sqlmapproject/sqlmap
1
1
Fork 0
mirror of https://github.com/sqlmapproject/sqlmap.git synced 2025-02-16 19:40:37 +03:00
Code Issues Packages Projects Releases Wiki Activity

Minor bug fix in MSSQL version fingerprint

Browse Source
This commit is contained in:
Bernardo Damele 2009-08-11 09:16:20 +00:00
parent 14578a7a4d
commit 458d59416c
2 changed files with 10 additions and 3 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

3
doc/THANKS
View File

@ -113,6 +113,9 @@ Guido Landi <lists@keamera.org>
'sp_replwritetovarbin' stored procedure heap-based buffer overflow 'sp_replwritetovarbin' stored procedure heap-based buffer overflow
(MS09-004) exploit development, http://www.milw0rm.com/author/1413 (MS09-004) exploit development, http://www.milw0rm.com/author/1413
Lee Lawson <Lee.Lawson@dns.co.uk>
for reporting a minor bug
Nico Leidecker <nico@leidecker.info> Nico Leidecker <nico@leidecker.info>
for providing me with feedback on a few features for providing me with feedback on a few features
for reporting a couple of bugs for reporting a couple of bugs

10
plugins/dbms/mssqlserver.py
View File

@ -32,6 +32,7 @@ from lib.core.common import formatDBMSfp
from lib.core.common import formatFingerprint from lib.core.common import formatFingerprint
from lib.core.common import getHtmlErrorFp from lib.core.common import getHtmlErrorFp
from lib.core.common import getRange from lib.core.common import getRange
from lib.core.common import randomInt
from lib.core.common import randomStr from lib.core.common import randomStr
from lib.core.convert import urlencode from lib.core.convert import urlencode
from lib.core.data import conf from lib.core.data import conf
@ -192,10 +193,12 @@ class MSSQLServerMap(Fingerprint, Enumeration, Filesystem, Miscellaneous, Takeov
logger.info(infoMsg) logger.info(infoMsg)
for version in ( 0, 5, 8 ): for version in ( 0, 5, 8 ):
payload = agent.fullPayload(" AND ( ( SUBSTRING((@@VERSION), 22, 1)=2 AND SUBSTRING((@@VERSION), 25, 1)=%d ) OR ( SUBSTRING((@@VERSION), 23, 1)=2 AND SUBSTRING((@@VERSION), 26, 1)=%d ) )" % (version, version)) randInt = randomInt()
query = " AND %d=(SELECT (CASE WHEN (( SUBSTRING((@@VERSION), 22, 1)=2 AND SUBSTRING((@@VERSION), 25, 1)=%d ) OR ( SUBSTRING((@@VERSION), 23, 1)=2 AND SUBSTRING((@@VERSION), 26, 1)=%d )) THEN %d ELSE %d END))" % (randInt, version, version, randInt, (randInt + 1))
payload = agent.fullPayload(query)
result = Request.queryPage(payload) result = Request.queryPage(payload)
if result == True: if result is True:
if version == 8: if version == 8:
kb.dbmsVersion = [ "2008" ] kb.dbmsVersion = [ "2008" ]
@ -212,7 +215,8 @@ class MSSQLServerMap(Fingerprint, Enumeration, Filesystem, Miscellaneous, Takeov
break break
else: else:
payload = agent.fullPayload(" AND SUBSTRING((@@VERSION), 22, 1)=7") query = " AND %d=(SELECT (CASE WHEN (SUBSTRING((@@VERSION), 22, 1)=7) THEN %d ELSE %d END))" % (randInt, randInt, (randInt + 1))
payload = agent.fullPayload(query)
result = Request.queryPage(payload) result = Request.queryPage(payload)
if result == True: if result == True: