():
|
||||
setDbms("%s %s" % (DBMS.MSSQL, Backend.getVersion()))
|
||||
else:
|
||||
setDbms(DBMS.MSSQL)
|
||||
|
||||
|
|
|
@ -10,8 +10,8 @@ See the file 'doc/COPYING' for copying permission
|
|||
import re
|
||||
|
||||
from lib.core.agent import agent
|
||||
from lib.core.common import backend
|
||||
from lib.core.common import format
|
||||
from lib.core.common import Backend
|
||||
from lib.core.common import Format
|
||||
from lib.core.common import getUnicode
|
||||
from lib.core.common import randomInt
|
||||
from lib.core.data import conf
|
||||
|
@ -97,19 +97,19 @@ class Fingerprint(GenericFingerprint):
|
|||
|
||||
def getFingerprint(self):
|
||||
value = ""
|
||||
wsOsFp = format.getOs("web server", kb.headersFp)
|
||||
wsOsFp = Format.getOs("web server", kb.headersFp)
|
||||
|
||||
if wsOsFp:
|
||||
value += "%s\n" % wsOsFp
|
||||
|
||||
if kb.data.banner:
|
||||
dbmsOsFp = format.getOs("back-end DBMS", kb.bannerFp)
|
||||
dbmsOsFp = Format.getOs("back-end DBMS", kb.bannerFp)
|
||||
|
||||
if dbmsOsFp:
|
||||
value += "%s\n" % dbmsOsFp
|
||||
|
||||
value += "back-end DBMS: "
|
||||
actVer = format.getDbms()
|
||||
actVer = Format.getDbms()
|
||||
|
||||
if not conf.extensiveFp:
|
||||
value += actVer
|
||||
|
@ -120,7 +120,7 @@ class Fingerprint(GenericFingerprint):
|
|||
value += "active fingerprint: %s" % actVer
|
||||
|
||||
if comVer:
|
||||
comVer = format.getDbms([comVer])
|
||||
comVer = Format.getDbms([comVer])
|
||||
value += "\n%scomment injection fingerprint: %s" % (blank, comVer)
|
||||
|
||||
if kb.bannerFp:
|
||||
|
@ -129,10 +129,10 @@ class Fingerprint(GenericFingerprint):
|
|||
if re.search("-log$", kb.data.banner):
|
||||
banVer += ", logging enabled"
|
||||
|
||||
banVer = format.getDbms([banVer] if banVer else None)
|
||||
banVer = Format.getDbms([banVer] if banVer else None)
|
||||
value += "\n%sbanner parsing fingerprint: %s" % (blank, banVer)
|
||||
|
||||
htmlErrorFp = format.getErrorParsedDBMSes()
|
||||
htmlErrorFp = Format.getErrorParsedDBMSes()
|
||||
|
||||
if htmlErrorFp:
|
||||
value += "\n%shtml error message fingerprint: %s" % (blank, htmlErrorFp)
|
||||
|
@ -150,18 +150,18 @@ class Fingerprint(GenericFingerprint):
|
|||
* http://dev.mysql.com/doc/refman/6.0/en/news-6-0-x.html (manual has been withdrawn)
|
||||
"""
|
||||
|
||||
if not conf.extensiveFp and (backend.isDbmsWithin(MYSQL_ALIASES) \
|
||||
or conf.dbms in MYSQL_ALIASES) and backend.getVersion() and \
|
||||
backend.getVersion() != UNKNOWN_DBMS_VERSION:
|
||||
v = backend.getVersion().replace(">", "")
|
||||
if not conf.extensiveFp and (Backend.isDbmsWithin(MYSQL_ALIASES) \
|
||||
or conf.dbms in MYSQL_ALIASES) and Backend.getVersion() and \
|
||||
Backend.getVersion() != UNKNOWN_DBMS_VERSION:
|
||||
v = Backend.getVersion().replace(">", "")
|
||||
v = v.replace("=", "")
|
||||
v = v.replace(" ", "")
|
||||
|
||||
backend.setVersion(v)
|
||||
Backend.setVersion(v)
|
||||
|
||||
setDbms("%s %s" % (DBMS.MYSQL, backend.getVersion()))
|
||||
setDbms("%s %s" % (DBMS.MYSQL, Backend.getVersion()))
|
||||
|
||||
if backend.isVersionGreaterOrEqualThan("5"):
|
||||
if Backend.isVersionGreaterOrEqualThan("5"):
|
||||
kb.data.has_information_schema = True
|
||||
|
||||
self.getBanner()
|
||||
|
@ -190,7 +190,7 @@ class Fingerprint(GenericFingerprint):
|
|||
#if inject.checkBooleanExpression("%s=(SELECT %s FROM information_schema.TABLES LIMIT 0, 1)" % (randInt, randInt)):
|
||||
if inject.checkBooleanExpression("EXISTS(SELECT %s FROM information_schema.TABLES)" % randInt):
|
||||
kb.data.has_information_schema = True
|
||||
backend.setVersion(">= 5.0.0")
|
||||
Backend.setVersion(">= 5.0.0")
|
||||
setDbms("%s 5" % DBMS.MYSQL)
|
||||
self.getBanner()
|
||||
|
||||
|
@ -202,43 +202,43 @@ class Fingerprint(GenericFingerprint):
|
|||
|
||||
# Check if it is MySQL >= 5.5.0
|
||||
if inject.checkBooleanExpression("TO_SECONDS(950501)>0"):
|
||||
backend.setVersion(">= 5.5.0")
|
||||
Backend.setVersion(">= 5.5.0")
|
||||
|
||||
# Check if it is MySQL >= 5.1.2 and < 5.5.0
|
||||
elif inject.checkBooleanExpression("@@table_open_cache=@@table_open_cache"):
|
||||
if inject.checkBooleanExpression("%s=(SELECT %s FROM information_schema.GLOBAL_STATUS LIMIT 0, 1)" % (randInt, randInt)):
|
||||
backend.setVersionList([">= 5.1.12", "< 5.5.0"])
|
||||
Backend.setVersionList([">= 5.1.12", "< 5.5.0"])
|
||||
elif inject.checkBooleanExpression("%s=(SELECT %s FROM information_schema.PROCESSLIST LIMIT 0, 1)" % (randInt,randInt)):
|
||||
backend.setVersionList([">= 5.1.7", "< 5.1.12"])
|
||||
Backend.setVersionList([">= 5.1.7", "< 5.1.12"])
|
||||
elif inject.checkBooleanExpression("%s=(SELECT %s FROM information_schema.PARTITIONS LIMIT 0, 1)" % (randInt, randInt)):
|
||||
backend.setVersion("= 5.1.6")
|
||||
Backend.setVersion("= 5.1.6")
|
||||
elif inject.checkBooleanExpression("%s=(SELECT %s FROM information_schema.PLUGINS LIMIT 0, 1)" % (randInt, randInt)):
|
||||
backend.setVersionList([">= 5.1.5", "< 5.1.6"])
|
||||
Backend.setVersionList([">= 5.1.5", "< 5.1.6"])
|
||||
else:
|
||||
backend.setVersionList([">= 5.1.2", "< 5.1.5"])
|
||||
Backend.setVersionList([">= 5.1.2", "< 5.1.5"])
|
||||
|
||||
# Check if it is MySQL >= 5.0.0 and < 5.1.2
|
||||
elif inject.checkBooleanExpression("@@hostname=@@hostname"):
|
||||
backend.setVersionList([">= 5.0.38", "< 5.1.2"])
|
||||
Backend.setVersionList([">= 5.0.38", "< 5.1.2"])
|
||||
elif inject.checkBooleanExpression("@@character_set_filesystem=@@character_set_filesystem"):
|
||||
backend.setVersionList([">= 5.0.19", "< 5.0.38"])
|
||||
Backend.setVersionList([">= 5.0.19", "< 5.0.38"])
|
||||
elif not inject.checkBooleanExpression("%s=(SELECT %s FROM DUAL WHERE %s!=%s)" % (randInt, randInt, randInt, randInt)):
|
||||
backend.setVersionList([">= 5.0.11", "< 5.0.19"])
|
||||
Backend.setVersionList([">= 5.0.11", "< 5.0.19"])
|
||||
elif inject.checkBooleanExpression("@@div_precision_increment=@@div_precision_increment"):
|
||||
backend.setVersionList([">= 5.0.6", "< 5.0.11"])
|
||||
Backend.setVersionList([">= 5.0.6", "< 5.0.11"])
|
||||
elif inject.checkBooleanExpression("@@automatic_sp_privileges=@@automatic_sp_privileges"):
|
||||
backend.setVersionList([">= 5.0.3", "< 5.0.6"])
|
||||
Backend.setVersionList([">= 5.0.3", "< 5.0.6"])
|
||||
else:
|
||||
backend.setVersionList([">= 5.0.0", "< 5.0.3"])
|
||||
Backend.setVersionList([">= 5.0.0", "< 5.0.3"])
|
||||
|
||||
# For cases when information_schema is missing
|
||||
elif inject.checkBooleanExpression("DATABASE() LIKE SCHEMA()"):
|
||||
backend.setVersion(">= 5.0.2")
|
||||
Backend.setVersion(">= 5.0.2")
|
||||
setDbms("%s 5" % DBMS.MYSQL)
|
||||
self.getBanner()
|
||||
|
||||
elif inject.checkBooleanExpression("STRCMP(LOWER(CURRENT_USER()), UPPER(CURRENT_USER()))=0"):
|
||||
backend.setVersion("< 5.0.0")
|
||||
Backend.setVersion("< 5.0.0")
|
||||
setDbms("%s 4" % DBMS.MYSQL)
|
||||
self.getBanner()
|
||||
|
||||
|
@ -247,20 +247,20 @@ class Fingerprint(GenericFingerprint):
|
|||
|
||||
# Check which version of MySQL < 5.0.0 it is
|
||||
if inject.checkBooleanExpression("3=(SELECT COERCIBILITY(USER()))"):
|
||||
backend.setVersionList([">= 4.1.11", "< 5.0.0"])
|
||||
Backend.setVersionList([">= 4.1.11", "< 5.0.0"])
|
||||
elif inject.checkBooleanExpression("2=(SELECT COERCIBILITY(USER()))"):
|
||||
backend.setVersionList([">= 4.1.1", "< 4.1.11"])
|
||||
Backend.setVersionList([">= 4.1.1", "< 4.1.11"])
|
||||
elif inject.checkBooleanExpression("CURRENT_USER()=CURRENT_USER()"):
|
||||
backend.setVersionList([">= 4.0.6", "< 4.1.1"])
|
||||
Backend.setVersionList([">= 4.0.6", "< 4.1.1"])
|
||||
|
||||
if inject.checkBooleanExpression("'utf8'=(SELECT CHARSET(CURRENT_USER()))"):
|
||||
backend.setVersion("= 4.1.0")
|
||||
Backend.setVersion("= 4.1.0")
|
||||
else:
|
||||
backend.setVersionList([">= 4.0.6", "< 4.1.0"])
|
||||
Backend.setVersionList([">= 4.0.6", "< 4.1.0"])
|
||||
else:
|
||||
backend.setVersionList([">= 4.0.0", "< 4.0.6"])
|
||||
Backend.setVersionList([">= 4.0.0", "< 4.0.6"])
|
||||
else:
|
||||
backend.setVersion("< 4.0.0")
|
||||
Backend.setVersion("< 4.0.0")
|
||||
setDbms("%s 3" % DBMS.MYSQL)
|
||||
self.getBanner()
|
||||
|
||||
|
|
|
@ -8,7 +8,7 @@ See the file 'doc/COPYING' for copying permission
|
|||
"""
|
||||
|
||||
from lib.core.agent import agent
|
||||
from lib.core.common import backend
|
||||
from lib.core.common import Backend
|
||||
from lib.core.common import getRange
|
||||
from lib.core.common import isNumPosStrValue
|
||||
from lib.core.common import isTechniqueAvailable
|
||||
|
@ -30,7 +30,7 @@ class Enumeration(GenericEnumeration):
|
|||
def getRoles(self, query2=False):
|
||||
infoMsg = "fetching database users roles"
|
||||
|
||||
rootQuery = queries[backend.getIdentifiedDbms()].roles
|
||||
rootQuery = queries[Backend.getIdentifiedDbms()].roles
|
||||
|
||||
if conf.user == "CU":
|
||||
infoMsg += " for current user"
|
||||
|
@ -179,7 +179,7 @@ class Enumeration(GenericEnumeration):
|
|||
return []
|
||||
|
||||
def searchColumn(self):
|
||||
rootQuery = queries[backend.getIdentifiedDbms()].search_column
|
||||
rootQuery = queries[Backend.getIdentifiedDbms()].search_column
|
||||
foundCols = {}
|
||||
dbs = { "USERS": {} }
|
||||
colList = conf.col.split(",")
|
||||
|
|
|
@ -10,8 +10,8 @@ See the file 'doc/COPYING' for copying permission
|
|||
import re
|
||||
|
||||
from lib.core.agent import agent
|
||||
from lib.core.common import backend
|
||||
from lib.core.common import format
|
||||
from lib.core.common import Backend
|
||||
from lib.core.common import Format
|
||||
from lib.core.data import conf
|
||||
from lib.core.data import kb
|
||||
from lib.core.data import logger
|
||||
|
@ -29,13 +29,13 @@ class Fingerprint(GenericFingerprint):
|
|||
|
||||
def getFingerprint(self):
|
||||
value = ""
|
||||
wsOsFp = format.getOs("web server", kb.headersFp)
|
||||
wsOsFp = Format.getOs("web server", kb.headersFp)
|
||||
|
||||
if wsOsFp:
|
||||
value += "%s\n" % wsOsFp
|
||||
|
||||
if kb.data.banner:
|
||||
dbmsOsFp = format.getOs("back-end DBMS", kb.bannerFp)
|
||||
dbmsOsFp = Format.getOs("back-end DBMS", kb.bannerFp)
|
||||
|
||||
if dbmsOsFp:
|
||||
value += "%s\n" % dbmsOsFp
|
||||
|
@ -46,16 +46,16 @@ class Fingerprint(GenericFingerprint):
|
|||
value += DBMS.ORACLE
|
||||
return value
|
||||
|
||||
actVer = format.getDbms()
|
||||
actVer = Format.getDbms()
|
||||
blank = " " * 15
|
||||
value += "active fingerprint: %s" % actVer
|
||||
|
||||
if kb.bannerFp:
|
||||
banVer = kb.bannerFp["dbmsVersion"] if 'dbmsVersion' in kb.bannerFp else None
|
||||
banVer = format.getDbms([banVer])
|
||||
banVer = Format.getDbms([banVer])
|
||||
value += "\n%sbanner parsing fingerprint: %s" % (blank, banVer)
|
||||
|
||||
htmlErrorFp = format.getErrorParsedDBMSes()
|
||||
htmlErrorFp = Format.getErrorParsedDBMSes()
|
||||
|
||||
if htmlErrorFp:
|
||||
value += "\n%shtml error message fingerprint: %s" % (blank, htmlErrorFp)
|
||||
|
@ -63,7 +63,7 @@ class Fingerprint(GenericFingerprint):
|
|||
return value
|
||||
|
||||
def checkDbms(self):
|
||||
if not conf.extensiveFp and (backend.isDbmsWithin(ORACLE_ALIASES) or conf.dbms in ORACLE_ALIASES):
|
||||
if not conf.extensiveFp and (Backend.isDbmsWithin(ORACLE_ALIASES) or conf.dbms in ORACLE_ALIASES):
|
||||
setDbms(DBMS.ORACLE)
|
||||
|
||||
self.getBanner()
|
||||
|
@ -112,7 +112,7 @@ class Fingerprint(GenericFingerprint):
|
|||
output = inject.checkBooleanExpression("%d=(SELECT SUBSTR((VERSION), 1, %d) FROM SYS.PRODUCT_COMPONENT_VERSION WHERE ROWNUM=1)" % (number, 1 if number < 10 else 2))
|
||||
|
||||
if output:
|
||||
backend.setVersion(version)
|
||||
Backend.setVersion(version)
|
||||
break
|
||||
|
||||
return True
|
||||
|
|
|
@ -10,8 +10,8 @@ See the file 'doc/COPYING' for copying permission
|
|||
import re
|
||||
|
||||
from lib.core.agent import agent
|
||||
from lib.core.common import backend
|
||||
from lib.core.common import format
|
||||
from lib.core.common import Backend
|
||||
from lib.core.common import Format
|
||||
from lib.core.common import getUnicode
|
||||
from lib.core.common import randomInt
|
||||
from lib.core.data import conf
|
||||
|
@ -32,13 +32,13 @@ class Fingerprint(GenericFingerprint):
|
|||
|
||||
def getFingerprint(self):
|
||||
value = ""
|
||||
wsOsFp = format.getOs("web server", kb.headersFp)
|
||||
wsOsFp = Format.getOs("web server", kb.headersFp)
|
||||
|
||||
if wsOsFp:
|
||||
value += "%s\n" % wsOsFp
|
||||
|
||||
if kb.data.banner:
|
||||
dbmsOsFp = format.getOs("back-end DBMS", kb.bannerFp)
|
||||
dbmsOsFp = Format.getOs("back-end DBMS", kb.bannerFp)
|
||||
|
||||
if dbmsOsFp:
|
||||
value += "%s\n" % dbmsOsFp
|
||||
|
@ -49,16 +49,16 @@ class Fingerprint(GenericFingerprint):
|
|||
value += DBMS.PGSQL
|
||||
return value
|
||||
|
||||
actVer = format.getDbms()
|
||||
actVer = Format.getDbms()
|
||||
blank = " " * 15
|
||||
value += "active fingerprint: %s" % actVer
|
||||
|
||||
if kb.bannerFp:
|
||||
banVer = kb.bannerFp["dbmsVersion"] if 'dbmsVersion' in kb.bannerFp else None
|
||||
banVer = format.getDbms([banVer])
|
||||
banVer = Format.getDbms([banVer])
|
||||
value += "\n%sbanner parsing fingerprint: %s" % (blank, banVer)
|
||||
|
||||
htmlErrorFp = format.getErrorParsedDBMSes()
|
||||
htmlErrorFp = Format.getErrorParsedDBMSes()
|
||||
|
||||
if htmlErrorFp:
|
||||
value += "\n%shtml error message fingerprint: %s" % (blank, htmlErrorFp)
|
||||
|
@ -72,7 +72,7 @@ class Fingerprint(GenericFingerprint):
|
|||
* http://www.postgresql.org/docs/8.4/interactive/release.html (up to 8.4.2)
|
||||
"""
|
||||
|
||||
if not conf.extensiveFp and (backend.isDbmsWithin(PGSQL_ALIASES) or conf.dbms in PGSQL_ALIASES):
|
||||
if not conf.extensiveFp and (Backend.isDbmsWithin(PGSQL_ALIASES) or conf.dbms in PGSQL_ALIASES):
|
||||
setDbms(DBMS.PGSQL)
|
||||
|
||||
self.getBanner()
|
||||
|
@ -108,35 +108,35 @@ class Fingerprint(GenericFingerprint):
|
|||
logger.info(infoMsg)
|
||||
|
||||
if inject.checkBooleanExpression("2=(SELECT DIV(6, 3))"):
|
||||
backend.setVersion(">= 8.4.0")
|
||||
Backend.setVersion(">= 8.4.0")
|
||||
elif inject.checkBooleanExpression("EXTRACT(ISODOW FROM CURRENT_TIMESTAMP)<8"):
|
||||
backend.setVersionList([">= 8.3.0", "< 8.4"])
|
||||
Backend.setVersionList([">= 8.3.0", "< 8.4"])
|
||||
elif inject.checkBooleanExpression("ISFINITE(TRANSACTION_TIMESTAMP())"):
|
||||
backend.setVersionList([">= 8.2.0", "< 8.3.0"])
|
||||
Backend.setVersionList([">= 8.2.0", "< 8.3.0"])
|
||||
elif inject.checkBooleanExpression("9=(SELECT GREATEST(5, 9, 1))"):
|
||||
backend.setVersionList([">= 8.1.0", "< 8.2.0"])
|
||||
Backend.setVersionList([">= 8.1.0", "< 8.2.0"])
|
||||
elif inject.checkBooleanExpression("3=(SELECT WIDTH_BUCKET(5.35, 0.024, 10.06, 5))"):
|
||||
backend.setVersionList([">= 8.0.0", "< 8.1.0"])
|
||||
Backend.setVersionList([">= 8.0.0", "< 8.1.0"])
|
||||
elif inject.checkBooleanExpression("'d'=(SELECT SUBSTR(MD5('sqlmap'), 1, 1))"):
|
||||
backend.setVersionList([">= 7.4.0", "< 8.0.0"])
|
||||
Backend.setVersionList([">= 7.4.0", "< 8.0.0"])
|
||||
elif inject.checkBooleanExpression("'p'=(SELECT SUBSTR(CURRENT_SCHEMA(), 1, 1))"):
|
||||
backend.setVersionList([">= 7.3.0", "< 7.4.0"])
|
||||
Backend.setVersionList([">= 7.3.0", "< 7.4.0"])
|
||||
elif inject.checkBooleanExpression("8=(SELECT BIT_LENGTH(1))"):
|
||||
backend.setVersionList([">= 7.2.0", "< 7.3.0"])
|
||||
Backend.setVersionList([">= 7.2.0", "< 7.3.0"])
|
||||
elif inject.checkBooleanExpression("'a'=(SELECT SUBSTR(QUOTE_LITERAL('a'), 2, 1))"):
|
||||
backend.setVersionList([">= 7.1.0", "< 7.2.0"])
|
||||
Backend.setVersionList([">= 7.1.0", "< 7.2.0"])
|
||||
elif inject.checkBooleanExpression("8=(SELECT POW(2, 3))"):
|
||||
backend.setVersionList([">= 7.0.0", "< 7.1.0"])
|
||||
Backend.setVersionList([">= 7.0.0", "< 7.1.0"])
|
||||
elif inject.checkBooleanExpression("'a'=(SELECT MAX('a'))"):
|
||||
backend.setVersionList([">= 6.5.0", "< 6.5.3"])
|
||||
Backend.setVersionList([">= 6.5.0", "< 6.5.3"])
|
||||
elif inject.checkBooleanExpression("VERSION()=VERSION()"):
|
||||
backend.setVersionList([">= 6.4.0", "< 6.5.0"])
|
||||
Backend.setVersionList([">= 6.4.0", "< 6.5.0"])
|
||||
elif inject.checkBooleanExpression("2=(SELECT SUBSTR(CURRENT_DATE, 1, 1))"):
|
||||
backend.setVersionList([">= 6.3.0", "< 6.4.0"])
|
||||
Backend.setVersionList([">= 6.3.0", "< 6.4.0"])
|
||||
elif inject.checkBooleanExpression("'s'=(SELECT SUBSTRING('sqlmap', 1, 1))"):
|
||||
backend.setVersionList([">= 6.2.0", "< 6.3.0"])
|
||||
Backend.setVersionList([">= 6.2.0", "< 6.3.0"])
|
||||
else:
|
||||
backend.setVersion("< 6.2.0")
|
||||
Backend.setVersion("< 6.2.0")
|
||||
|
||||
return True
|
||||
else:
|
||||
|
|
|
@ -8,8 +8,8 @@ See the file 'doc/COPYING' for copying permission
|
|||
"""
|
||||
|
||||
from lib.core.agent import agent
|
||||
from lib.core.common import backend
|
||||
from lib.core.common import format
|
||||
from lib.core.common import Backend
|
||||
from lib.core.common import Format
|
||||
from lib.core.data import conf
|
||||
from lib.core.data import kb
|
||||
from lib.core.data import logger
|
||||
|
@ -28,13 +28,13 @@ class Fingerprint(GenericFingerprint):
|
|||
|
||||
def getFingerprint(self):
|
||||
value = ""
|
||||
wsOsFp = format.getOs("web server", kb.headersFp)
|
||||
wsOsFp = Format.getOs("web server", kb.headersFp)
|
||||
|
||||
if wsOsFp:
|
||||
value += "%s\n" % wsOsFp
|
||||
|
||||
if kb.data.banner:
|
||||
dbmsOsFp = format.getOs("back-end DBMS", kb.bannerFp)
|
||||
dbmsOsFp = Format.getOs("back-end DBMS", kb.bannerFp)
|
||||
|
||||
if dbmsOsFp:
|
||||
value += "%s\n" % dbmsOsFp
|
||||
|
@ -45,16 +45,16 @@ class Fingerprint(GenericFingerprint):
|
|||
value += DBMS.SQLITE
|
||||
return value
|
||||
|
||||
actVer = format.getDbms()
|
||||
actVer = Format.getDbms()
|
||||
blank = " " * 15
|
||||
value += "active fingerprint: %s" % actVer
|
||||
|
||||
if kb.bannerFp:
|
||||
banVer = kb.bannerFp["dbmsVersion"]
|
||||
banVer = format.getDbms([banVer])
|
||||
banVer = Format.getDbms([banVer])
|
||||
value += "\n%sbanner parsing fingerprint: %s" % (blank, banVer)
|
||||
|
||||
htmlErrorFp = format.getErrorParsedDBMSes()
|
||||
htmlErrorFp = Format.getErrorParsedDBMSes()
|
||||
|
||||
if htmlErrorFp:
|
||||
value += "\n%shtml error message fingerprint: %s" % (blank, htmlErrorFp)
|
||||
|
@ -69,7 +69,7 @@ class Fingerprint(GenericFingerprint):
|
|||
* http://www.sqlite.org/cvstrac/wiki?p=LoadableExtensions
|
||||
"""
|
||||
|
||||
if not conf.extensiveFp and (backend.isDbmsWithin(SQLITE_ALIASES) or conf.dbms in SQLITE_ALIASES):
|
||||
if not conf.extensiveFp and (Backend.isDbmsWithin(SQLITE_ALIASES) or conf.dbms in SQLITE_ALIASES):
|
||||
setDbms(DBMS.SQLITE)
|
||||
|
||||
self.getBanner()
|
||||
|
@ -98,7 +98,7 @@ class Fingerprint(GenericFingerprint):
|
|||
|
||||
result = inject.checkBooleanExpression("RANDOMBLOB(-1)>0")
|
||||
version = '3' if result else '2'
|
||||
backend.setVersion(version)
|
||||
Backend.setVersion(version)
|
||||
|
||||
setDbms(DBMS.SQLITE)
|
||||
|
||||
|
|
|
@ -8,8 +8,8 @@ See the file 'doc/COPYING' for copying permission
|
|||
"""
|
||||
|
||||
from lib.core.agent import agent
|
||||
from lib.core.common import backend
|
||||
from lib.core.common import format
|
||||
from lib.core.common import Backend
|
||||
from lib.core.common import Format
|
||||
from lib.core.common import randomInt
|
||||
from lib.core.data import conf
|
||||
from lib.core.data import kb
|
||||
|
@ -28,13 +28,13 @@ class Fingerprint(GenericFingerprint):
|
|||
|
||||
def getFingerprint(self):
|
||||
value = ""
|
||||
wsOsFp = format.getOs("web server", kb.headersFp)
|
||||
wsOsFp = Format.getOs("web server", kb.headersFp)
|
||||
|
||||
if wsOsFp:
|
||||
value += "%s\n" % wsOsFp
|
||||
|
||||
if kb.data.banner:
|
||||
dbmsOsFp = format.getOs("back-end DBMS", kb.bannerFp)
|
||||
dbmsOsFp = Format.getOs("back-end DBMS", kb.bannerFp)
|
||||
|
||||
if dbmsOsFp:
|
||||
value += "%s\n" % dbmsOsFp
|
||||
|
@ -45,16 +45,16 @@ class Fingerprint(GenericFingerprint):
|
|||
value += DBMS.SYBASE
|
||||
return value
|
||||
|
||||
actVer = format.getDbms()
|
||||
actVer = Format.getDbms()
|
||||
blank = " " * 15
|
||||
value += "active fingerprint: %s" % actVer
|
||||
|
||||
if kb.bannerFp:
|
||||
banVer = kb.bannerFp["dbmsVersion"]
|
||||
banVer = format.getDbms([banVer])
|
||||
banVer = Format.getDbms([banVer])
|
||||
value += "\n%sbanner parsing fingerprint: %s" % (blank, banVer)
|
||||
|
||||
htmlErrorFp = format.getErrorParsedDBMSes()
|
||||
htmlErrorFp = Format.getErrorParsedDBMSes()
|
||||
|
||||
if htmlErrorFp:
|
||||
value += "\n%shtml error message fingerprint: %s" % (blank, htmlErrorFp)
|
||||
|
@ -62,10 +62,10 @@ class Fingerprint(GenericFingerprint):
|
|||
return value
|
||||
|
||||
def checkDbms(self):
|
||||
if not conf.extensiveFp and (backend.isDbmsWithin(SYBASE_ALIASES) \
|
||||
or conf.dbms in SYBASE_ALIASES) and backend.getVersion() and \
|
||||
backend.getVersion().isdigit():
|
||||
setDbms("%s %s" % (DBMS.SYBASE, backend.getVersion()))
|
||||
if not conf.extensiveFp and (Backend.isDbmsWithin(SYBASE_ALIASES) \
|
||||
or conf.dbms in SYBASE_ALIASES) and Backend.getVersion() and \
|
||||
Backend.getVersion().isdigit():
|
||||
setDbms("%s %s" % (DBMS.SYBASE, Backend.getVersion()))
|
||||
|
||||
self.getBanner()
|
||||
|
||||
|
@ -107,7 +107,7 @@ class Fingerprint(GenericFingerprint):
|
|||
result = inject.checkBooleanExpression("@@VERSION_NUMBER/1000=%d" % version)
|
||||
|
||||
if result:
|
||||
backend.setVersion(str(version))
|
||||
Backend.setVersion(str(version))
|
||||
break
|
||||
|
||||
return True
|
||||
|
|
|
@ -12,13 +12,13 @@ import time
|
|||
|
||||
from lib.core.agent import agent
|
||||
from lib.core.common import arrayizeValue
|
||||
from lib.core.common import backend
|
||||
from lib.core.common import Backend
|
||||
from lib.core.common import dataToStdout
|
||||
from lib.core.common import getRange
|
||||
from lib.core.common import getCompiledRegex
|
||||
from lib.core.common import getConsoleWidth
|
||||
from lib.core.common import getFileItems
|
||||
from lib.core.common import backend
|
||||
from lib.core.common import Backend
|
||||
from lib.core.common import getUnicode
|
||||
from lib.core.common import isNumPosStrValue
|
||||
from lib.core.common import isTechniqueAvailable
|
||||
|
@ -86,7 +86,7 @@ class Enumeration:
|
|||
infoMsg = "fetching banner"
|
||||
logger.info(infoMsg)
|
||||
|
||||
query = queries[backend.getIdentifiedDbms()].banner.query
|
||||
query = queries[Backend.getIdentifiedDbms()].banner.query
|
||||
kb.data.banner = inject.getValue(query)
|
||||
bannerParser(kb.data.banner)
|
||||
|
||||
|
@ -108,7 +108,7 @@ class Enumeration:
|
|||
infoMsg = "fetching current user"
|
||||
logger.info(infoMsg)
|
||||
|
||||
query = queries[backend.getIdentifiedDbms()].current_user.query
|
||||
query = queries[Backend.getIdentifiedDbms()].current_user.query
|
||||
|
||||
if not kb.data.currentUser:
|
||||
kb.data.currentUser = inject.getValue(query)
|
||||
|
@ -119,7 +119,7 @@ class Enumeration:
|
|||
infoMsg = "fetching current database"
|
||||
logger.info(infoMsg)
|
||||
|
||||
query = queries[backend.getIdentifiedDbms()].current_db.query
|
||||
query = queries[Backend.getIdentifiedDbms()].current_db.query
|
||||
|
||||
if not kb.data.currentDb:
|
||||
kb.data.currentDb = inject.getValue(query)
|
||||
|
@ -130,11 +130,11 @@ class Enumeration:
|
|||
infoMsg = "testing if current user is DBA"
|
||||
logger.info(infoMsg)
|
||||
|
||||
if backend.getIdentifiedDbms() == DBMS.MYSQL:
|
||||
if Backend.getIdentifiedDbms() == DBMS.MYSQL:
|
||||
self.getCurrentUser()
|
||||
query = queries[backend.getIdentifiedDbms()].is_dba.query % kb.data.currentUser.split("@")[0]
|
||||
query = queries[Backend.getIdentifiedDbms()].is_dba.query % kb.data.currentUser.split("@")[0]
|
||||
else:
|
||||
query = queries[backend.getIdentifiedDbms()].is_dba.query
|
||||
query = queries[Backend.getIdentifiedDbms()].is_dba.query
|
||||
|
||||
query = agent.forgeCaseStatement(query)
|
||||
|
||||
|
@ -146,10 +146,10 @@ class Enumeration:
|
|||
infoMsg = "fetching database users"
|
||||
logger.info(infoMsg)
|
||||
|
||||
rootQuery = queries[backend.getIdentifiedDbms()].users
|
||||
rootQuery = queries[Backend.getIdentifiedDbms()].users
|
||||
|
||||
condition = ( backend.getIdentifiedDbms() == DBMS.MSSQL and backend.isVersionWithin(("2005", "2008")) )
|
||||
condition |= ( backend.getIdentifiedDbms() == DBMS.MYSQL and not kb.data.has_information_schema )
|
||||
condition = ( Backend.getIdentifiedDbms() == DBMS.MSSQL and Backend.isVersionWithin(("2005", "2008")) )
|
||||
condition |= ( Backend.getIdentifiedDbms() == DBMS.MYSQL and not kb.data.has_information_schema )
|
||||
|
||||
if isTechniqueAvailable(PAYLOAD.TECHNIQUE.UNION) or isTechniqueAvailable(PAYLOAD.TECHNIQUE.ERROR) or conf.direct:
|
||||
if condition:
|
||||
|
@ -175,14 +175,14 @@ class Enumeration:
|
|||
errMsg = "unable to retrieve the number of database users"
|
||||
raise sqlmapNoneDataException, errMsg
|
||||
|
||||
if backend.getIdentifiedDbms() == DBMS.ORACLE:
|
||||
if Backend.getIdentifiedDbms() == DBMS.ORACLE:
|
||||
plusOne = True
|
||||
else:
|
||||
plusOne = False
|
||||
indexRange = getRange(count, plusOne=plusOne)
|
||||
|
||||
for index in indexRange:
|
||||
if backend.getIdentifiedDbms() in (DBMS.SYBASE, DBMS.MAXDB):
|
||||
if Backend.getIdentifiedDbms() in (DBMS.SYBASE, DBMS.MAXDB):
|
||||
query = rootQuery.blind.query % (kb.data.cachedUsers[-1] if kb.data.cachedUsers else " ")
|
||||
elif condition:
|
||||
query = rootQuery.blind.query2 % index
|
||||
|
@ -202,7 +202,7 @@ class Enumeration:
|
|||
def getPasswordHashes(self):
|
||||
infoMsg = "fetching database users password hashes"
|
||||
|
||||
rootQuery = queries[backend.getIdentifiedDbms()].passwords
|
||||
rootQuery = queries[Backend.getIdentifiedDbms()].passwords
|
||||
|
||||
if conf.user == "CU":
|
||||
infoMsg += " for current user"
|
||||
|
@ -211,7 +211,7 @@ class Enumeration:
|
|||
logger.info(infoMsg)
|
||||
|
||||
if isTechniqueAvailable(PAYLOAD.TECHNIQUE.UNION) or isTechniqueAvailable(PAYLOAD.TECHNIQUE.ERROR) or conf.direct:
|
||||
if backend.getIdentifiedDbms() == DBMS.MSSQL and backend.isVersionWithin(("2005", "2008")):
|
||||
if Backend.getIdentifiedDbms() == DBMS.MSSQL and Backend.isVersionWithin(("2005", "2008")):
|
||||
query = rootQuery.inband.query2
|
||||
else:
|
||||
query = rootQuery.inband.query
|
||||
|
@ -224,7 +224,7 @@ class Enumeration:
|
|||
query += " WHERE "
|
||||
query += " OR ".join("%s = '%s'" % (condition, user) for user in users)
|
||||
else:
|
||||
if backend.getIdentifiedDbms() == DBMS.MYSQL:
|
||||
if Backend.getIdentifiedDbms() == DBMS.MYSQL:
|
||||
parsedUser = re.search("[\047]*(.*?)[\047]*\@", conf.user)
|
||||
|
||||
if parsedUser:
|
||||
|
@ -261,7 +261,7 @@ class Enumeration:
|
|||
retrievedUsers = set()
|
||||
|
||||
for user in users:
|
||||
if backend.getIdentifiedDbms() == DBMS.MYSQL:
|
||||
if Backend.getIdentifiedDbms() == DBMS.MYSQL:
|
||||
parsedUser = re.search("[\047]*(.*?)[\047]*\@", user)
|
||||
|
||||
if parsedUser:
|
||||
|
@ -274,7 +274,7 @@ class Enumeration:
|
|||
infoMsg += "for user '%s'" % user
|
||||
logger.info(infoMsg)
|
||||
|
||||
if backend.getIdentifiedDbms() == DBMS.MSSQL and backend.isVersionWithin(("2005", "2008")):
|
||||
if Backend.getIdentifiedDbms() == DBMS.MSSQL and Backend.isVersionWithin(("2005", "2008")):
|
||||
query = rootQuery.blind.count2 % user
|
||||
else:
|
||||
query = rootQuery.blind.count % user
|
||||
|
@ -291,14 +291,14 @@ class Enumeration:
|
|||
|
||||
passwords = []
|
||||
|
||||
if backend.getIdentifiedDbms() == DBMS.ORACLE:
|
||||
if Backend.getIdentifiedDbms() == DBMS.ORACLE:
|
||||
plusOne = True
|
||||
else:
|
||||
plusOne = False
|
||||
indexRange = getRange(count, plusOne=plusOne)
|
||||
|
||||
for index in indexRange:
|
||||
if backend.getIdentifiedDbms() == DBMS.SYBASE:
|
||||
if Backend.getIdentifiedDbms() == DBMS.SYBASE:
|
||||
if index > 0:
|
||||
warnMsg = "unable to retrieve other password "
|
||||
warnMsg += "hashes for user '%s'" % user
|
||||
|
@ -307,15 +307,15 @@ class Enumeration:
|
|||
else:
|
||||
query = rootQuery.blind.query % user
|
||||
getCurrentThreadData().disableStdOut = True
|
||||
elif backend.getIdentifiedDbms() == DBMS.MSSQL:
|
||||
if backend.isVersionWithin(("2005", "2008")):
|
||||
elif Backend.getIdentifiedDbms() == DBMS.MSSQL:
|
||||
if Backend.isVersionWithin(("2005", "2008")):
|
||||
query = rootQuery.blind.query2 % (user, index, user)
|
||||
else:
|
||||
query = rootQuery.blind.query % (user, index, user)
|
||||
else:
|
||||
query = rootQuery.blind.query % (user, index)
|
||||
password = inject.getValue(query, inband=False, error=False)
|
||||
if backend.getIdentifiedDbms() == DBMS.SYBASE:
|
||||
if Backend.getIdentifiedDbms() == DBMS.SYBASE:
|
||||
getCurrentThreadData().disableStdOut = False
|
||||
password = "0x%s" % strToHex(password)
|
||||
infoMsg = "retrieved: %s" % password
|
||||
|
@ -352,31 +352,31 @@ class Enumeration:
|
|||
def __isAdminFromPrivileges(self, privileges):
|
||||
# In PostgreSQL the usesuper privilege means that the
|
||||
# user is DBA
|
||||
dbaCondition = ( backend.getIdentifiedDbms() == DBMS.PGSQL and "super" in privileges )
|
||||
dbaCondition = ( Backend.getIdentifiedDbms() == DBMS.PGSQL and "super" in privileges )
|
||||
|
||||
# In Oracle the DBA privilege means that the
|
||||
# user is DBA
|
||||
dbaCondition |= ( backend.getIdentifiedDbms() == DBMS.ORACLE and "DBA" in privileges )
|
||||
dbaCondition |= ( Backend.getIdentifiedDbms() == DBMS.ORACLE and "DBA" in privileges )
|
||||
|
||||
# In MySQL >= 5.0 the SUPER privilege means
|
||||
# that the user is DBA
|
||||
dbaCondition |= ( backend.getIdentifiedDbms() == DBMS.MYSQL and kb.data.has_information_schema and "SUPER" in privileges )
|
||||
dbaCondition |= ( Backend.getIdentifiedDbms() == DBMS.MYSQL and kb.data.has_information_schema and "SUPER" in privileges )
|
||||
|
||||
# In MySQL < 5.0 the super_priv privilege means
|
||||
# that the user is DBA
|
||||
dbaCondition |= ( backend.getIdentifiedDbms() == DBMS.MYSQL and not kb.data.has_information_schema and "super_priv" in privileges )
|
||||
dbaCondition |= ( Backend.getIdentifiedDbms() == DBMS.MYSQL and not kb.data.has_information_schema and "super_priv" in privileges )
|
||||
|
||||
# In Firebird there is no specific privilege that means
|
||||
# that the user is DBA
|
||||
# TODO: confirm
|
||||
dbaCondition |= ( backend.getIdentifiedDbms() == DBMS.FIREBIRD and "SELECT" in privileges and "INSERT" in privileges and "UPDATE" in privileges and "DELETE" in privileges and "REFERENCES" in privileges and "EXECUTE" in privileges )
|
||||
dbaCondition |= ( Backend.getIdentifiedDbms() == DBMS.FIREBIRD and "SELECT" in privileges and "INSERT" in privileges and "UPDATE" in privileges and "DELETE" in privileges and "REFERENCES" in privileges and "EXECUTE" in privileges )
|
||||
|
||||
return dbaCondition
|
||||
|
||||
def getPrivileges(self, query2=False):
|
||||
infoMsg = "fetching database users privileges"
|
||||
|
||||
rootQuery = queries[backend.getIdentifiedDbms()].privileges
|
||||
rootQuery = queries[Backend.getIdentifiedDbms()].privileges
|
||||
|
||||
if conf.user == "CU":
|
||||
infoMsg += " for current user"
|
||||
|
@ -432,10 +432,10 @@ class Enumeration:
|
|||
}
|
||||
|
||||
if isTechniqueAvailable(PAYLOAD.TECHNIQUE.UNION) or isTechniqueAvailable(PAYLOAD.TECHNIQUE.ERROR) or conf.direct:
|
||||
if backend.getIdentifiedDbms() == DBMS.MYSQL and not kb.data.has_information_schema:
|
||||
if Backend.getIdentifiedDbms() == DBMS.MYSQL and not kb.data.has_information_schema:
|
||||
query = rootQuery.inband.query2
|
||||
condition = rootQuery.inband.condition2
|
||||
elif backend.getIdentifiedDbms() == DBMS.ORACLE and query2:
|
||||
elif Backend.getIdentifiedDbms() == DBMS.ORACLE and query2:
|
||||
query = rootQuery.inband.query2
|
||||
condition = rootQuery.inband.condition2
|
||||
else:
|
||||
|
@ -447,7 +447,7 @@ class Enumeration:
|
|||
query += " WHERE "
|
||||
# NOTE: I assume that the user provided is not in
|
||||
# MySQL >= 5.0 syntax 'user'@'host'
|
||||
if backend.getIdentifiedDbms() == DBMS.MYSQL and kb.data.has_information_schema:
|
||||
if Backend.getIdentifiedDbms() == DBMS.MYSQL and kb.data.has_information_schema:
|
||||
queryUser = "%" + conf.user + "%"
|
||||
query += " OR ".join("%s LIKE '%s'" % (condition, "%" + user + "%") for user in users)
|
||||
else:
|
||||
|
@ -455,7 +455,7 @@ class Enumeration:
|
|||
|
||||
values = inject.getValue(query, blind=False)
|
||||
|
||||
if not values and backend.getIdentifiedDbms() == DBMS.ORACLE and not query2:
|
||||
if not values and Backend.getIdentifiedDbms() == DBMS.ORACLE and not query2:
|
||||
infoMsg = "trying with table USER_SYS_PRIVS"
|
||||
logger.info(infoMsg)
|
||||
|
||||
|
@ -477,19 +477,19 @@ class Enumeration:
|
|||
|
||||
# In PostgreSQL we get 1 if the privilege is
|
||||
# True, 0 otherwise
|
||||
if backend.getIdentifiedDbms() == DBMS.PGSQL and getUnicode(privilege).isdigit():
|
||||
if Backend.getIdentifiedDbms() == DBMS.PGSQL and getUnicode(privilege).isdigit():
|
||||
for position, pgsqlPriv in pgsqlPrivs:
|
||||
if count == position and int(privilege) == 1:
|
||||
privileges.add(pgsqlPriv)
|
||||
|
||||
# In MySQL >= 5.0 and Oracle we get the list
|
||||
# of privileges as string
|
||||
elif backend.getIdentifiedDbms() == DBMS.ORACLE or ( backend.getIdentifiedDbms() == DBMS.MYSQL and kb.data.has_information_schema ):
|
||||
elif Backend.getIdentifiedDbms() == DBMS.ORACLE or ( Backend.getIdentifiedDbms() == DBMS.MYSQL and kb.data.has_information_schema ):
|
||||
privileges.add(privilege)
|
||||
|
||||
# In MySQL < 5.0 we get Y if the privilege is
|
||||
# True, N otherwise
|
||||
elif backend.getIdentifiedDbms() == DBMS.MYSQL and not kb.data.has_information_schema:
|
||||
elif Backend.getIdentifiedDbms() == DBMS.MYSQL and not kb.data.has_information_schema:
|
||||
for position, mysqlPriv in mysqlPrivs:
|
||||
if count == position and privilege.upper() == "Y":
|
||||
privileges.add(mysqlPriv)
|
||||
|
@ -506,7 +506,7 @@ class Enumeration:
|
|||
conditionChar = "="
|
||||
|
||||
if conf.user:
|
||||
if backend.getIdentifiedDbms() == DBMS.MYSQL and kb.data.has_information_schema:
|
||||
if Backend.getIdentifiedDbms() == DBMS.MYSQL and kb.data.has_information_schema:
|
||||
conditionChar = " LIKE "
|
||||
|
||||
if "," in conf.user:
|
||||
|
@ -533,7 +533,7 @@ class Enumeration:
|
|||
for user in users:
|
||||
unescapedUser = None
|
||||
|
||||
if backend.getIdentifiedDbms() == DBMS.MYSQL and kb.data.has_information_schema:
|
||||
if Backend.getIdentifiedDbms() == DBMS.MYSQL and kb.data.has_information_schema:
|
||||
unescapedUser = unescaper.unescape(user, quote=False)
|
||||
|
||||
if user in retrievedUsers:
|
||||
|
@ -548,18 +548,18 @@ class Enumeration:
|
|||
else:
|
||||
queryUser = user
|
||||
|
||||
if backend.getIdentifiedDbms() == DBMS.MYSQL and not kb.data.has_information_schema:
|
||||
if Backend.getIdentifiedDbms() == DBMS.MYSQL and not kb.data.has_information_schema:
|
||||
query = rootQuery.blind.count2 % queryUser
|
||||
elif backend.getIdentifiedDbms() == DBMS.MYSQL and kb.data.has_information_schema:
|
||||
elif Backend.getIdentifiedDbms() == DBMS.MYSQL and kb.data.has_information_schema:
|
||||
query = rootQuery.blind.count % (conditionChar, queryUser)
|
||||
elif backend.getIdentifiedDbms() == DBMS.ORACLE and query2:
|
||||
elif Backend.getIdentifiedDbms() == DBMS.ORACLE and query2:
|
||||
query = rootQuery.blind.count2 % queryUser
|
||||
else:
|
||||
query = rootQuery.blind.count % queryUser
|
||||
count = inject.getValue(query, inband=False, error=False, expected=EXPECTED.INT, charsetType=2)
|
||||
|
||||
if not isNumPosStrValue(count):
|
||||
if not (isinstance(count, basestring) and count.isdigit()) and backend.getIdentifiedDbms() == DBMS.ORACLE and not query2:
|
||||
if not (isinstance(count, basestring) and count.isdigit()) and Backend.getIdentifiedDbms() == DBMS.ORACLE and not query2:
|
||||
infoMsg = "trying with table USER_SYS_PRIVS"
|
||||
logger.info(infoMsg)
|
||||
|
||||
|
@ -575,20 +575,20 @@ class Enumeration:
|
|||
|
||||
privileges = set()
|
||||
|
||||
if backend.getIdentifiedDbms() == DBMS.ORACLE:
|
||||
if Backend.getIdentifiedDbms() == DBMS.ORACLE:
|
||||
plusOne = True
|
||||
else:
|
||||
plusOne = False
|
||||
indexRange = getRange(count, plusOne=plusOne)
|
||||
|
||||
for index in indexRange:
|
||||
if backend.getIdentifiedDbms() == DBMS.MYSQL and not kb.data.has_information_schema:
|
||||
if Backend.getIdentifiedDbms() == DBMS.MYSQL and not kb.data.has_information_schema:
|
||||
query = rootQuery.blind.query2 % (queryUser, index)
|
||||
elif backend.getIdentifiedDbms() == DBMS.MYSQL and kb.data.has_information_schema:
|
||||
elif Backend.getIdentifiedDbms() == DBMS.MYSQL and kb.data.has_information_schema:
|
||||
query = rootQuery.blind.query % (conditionChar, queryUser, index)
|
||||
elif backend.getIdentifiedDbms() == DBMS.ORACLE and query2:
|
||||
elif Backend.getIdentifiedDbms() == DBMS.ORACLE and query2:
|
||||
query = rootQuery.blind.query2 % (queryUser, index)
|
||||
elif backend.getIdentifiedDbms() == DBMS.FIREBIRD:
|
||||
elif Backend.getIdentifiedDbms() == DBMS.FIREBIRD:
|
||||
query = rootQuery.blind.query % (index, queryUser)
|
||||
else:
|
||||
query = rootQuery.blind.query % (queryUser, index)
|
||||
|
@ -596,7 +596,7 @@ class Enumeration:
|
|||
|
||||
# In PostgreSQL we get 1 if the privilege is True,
|
||||
# 0 otherwise
|
||||
if backend.getIdentifiedDbms() == DBMS.PGSQL and ", " in privilege:
|
||||
if Backend.getIdentifiedDbms() == DBMS.PGSQL and ", " in privilege:
|
||||
privilege = privilege.replace(", ", ",")
|
||||
privs = privilege.split(",")
|
||||
i = 1
|
||||
|
@ -611,12 +611,12 @@ class Enumeration:
|
|||
|
||||
# In MySQL >= 5.0 and Oracle we get the list
|
||||
# of privileges as string
|
||||
elif backend.getIdentifiedDbms() == DBMS.ORACLE or ( backend.getIdentifiedDbms() == DBMS.MYSQL and kb.data.has_information_schema ):
|
||||
elif Backend.getIdentifiedDbms() == DBMS.ORACLE or ( Backend.getIdentifiedDbms() == DBMS.MYSQL and kb.data.has_information_schema ):
|
||||
privileges.add(privilege)
|
||||
|
||||
# In MySQL < 5.0 we get Y if the privilege is
|
||||
# True, N otherwise
|
||||
elif backend.getIdentifiedDbms() == DBMS.MYSQL and not kb.data.has_information_schema:
|
||||
elif Backend.getIdentifiedDbms() == DBMS.MYSQL and not kb.data.has_information_schema:
|
||||
privilege = privilege.replace(", ", ",")
|
||||
privs = privilege.split(",")
|
||||
i = 1
|
||||
|
@ -630,7 +630,7 @@ class Enumeration:
|
|||
i += 1
|
||||
|
||||
# In Firebird we get one letter for each privilege
|
||||
elif backend.getIdentifiedDbms() == DBMS.FIREBIRD:
|
||||
elif Backend.getIdentifiedDbms() == DBMS.FIREBIRD:
|
||||
privileges.add(firebirdPrivs[privilege.strip()])
|
||||
|
||||
if self.__isAdminFromPrivileges(privileges):
|
||||
|
@ -639,7 +639,7 @@ class Enumeration:
|
|||
# In MySQL < 5.0 we break the cycle after the first
|
||||
# time we get the user's privileges otherwise we
|
||||
# duplicate the same query
|
||||
if backend.getIdentifiedDbms() == DBMS.MYSQL and not kb.data.has_information_schema:
|
||||
if Backend.getIdentifiedDbms() == DBMS.MYSQL and not kb.data.has_information_schema:
|
||||
break
|
||||
|
||||
if privileges:
|
||||
|
@ -659,14 +659,14 @@ class Enumeration:
|
|||
return ( kb.data.cachedUsersPrivileges, areAdmins )
|
||||
|
||||
def getRoles(self, query2=False):
|
||||
warnMsg = "on %s the concept of roles does not " % backend.getIdentifiedDbms()
|
||||
warnMsg = "on %s the concept of roles does not " % Backend.getIdentifiedDbms()
|
||||
warnMsg += "exist. sqlmap will enumerate privileges instead"
|
||||
logger.warn(warnMsg)
|
||||
|
||||
return self.getPrivileges(query2)
|
||||
|
||||
def getDbs(self):
|
||||
if backend.getIdentifiedDbms() == DBMS.MYSQL and not kb.data.has_information_schema:
|
||||
if Backend.getIdentifiedDbms() == DBMS.MYSQL and not kb.data.has_information_schema:
|
||||
warnMsg = "information_schema not available, "
|
||||
warnMsg += "back-end DBMS is MySQL < 5. database "
|
||||
warnMsg += "names will be fetched from 'mysql' database"
|
||||
|
@ -675,10 +675,10 @@ class Enumeration:
|
|||
infoMsg = "fetching database names"
|
||||
logger.info(infoMsg)
|
||||
|
||||
rootQuery = queries[backend.getIdentifiedDbms()].dbs
|
||||
rootQuery = queries[Backend.getIdentifiedDbms()].dbs
|
||||
|
||||
if isTechniqueAvailable(PAYLOAD.TECHNIQUE.UNION) or isTechniqueAvailable(PAYLOAD.TECHNIQUE.ERROR) or conf.direct:
|
||||
if backend.getIdentifiedDbms() == DBMS.MYSQL and not kb.data.has_information_schema:
|
||||
if Backend.getIdentifiedDbms() == DBMS.MYSQL and not kb.data.has_information_schema:
|
||||
query = rootQuery.inband.query2
|
||||
else:
|
||||
query = rootQuery.inband.query
|
||||
|
@ -691,7 +691,7 @@ class Enumeration:
|
|||
infoMsg = "fetching number of databases"
|
||||
logger.info(infoMsg)
|
||||
|
||||
if backend.getIdentifiedDbms() == DBMS.MYSQL and not kb.data.has_information_schema:
|
||||
if Backend.getIdentifiedDbms() == DBMS.MYSQL and not kb.data.has_information_schema:
|
||||
query = rootQuery.blind.count2
|
||||
else:
|
||||
query = rootQuery.blind.count
|
||||
|
@ -704,9 +704,9 @@ class Enumeration:
|
|||
indexRange = getRange(count)
|
||||
|
||||
for index in indexRange:
|
||||
if backend.getIdentifiedDbms() == DBMS.SYBASE:
|
||||
if Backend.getIdentifiedDbms() == DBMS.SYBASE:
|
||||
query = rootQuery.blind.query % (kb.data.cachedDbs[-1] if kb.data.cachedDbs else " ")
|
||||
elif backend.getIdentifiedDbms() == DBMS.MYSQL and not kb.data.has_information_schema:
|
||||
elif Backend.getIdentifiedDbms() == DBMS.MYSQL and not kb.data.has_information_schema:
|
||||
query = rootQuery.blind.query2 % index
|
||||
else:
|
||||
query = rootQuery.blind.query % index
|
||||
|
@ -726,13 +726,13 @@ class Enumeration:
|
|||
|
||||
self.forceDbmsEnum()
|
||||
|
||||
if backend.getIdentifiedDbms() == DBMS.MYSQL and not kb.data.has_information_schema:
|
||||
if Backend.getIdentifiedDbms() == DBMS.MYSQL and not kb.data.has_information_schema:
|
||||
errMsg = "information_schema not available, "
|
||||
errMsg += "back-end DBMS is MySQL < 5.0"
|
||||
logger.error(errMsg)
|
||||
bruteForce = True
|
||||
|
||||
elif backend.getIdentifiedDbms() == DBMS.ACCESS:
|
||||
elif Backend.getIdentifiedDbms() == DBMS.ACCESS:
|
||||
errMsg = "cannot retrieve table names, "
|
||||
errMsg += "back-end DBMS is Access"
|
||||
logger.error(errMsg)
|
||||
|
@ -771,7 +771,7 @@ class Enumeration:
|
|||
infoMsg += " for database '%s'" % conf.db
|
||||
logger.info(infoMsg)
|
||||
|
||||
rootQuery = queries[backend.getIdentifiedDbms()].tables
|
||||
rootQuery = queries[Backend.getIdentifiedDbms()].tables
|
||||
|
||||
if conf.db:
|
||||
if "," in conf.db:
|
||||
|
@ -789,7 +789,7 @@ class Enumeration:
|
|||
condition = rootQuery.inband.condition if 'condition' in rootQuery.inband else None
|
||||
|
||||
if condition:
|
||||
if conf.db and backend.getIdentifiedDbms() != DBMS.SQLITE:
|
||||
if conf.db and Backend.getIdentifiedDbms() != DBMS.SQLITE:
|
||||
if "," in conf.db:
|
||||
dbs = conf.db.split(",")
|
||||
query += " WHERE "
|
||||
|
@ -802,12 +802,12 @@ class Enumeration:
|
|||
infoMsg = "skipping system databases '%s'" % ", ".join(db for db in self.excludeDbsList)
|
||||
logger.info(infoMsg)
|
||||
|
||||
if backend.getIdentifiedDbms() in (DBMS.MSSQL, DBMS.SYBASE):
|
||||
if Backend.getIdentifiedDbms() in (DBMS.MSSQL, DBMS.SYBASE):
|
||||
query = safeStringFormat(query, conf.db)
|
||||
value = inject.getValue(query, blind=False)
|
||||
|
||||
if value:
|
||||
if backend.getIdentifiedDbms() == DBMS.SQLITE:
|
||||
if Backend.getIdentifiedDbms() == DBMS.SQLITE:
|
||||
if isinstance(value, basestring):
|
||||
value = [[ DBMS.SQLITE, value ]]
|
||||
elif isinstance(value, (list, tuple, set)):
|
||||
|
@ -836,7 +836,7 @@ class Enumeration:
|
|||
infoMsg += "database '%s'" % db
|
||||
logger.info(infoMsg)
|
||||
|
||||
if backend.getIdentifiedDbms() in (DBMS.SQLITE, DBMS.FIREBIRD, DBMS.MAXDB):
|
||||
if Backend.getIdentifiedDbms() in (DBMS.SQLITE, DBMS.FIREBIRD, DBMS.MAXDB):
|
||||
query = rootQuery.blind.count
|
||||
else:
|
||||
query = rootQuery.blind.count % db
|
||||
|
@ -850,18 +850,18 @@ class Enumeration:
|
|||
|
||||
tables = []
|
||||
|
||||
if backend.getIdentifiedDbms() in ( DBMS.MSSQL, DBMS.ORACLE ):
|
||||
if Backend.getIdentifiedDbms() in ( DBMS.MSSQL, DBMS.ORACLE ):
|
||||
plusOne = True
|
||||
else:
|
||||
plusOne = False
|
||||
indexRange = getRange(count, plusOne=plusOne)
|
||||
|
||||
for index in indexRange:
|
||||
if backend.getIdentifiedDbms() == DBMS.SYBASE:
|
||||
if Backend.getIdentifiedDbms() == DBMS.SYBASE:
|
||||
query = rootQuery.blind.query % (db, (kb.data.cachedTables[-1] if kb.data.cachedTables else " "))
|
||||
elif backend.getIdentifiedDbms() == DBMS.MAXDB:
|
||||
elif Backend.getIdentifiedDbms() == DBMS.MAXDB:
|
||||
query = rootQuery.blind.query % (kb.data.cachedTables[-1] if kb.data.cachedTables else " ")
|
||||
elif backend.getIdentifiedDbms() in (DBMS.SQLITE, DBMS.FIREBIRD):
|
||||
elif Backend.getIdentifiedDbms() in (DBMS.SQLITE, DBMS.FIREBIRD):
|
||||
query = rootQuery.blind.query % index
|
||||
else:
|
||||
query = rootQuery.blind.query % (db, index)
|
||||
|
@ -902,13 +902,13 @@ class Enumeration:
|
|||
|
||||
conf.db = self.getCurrentDb()
|
||||
|
||||
if backend.getIdentifiedDbms() == DBMS.MYSQL and not kb.data.has_information_schema:
|
||||
if Backend.getIdentifiedDbms() == DBMS.MYSQL and not kb.data.has_information_schema:
|
||||
errMsg = "information_schema not available, "
|
||||
errMsg += "back-end DBMS is MySQL < 5.0"
|
||||
logger.error(errMsg)
|
||||
bruteForce = True
|
||||
|
||||
elif backend.getIdentifiedDbms() == DBMS.ACCESS:
|
||||
elif Backend.getIdentifiedDbms() == DBMS.ACCESS:
|
||||
errMsg = "cannot retrieve column names, "
|
||||
errMsg += "back-end DBMS is Access"
|
||||
logger.error(errMsg)
|
||||
|
@ -959,13 +959,13 @@ class Enumeration:
|
|||
"37":"VARCHAR"
|
||||
}
|
||||
|
||||
rootQuery = queries[backend.getIdentifiedDbms()].columns
|
||||
rootQuery = queries[Backend.getIdentifiedDbms()].columns
|
||||
condition = rootQuery.blind.condition if 'condition' in rootQuery.blind else None
|
||||
|
||||
infoMsg = "fetching columns "
|
||||
|
||||
if conf.col:
|
||||
if backend.getIdentifiedDbms() == DBMS.ORACLE:
|
||||
if Backend.getIdentifiedDbms() == DBMS.ORACLE:
|
||||
conf.col = conf.col.upper()
|
||||
colList = conf.col.split(",")
|
||||
condQuery = " AND (" + " OR ".join("%s LIKE '%s'" % (condition, "%" + col + "%") for col in colList) + ")"
|
||||
|
@ -978,24 +978,24 @@ class Enumeration:
|
|||
logger.info(infoMsg)
|
||||
|
||||
if isTechniqueAvailable(PAYLOAD.TECHNIQUE.UNION) or isTechniqueAvailable(PAYLOAD.TECHNIQUE.ERROR) or conf.direct:
|
||||
if backend.getIdentifiedDbms() in ( DBMS.MYSQL, DBMS.PGSQL ):
|
||||
if Backend.getIdentifiedDbms() in ( DBMS.MYSQL, DBMS.PGSQL ):
|
||||
query = rootQuery.inband.query % (conf.tbl, conf.db)
|
||||
query += condQuery
|
||||
elif backend.getIdentifiedDbms() == DBMS.ORACLE:
|
||||
elif Backend.getIdentifiedDbms() == DBMS.ORACLE:
|
||||
query = rootQuery.inband.query % conf.tbl.upper()
|
||||
query += condQuery
|
||||
elif backend.getIdentifiedDbms() == DBMS.MSSQL:
|
||||
elif Backend.getIdentifiedDbms() == DBMS.MSSQL:
|
||||
query = rootQuery.inband.query % (conf.db, conf.db,
|
||||
conf.db, conf.db,
|
||||
conf.db, conf.db,
|
||||
conf.db, conf.tbl)
|
||||
query += condQuery.replace("[DB]", conf.db)
|
||||
elif backend.getIdentifiedDbms() == DBMS.SQLITE:
|
||||
elif Backend.getIdentifiedDbms() == DBMS.SQLITE:
|
||||
query = rootQuery.inband.query % conf.tbl
|
||||
|
||||
value = inject.getValue(query, blind=False)
|
||||
|
||||
if backend.getIdentifiedDbms() == DBMS.SQLITE:
|
||||
if Backend.getIdentifiedDbms() == DBMS.SQLITE:
|
||||
parseSqliteTableSchema(value)
|
||||
elif value:
|
||||
table = {}
|
||||
|
@ -1018,19 +1018,19 @@ class Enumeration:
|
|||
infoMsg += " on database '%s'" % conf.db
|
||||
logger.info(infoMsg)
|
||||
|
||||
if backend.getIdentifiedDbms() in ( DBMS.MYSQL, DBMS.PGSQL ):
|
||||
if Backend.getIdentifiedDbms() in ( DBMS.MYSQL, DBMS.PGSQL ):
|
||||
query = rootQuery.blind.count % (conf.tbl, conf.db)
|
||||
query += condQuery
|
||||
elif backend.getIdentifiedDbms() == DBMS.ORACLE:
|
||||
elif Backend.getIdentifiedDbms() == DBMS.ORACLE:
|
||||
query = rootQuery.blind.count % conf.tbl.upper()
|
||||
query += condQuery
|
||||
elif backend.getIdentifiedDbms() == DBMS.MSSQL:
|
||||
elif Backend.getIdentifiedDbms() == DBMS.MSSQL:
|
||||
query = rootQuery.blind.count % (conf.db, conf.db, conf.tbl)
|
||||
query += condQuery.replace("[DB]", conf.db)
|
||||
elif backend.getIdentifiedDbms() == DBMS.FIREBIRD:
|
||||
elif Backend.getIdentifiedDbms() == DBMS.FIREBIRD:
|
||||
query = rootQuery.blind.count % (conf.tbl)
|
||||
query += condQuery
|
||||
elif backend.getIdentifiedDbms() == DBMS.SQLITE:
|
||||
elif Backend.getIdentifiedDbms() == DBMS.SQLITE:
|
||||
query = rootQuery.blind.query % conf.tbl
|
||||
value = inject.getValue(query, inband=False, error=False)
|
||||
|
||||
|
@ -1052,22 +1052,22 @@ class Enumeration:
|
|||
indexRange = getRange(count)
|
||||
|
||||
for index in indexRange:
|
||||
if backend.getIdentifiedDbms() in ( DBMS.MYSQL, DBMS.PGSQL ):
|
||||
if Backend.getIdentifiedDbms() in ( DBMS.MYSQL, DBMS.PGSQL ):
|
||||
query = rootQuery.blind.query % (conf.tbl, conf.db)
|
||||
query += condQuery
|
||||
field = None
|
||||
elif backend.getIdentifiedDbms() == DBMS.ORACLE:
|
||||
elif Backend.getIdentifiedDbms() == DBMS.ORACLE:
|
||||
query = rootQuery.blind.query % (conf.tbl.upper())
|
||||
query += condQuery
|
||||
field = None
|
||||
elif backend.getIdentifiedDbms() == DBMS.MSSQL:
|
||||
elif Backend.getIdentifiedDbms() == DBMS.MSSQL:
|
||||
query = rootQuery.blind.query % (conf.db, conf.db,
|
||||
conf.db, conf.db,
|
||||
conf.db, conf.db,
|
||||
conf.tbl)
|
||||
query += condQuery.replace("[DB]", conf.db)
|
||||
field = condition.replace("[DB]", conf.db)
|
||||
elif backend.getIdentifiedDbms() == DBMS.FIREBIRD:
|
||||
elif Backend.getIdentifiedDbms() == DBMS.FIREBIRD:
|
||||
query = rootQuery.blind.query % (conf.tbl)
|
||||
query += condQuery
|
||||
field = None
|
||||
|
@ -1076,20 +1076,20 @@ class Enumeration:
|
|||
column = inject.getValue(query, inband=False, error=False)
|
||||
|
||||
if not onlyColNames:
|
||||
if backend.getIdentifiedDbms() in ( DBMS.MYSQL, DBMS.PGSQL ):
|
||||
if Backend.getIdentifiedDbms() in ( DBMS.MYSQL, DBMS.PGSQL ):
|
||||
query = rootQuery.blind.query2 % (conf.tbl, column, conf.db)
|
||||
elif backend.getIdentifiedDbms() == DBMS.ORACLE:
|
||||
elif Backend.getIdentifiedDbms() == DBMS.ORACLE:
|
||||
query = rootQuery.blind.query2 % (conf.tbl.upper(), column)
|
||||
elif backend.getIdentifiedDbms() == DBMS.MSSQL:
|
||||
elif Backend.getIdentifiedDbms() == DBMS.MSSQL:
|
||||
query = rootQuery.blind.query2 % (conf.db, conf.db, conf.db,
|
||||
conf.db, column, conf.db,
|
||||
conf.db, conf.db, conf.tbl)
|
||||
elif backend.getIdentifiedDbms() == DBMS.FIREBIRD:
|
||||
elif Backend.getIdentifiedDbms() == DBMS.FIREBIRD:
|
||||
query = rootQuery.blind.query2 % (conf.tbl, column)
|
||||
|
||||
colType = inject.getValue(query, inband=False, error=False)
|
||||
|
||||
if backend.getIdentifiedDbms() == DBMS.FIREBIRD:
|
||||
if Backend.getIdentifiedDbms() == DBMS.FIREBIRD:
|
||||
colType = firebirdTypes[colType] if colType in firebirdTypes else colType
|
||||
|
||||
columns[column] = colType
|
||||
|
@ -1135,9 +1135,9 @@ class Enumeration:
|
|||
|
||||
conf.db = self.getCurrentDb()
|
||||
|
||||
rootQuery = queries[backend.getIdentifiedDbms()].dump_table
|
||||
rootQuery = queries[Backend.getIdentifiedDbms()].dump_table
|
||||
|
||||
if backend.getIdentifiedDbms() == DBMS.MYSQL:
|
||||
if Backend.getIdentifiedDbms() == DBMS.MYSQL:
|
||||
if '-' in conf.tbl:
|
||||
conf.tbl = "`%s`" % conf.tbl
|
||||
if '-' in conf.db:
|
||||
|
@ -1180,9 +1180,9 @@ class Enumeration:
|
|||
entriesCount = 0
|
||||
|
||||
if isTechniqueAvailable(PAYLOAD.TECHNIQUE.UNION) or isTechniqueAvailable(PAYLOAD.TECHNIQUE.ERROR) or conf.direct:
|
||||
if backend.getIdentifiedDbms() == DBMS.ORACLE:
|
||||
if Backend.getIdentifiedDbms() == DBMS.ORACLE:
|
||||
query = rootQuery.inband.query % (colString, conf.tbl.upper())
|
||||
elif backend.getIdentifiedDbms() == DBMS.SQLITE:
|
||||
elif Backend.getIdentifiedDbms() == DBMS.SQLITE:
|
||||
query = rootQuery.inband.query % (colString, conf.tbl)
|
||||
else:
|
||||
query = rootQuery.inband.query % (colString, conf.db, conf.tbl)
|
||||
|
@ -1228,9 +1228,9 @@ class Enumeration:
|
|||
infoMsg += "on database '%s'" % conf.db
|
||||
logger.info(infoMsg)
|
||||
|
||||
if backend.getIdentifiedDbms() == DBMS.ORACLE:
|
||||
if Backend.getIdentifiedDbms() == DBMS.ORACLE:
|
||||
query = rootQuery.blind.count % conf.tbl.upper()
|
||||
elif backend.getIdentifiedDbms() in (DBMS.SQLITE, DBMS.ACCESS, DBMS.FIREBIRD):
|
||||
elif Backend.getIdentifiedDbms() in (DBMS.SQLITE, DBMS.ACCESS, DBMS.FIREBIRD):
|
||||
query = rootQuery.blind.count % conf.tbl
|
||||
else:
|
||||
query = rootQuery.blind.count % (conf.db, conf.tbl)
|
||||
|
@ -1250,14 +1250,14 @@ class Enumeration:
|
|||
lengths = {}
|
||||
entries = {}
|
||||
|
||||
if backend.getIdentifiedDbms() in (DBMS.ORACLE, DBMS.MSSQL, DBMS.SYBASE):
|
||||
if Backend.getIdentifiedDbms() in (DBMS.ORACLE, DBMS.MSSQL, DBMS.SYBASE):
|
||||
plusOne = True
|
||||
else:
|
||||
plusOne = False
|
||||
indexRange = getRange(count, dump=True, plusOne=plusOne)
|
||||
|
||||
try:
|
||||
if backend.getIdentifiedDbms() == DBMS.ACCESS:
|
||||
if Backend.getIdentifiedDbms() == DBMS.ACCESS:
|
||||
validColumnList = False
|
||||
validPivotValue = False
|
||||
|
||||
|
@ -1334,22 +1334,22 @@ class Enumeration:
|
|||
if column not in entries:
|
||||
entries[column] = []
|
||||
|
||||
if backend.getIdentifiedDbms() in ( DBMS.MYSQL, DBMS.PGSQL ):
|
||||
if Backend.getIdentifiedDbms() in ( DBMS.MYSQL, DBMS.PGSQL ):
|
||||
query = rootQuery.blind.query % (column, conf.db,
|
||||
conf.tbl, index)
|
||||
elif backend.getIdentifiedDbms() == DBMS.ORACLE:
|
||||
elif Backend.getIdentifiedDbms() == DBMS.ORACLE:
|
||||
query = rootQuery.blind.query % (column, column,
|
||||
conf.tbl.upper(),
|
||||
index)
|
||||
elif backend.getIdentifiedDbms() in (DBMS.MSSQL, DBMS.SYBASE):
|
||||
elif Backend.getIdentifiedDbms() in (DBMS.MSSQL, DBMS.SYBASE):
|
||||
query = rootQuery.blind.query % (column, index, conf.db,
|
||||
conf.tbl, colList[0],
|
||||
colList[0], colList[0])
|
||||
|
||||
elif backend.getIdentifiedDbms() == DBMS.SQLITE:
|
||||
elif Backend.getIdentifiedDbms() == DBMS.SQLITE:
|
||||
query = rootQuery.blind.query % (column, conf.tbl, index)
|
||||
|
||||
elif backend.getIdentifiedDbms() == DBMS.FIREBIRD:
|
||||
elif Backend.getIdentifiedDbms() == DBMS.FIREBIRD:
|
||||
query = rootQuery.blind.query % (index, column, conf.tbl)
|
||||
|
||||
value = inject.getValue(query, inband=False, error=False)
|
||||
|
@ -1393,7 +1393,7 @@ class Enumeration:
|
|||
return kb.data.dumpedTable
|
||||
|
||||
def dumpAll(self):
|
||||
if backend.getIdentifiedDbms() == DBMS.MYSQL and not kb.data.has_information_schema:
|
||||
if Backend.getIdentifiedDbms() == DBMS.MYSQL and not kb.data.has_information_schema:
|
||||
errMsg = "information_schema not available, "
|
||||
errMsg += "back-end DBMS is MySQL < 5.0"
|
||||
raise sqlmapUnsupportedFeatureException, errMsg
|
||||
|
@ -1494,10 +1494,10 @@ class Enumeration:
|
|||
|
||||
def searchDb(self):
|
||||
foundDbs = []
|
||||
rootQuery = queries[backend.getIdentifiedDbms()].search_db
|
||||
rootQuery = queries[Backend.getIdentifiedDbms()].search_db
|
||||
dbList = conf.db.split(",")
|
||||
|
||||
if backend.getIdentifiedDbms() == DBMS.MYSQL and not kb.data.has_information_schema:
|
||||
if Backend.getIdentifiedDbms() == DBMS.MYSQL and not kb.data.has_information_schema:
|
||||
dbCond = rootQuery.inband.condition2
|
||||
else:
|
||||
dbCond = rootQuery.inband.condition
|
||||
|
@ -1522,7 +1522,7 @@ class Enumeration:
|
|||
dbQuery = dbQuery % db
|
||||
|
||||
if isTechniqueAvailable(PAYLOAD.TECHNIQUE.UNION) or isTechniqueAvailable(PAYLOAD.TECHNIQUE.ERROR) or conf.direct:
|
||||
if backend.getIdentifiedDbms() == DBMS.MYSQL and not kb.data.has_information_schema:
|
||||
if Backend.getIdentifiedDbms() == DBMS.MYSQL and not kb.data.has_information_schema:
|
||||
query = rootQuery.inband.query2
|
||||
else:
|
||||
query = rootQuery.inband.query
|
||||
|
@ -1543,7 +1543,7 @@ class Enumeration:
|
|||
infoMsg += " '%s'" % db
|
||||
logger.info(infoMsg)
|
||||
|
||||
if backend.getIdentifiedDbms() == DBMS.MYSQL and not kb.data.has_information_schema:
|
||||
if Backend.getIdentifiedDbms() == DBMS.MYSQL and not kb.data.has_information_schema:
|
||||
query = rootQuery.blind.count2
|
||||
else:
|
||||
query = rootQuery.blind.count
|
||||
|
@ -1563,7 +1563,7 @@ class Enumeration:
|
|||
indexRange = getRange(count)
|
||||
|
||||
for index in indexRange:
|
||||
if backend.getIdentifiedDbms() == DBMS.MYSQL and not kb.data.has_information_schema:
|
||||
if Backend.getIdentifiedDbms() == DBMS.MYSQL and not kb.data.has_information_schema:
|
||||
query = rootQuery.blind.query2
|
||||
else:
|
||||
query = rootQuery.blind.query
|
||||
|
@ -1578,12 +1578,12 @@ class Enumeration:
|
|||
def searchTable(self):
|
||||
bruteForce = False
|
||||
|
||||
if backend.getIdentifiedDbms() == DBMS.MYSQL and not kb.data.has_information_schema:
|
||||
if Backend.getIdentifiedDbms() == DBMS.MYSQL and not kb.data.has_information_schema:
|
||||
errMsg = "information_schema not available, "
|
||||
errMsg += "back-end DBMS is MySQL < 5.0"
|
||||
bruteForce = True
|
||||
|
||||
elif backend.getIdentifiedDbms() == DBMS.ACCESS:
|
||||
elif Backend.getIdentifiedDbms() == DBMS.ACCESS:
|
||||
errMsg = "cannot retrieve table names, "
|
||||
errMsg += "back-end DBMS is Access"
|
||||
logger.error(errMsg)
|
||||
|
@ -1601,7 +1601,7 @@ class Enumeration:
|
|||
regex = "|".join(conf.tbl.split(","))
|
||||
return tableExists(paths.COMMON_TABLES, regex)
|
||||
|
||||
rootQuery = queries[backend.getIdentifiedDbms()].search_table
|
||||
rootQuery = queries[Backend.getIdentifiedDbms()].search_table
|
||||
foundTbls = {}
|
||||
tblList = conf.tbl.split(",")
|
||||
tblCond = rootQuery.inband.condition
|
||||
|
@ -1610,7 +1610,7 @@ class Enumeration:
|
|||
tblConsider, tblCondParam = self.likeOrExact("table")
|
||||
|
||||
for tbl in tblList:
|
||||
if backend.getIdentifiedDbms() == DBMS.ORACLE:
|
||||
if Backend.getIdentifiedDbms() == DBMS.ORACLE:
|
||||
tbl = tbl.upper()
|
||||
|
||||
infoMsg = "searching table"
|
||||
|
@ -1720,12 +1720,12 @@ class Enumeration:
|
|||
def searchColumn(self):
|
||||
bruteForce = False
|
||||
|
||||
if backend.getIdentifiedDbms() == DBMS.MYSQL and not kb.data.has_information_schema:
|
||||
if Backend.getIdentifiedDbms() == DBMS.MYSQL and not kb.data.has_information_schema:
|
||||
errMsg = "information_schema not available, "
|
||||
errMsg += "back-end DBMS is MySQL < 5.0"
|
||||
bruteForce = True
|
||||
|
||||
elif backend.getIdentifiedDbms() == DBMS.ACCESS:
|
||||
elif Backend.getIdentifiedDbms() == DBMS.ACCESS:
|
||||
errMsg = "cannot retrieve column names, "
|
||||
errMsg += "back-end DBMS is Access"
|
||||
logger.error(errMsg)
|
||||
|
@ -1751,7 +1751,7 @@ class Enumeration:
|
|||
|
||||
return
|
||||
|
||||
rootQuery = queries[backend.getIdentifiedDbms()].search_column
|
||||
rootQuery = queries[Backend.getIdentifiedDbms()].search_column
|
||||
foundCols = {}
|
||||
dbs = {}
|
||||
colList = conf.col.split(",")
|
||||
|
@ -1968,7 +1968,7 @@ class Enumeration:
|
|||
return output
|
||||
|
||||
def sqlShell(self):
|
||||
infoMsg = "calling %s shell. To quit type " % backend.getIdentifiedDbms()
|
||||
infoMsg = "calling %s shell. To quit type " % Backend.getIdentifiedDbms()
|
||||
infoMsg += "'x' or 'q' and press ENTER"
|
||||
logger.info(infoMsg)
|
||||
|
||||
|
|
|
@ -13,7 +13,7 @@ import os
|
|||
|
||||
from lib.core.agent import agent
|
||||
from lib.core.common import dataToOutFile
|
||||
from lib.core.common import backend
|
||||
from lib.core.common import Backend
|
||||
from lib.core.common import isTechniqueAvailable
|
||||
from lib.core.common import randomStr
|
||||
from lib.core.common import readInput
|
||||
|
@ -87,13 +87,13 @@ class Filesystem:
|
|||
return fileLines
|
||||
|
||||
def __checkWrittenFile(self, wFile, dFile, fileType):
|
||||
if backend.getIdentifiedDbms() == DBMS.MYSQL:
|
||||
if Backend.getIdentifiedDbms() == DBMS.MYSQL:
|
||||
lengthQuery = "SELECT LENGTH(LOAD_FILE('%s'))" % dFile
|
||||
|
||||
elif backend.getIdentifiedDbms() == DBMS.PGSQL:
|
||||
elif Backend.getIdentifiedDbms() == DBMS.PGSQL:
|
||||
lengthQuery = "SELECT LENGTH(data) FROM pg_largeobject WHERE loid=%d" % self.oid
|
||||
|
||||
elif backend.getIdentifiedDbms() == DBMS.MSSQL:
|
||||
elif Backend.getIdentifiedDbms() == DBMS.MSSQL:
|
||||
self.createSupportTbl(self.fileTblName, self.tblField, "text")
|
||||
|
||||
# Reference: http://msdn.microsoft.com/en-us/library/ms188365.aspx
|
||||
|
@ -271,7 +271,7 @@ class Filesystem:
|
|||
|
||||
fileContent = self.unionReadFile(rFile)
|
||||
|
||||
if fileContent in ( None, "" ) and backend.getIdentifiedDbms() != DBMS.PGSQL:
|
||||
if fileContent in ( None, "" ) and Backend.getIdentifiedDbms() != DBMS.PGSQL:
|
||||
self.cleanup(onlyFileTbl=True)
|
||||
|
||||
return
|
||||
|
@ -289,7 +289,7 @@ class Filesystem:
|
|||
fileContent = self.__unhexString(fileContent)
|
||||
rFilePath = dataToOutFile(fileContent)
|
||||
|
||||
if backend.getIdentifiedDbms() != DBMS.PGSQL:
|
||||
if Backend.getIdentifiedDbms() != DBMS.PGSQL:
|
||||
self.cleanup(onlyFileTbl=True)
|
||||
|
||||
return rFilePath
|
||||
|
|
|
@ -7,7 +7,7 @@ Copyright (c) 2006-2010 sqlmap developers (http://sqlmap.sourceforge.net/)
|
|||
See the file 'doc/COPYING' for copying permission
|
||||
"""
|
||||
|
||||
from lib.core.common import backend
|
||||
from lib.core.common import Backend
|
||||
from lib.core.common import readInput
|
||||
from lib.core.data import kb
|
||||
from lib.core.data import logger
|
||||
|
@ -19,7 +19,7 @@ class Fingerprint:
|
|||
"""
|
||||
|
||||
def __init__(self, dbms):
|
||||
backend.forceDbms(dbms)
|
||||
Backend.forceDbms(dbms)
|
||||
|
||||
def getFingerprint(self):
|
||||
errMsg = "'getFingerprint' method must be defined "
|
||||
|
|
|
@ -10,7 +10,7 @@ See the file 'doc/COPYING' for copying permission
|
|||
import re
|
||||
|
||||
from lib.core.common import getCompiledRegex
|
||||
from lib.core.common import backend
|
||||
from lib.core.common import Backend
|
||||
from lib.core.common import isTechniqueAvailable
|
||||
from lib.core.common import normalizePath
|
||||
from lib.core.common import ntToPosixSlashes
|
||||
|
@ -57,19 +57,19 @@ class Miscellaneous:
|
|||
infoMsg = "detecting back-end DBMS version from its banner"
|
||||
logger.info(infoMsg)
|
||||
|
||||
if backend.getIdentifiedDbms() == DBMS.MYSQL:
|
||||
if Backend.getIdentifiedDbms() == DBMS.MYSQL:
|
||||
first, last = 1, 6
|
||||
|
||||
elif backend.getIdentifiedDbms() == DBMS.PGSQL:
|
||||
elif Backend.getIdentifiedDbms() == DBMS.PGSQL:
|
||||
first, last = 12, 6
|
||||
|
||||
elif backend.getIdentifiedDbms() == DBMS.MSSQL:
|
||||
elif Backend.getIdentifiedDbms() == DBMS.MSSQL:
|
||||
first, last = 29, 9
|
||||
|
||||
else:
|
||||
raise sqlmapUnsupportedFeatureException, "unsupported DBMS"
|
||||
|
||||
query = queries[backend.getIdentifiedDbms()].substring.query % (queries[backend.getIdentifiedDbms()].banner.query, first, last)
|
||||
query = queries[Backend.getIdentifiedDbms()].substring.query % (queries[Backend.getIdentifiedDbms()].banner.query, first, last)
|
||||
|
||||
if conf.direct:
|
||||
query = "SELECT %s" % query
|
||||
|
@ -120,7 +120,7 @@ class Miscellaneous:
|
|||
if not onlyFileTbl:
|
||||
inject.goStacked("DROP TABLE %s" % self.cmdTblName, silent=True)
|
||||
|
||||
if backend.getIdentifiedDbms() == DBMS.MSSQL:
|
||||
if Backend.getIdentifiedDbms() == DBMS.MSSQL:
|
||||
return
|
||||
|
||||
if udfDict is None:
|
||||
|
@ -133,7 +133,7 @@ class Miscellaneous:
|
|||
if not output or output in ("y", "Y"):
|
||||
dropStr = "DROP FUNCTION %s" % udf
|
||||
|
||||
if backend.getIdentifiedDbms() == DBMS.PGSQL:
|
||||
if Backend.getIdentifiedDbms() == DBMS.PGSQL:
|
||||
inp = ", ".join(i for i in inpRet["input"])
|
||||
dropStr += "(%s)" % inp
|
||||
|
||||
|
|
|
@ -9,7 +9,7 @@ See the file 'doc/COPYING' for copying permission
|
|||
|
||||
import os
|
||||
|
||||
from lib.core.common import backend
|
||||
from lib.core.common import Backend
|
||||
from lib.core.common import isTechniqueAvailable
|
||||
from lib.core.common import readInput
|
||||
from lib.core.common import runningAsAdmin
|
||||
|
@ -45,7 +45,7 @@ class Takeover(Abstraction, Metasploit, ICMPsh, Registry, Miscellaneous):
|
|||
def osCmd(self):
|
||||
if isTechniqueAvailable(PAYLOAD.TECHNIQUE.STACKED) or conf.direct:
|
||||
web = False
|
||||
elif not isTechniqueAvailable(PAYLOAD.TECHNIQUE.STACKED) and backend.getIdentifiedDbms() == DBMS.MYSQL:
|
||||
elif not isTechniqueAvailable(PAYLOAD.TECHNIQUE.STACKED) and Backend.getIdentifiedDbms() == DBMS.MYSQL:
|
||||
infoMsg = "going to use a web backdoor for command execution"
|
||||
logger.info(infoMsg)
|
||||
|
||||
|
@ -66,7 +66,7 @@ class Takeover(Abstraction, Metasploit, ICMPsh, Registry, Miscellaneous):
|
|||
def osShell(self):
|
||||
if isTechniqueAvailable(PAYLOAD.TECHNIQUE.STACKED) or conf.direct:
|
||||
web = False
|
||||
elif not isTechniqueAvailable(PAYLOAD.TECHNIQUE.STACKED) and backend.getIdentifiedDbms() == DBMS.MYSQL:
|
||||
elif not isTechniqueAvailable(PAYLOAD.TECHNIQUE.STACKED) and Backend.getIdentifiedDbms() == DBMS.MYSQL:
|
||||
infoMsg = "going to use a web backdoor for command prompt"
|
||||
logger.info(infoMsg)
|
||||
|
||||
|
@ -149,7 +149,7 @@ class Takeover(Abstraction, Metasploit, ICMPsh, Registry, Miscellaneous):
|
|||
errMsg += "is unlikely to receive commands send from you"
|
||||
logger.error(errMsg)
|
||||
|
||||
if backend.getIdentifiedDbms() in ( DBMS.MYSQL, DBMS.PGSQL ):
|
||||
if Backend.getIdentifiedDbms() in ( DBMS.MYSQL, DBMS.PGSQL ):
|
||||
self.sysUdfs.pop("sys_bineval")
|
||||
|
||||
if isTechniqueAvailable(PAYLOAD.TECHNIQUE.STACKED) or conf.direct:
|
||||
|
@ -159,7 +159,7 @@ class Takeover(Abstraction, Metasploit, ICMPsh, Registry, Miscellaneous):
|
|||
self.initEnv(web=web)
|
||||
|
||||
if tunnel == 1:
|
||||
if backend.getIdentifiedDbms() in ( DBMS.MYSQL, DBMS.PGSQL ):
|
||||
if Backend.getIdentifiedDbms() in ( DBMS.MYSQL, DBMS.PGSQL ):
|
||||
msg = "how do you want to execute the Metasploit shellcode "
|
||||
msg += "on the back-end database underlying operating system?"
|
||||
msg += "\n[1] Via UDF 'sys_bineval' (in-memory way, anti-forensics, default)"
|
||||
|
@ -189,7 +189,7 @@ class Takeover(Abstraction, Metasploit, ICMPsh, Registry, Miscellaneous):
|
|||
self.uploadMsfPayloadStager()
|
||||
|
||||
if kb.os == "Windows" and conf.privEsc:
|
||||
if backend.getIdentifiedDbms() == DBMS.MYSQL:
|
||||
if Backend.getIdentifiedDbms() == DBMS.MYSQL:
|
||||
debugMsg = "by default MySQL on Windows runs as SYSTEM "
|
||||
debugMsg += "user, no need to privilege escalate"
|
||||
logger.debug(debugMsg)
|
||||
|
@ -207,7 +207,7 @@ class Takeover(Abstraction, Metasploit, ICMPsh, Registry, Miscellaneous):
|
|||
self.uploadIcmpshSlave(web=web)
|
||||
self.icmpPwn()
|
||||
|
||||
elif not isTechniqueAvailable(PAYLOAD.TECHNIQUE.STACKED) and backend.getIdentifiedDbms() == DBMS.MYSQL:
|
||||
elif not isTechniqueAvailable(PAYLOAD.TECHNIQUE.STACKED) and Backend.getIdentifiedDbms() == DBMS.MYSQL:
|
||||
web = True
|
||||
|
||||
infoMsg = "going to use a web backdoor to establish the tunnel"
|
||||
|
@ -256,13 +256,13 @@ class Takeover(Abstraction, Metasploit, ICMPsh, Registry, Miscellaneous):
|
|||
raise sqlmapUnsupportedDBMSException(errMsg)
|
||||
|
||||
if not isTechniqueAvailable(PAYLOAD.TECHNIQUE.STACKED) and not conf.direct:
|
||||
if backend.getIdentifiedDbms() in ( DBMS.PGSQL, DBMS.MSSQL ):
|
||||
if Backend.getIdentifiedDbms() in ( DBMS.PGSQL, DBMS.MSSQL ):
|
||||
errMsg = "on this back-end DBMS it is only possible to "
|
||||
errMsg += "perform the SMB relay attack if stacked "
|
||||
errMsg += "queries are supported"
|
||||
raise sqlmapUnsupportedDBMSException(errMsg)
|
||||
|
||||
elif backend.getIdentifiedDbms() == DBMS.MYSQL:
|
||||
elif Backend.getIdentifiedDbms() == DBMS.MYSQL:
|
||||
debugMsg = "since stacked queries are not supported, "
|
||||
debugMsg += "sqlmap is going to perform the SMB relay "
|
||||
debugMsg += "attack via inference blind SQL injection"
|
||||
|
@ -271,19 +271,19 @@ class Takeover(Abstraction, Metasploit, ICMPsh, Registry, Miscellaneous):
|
|||
printWarn = True
|
||||
warnMsg = "it is unlikely that this attack will be successful "
|
||||
|
||||
if backend.getIdentifiedDbms() == DBMS.MYSQL:
|
||||
if Backend.getIdentifiedDbms() == DBMS.MYSQL:
|
||||
warnMsg += "because by default MySQL on Windows runs as "
|
||||
warnMsg += "Local System which is not a real user, it does "
|
||||
warnMsg += "not send the NTLM session hash when connecting to "
|
||||
warnMsg += "a SMB service"
|
||||
|
||||
elif backend.getIdentifiedDbms() == DBMS.PGSQL:
|
||||
elif Backend.getIdentifiedDbms() == DBMS.PGSQL:
|
||||
warnMsg += "because by default PostgreSQL on Windows runs "
|
||||
warnMsg += "as postgres user which is a real user of the "
|
||||
warnMsg += "system, but not within the Administrators group"
|
||||
|
||||
elif backend.getIdentifiedDbms() == DBMS.MSSQL and backend.isVersionWithin(("2005", "2008")):
|
||||
warnMsg += "because often Microsoft SQL Server %s " % backend.getVersion()
|
||||
elif Backend.getIdentifiedDbms() == DBMS.MSSQL and Backend.isVersionWithin(("2005", "2008")):
|
||||
warnMsg += "because often Microsoft SQL Server %s " % Backend.getVersion()
|
||||
warnMsg += "runs as Network Service which is not a real user, "
|
||||
warnMsg += "it does not send the NTLM session hash when "
|
||||
warnMsg += "connecting to a SMB service"
|
||||
|
@ -300,14 +300,14 @@ class Takeover(Abstraction, Metasploit, ICMPsh, Registry, Miscellaneous):
|
|||
if not isTechniqueAvailable(PAYLOAD.TECHNIQUE.STACKED) and not conf.direct:
|
||||
return
|
||||
|
||||
if not backend.getIdentifiedDbms() == DBMS.MSSQL or not backend.isVersionWithin(("2000", "2005")):
|
||||
if not Backend.getIdentifiedDbms() == DBMS.MSSQL or not Backend.isVersionWithin(("2000", "2005")):
|
||||
errMsg = "the back-end DBMS must be Microsoft SQL Server "
|
||||
errMsg += "2000 or 2005 to be able to exploit the heap-based "
|
||||
errMsg += "buffer overflow in the 'sp_replwritetovarbin' "
|
||||
errMsg += "stored procedure (MS09-004)"
|
||||
raise sqlmapUnsupportedDBMSException(errMsg)
|
||||
|
||||
infoMsg = "going to exploit the Microsoft SQL Server %s " % backend.getVersion()
|
||||
infoMsg = "going to exploit the Microsoft SQL Server %s " % Backend.getVersion()
|
||||
infoMsg += "'sp_replwritetovarbin' stored procedure heap-based "
|
||||
infoMsg += "buffer overflow (MS09-004)"
|
||||
logger.info(infoMsg)
|
||||
|
|
Loading…
Reference in New Issue
Block a user