sqlmapproject/sqlmap
1
1
Fork 0
mirror of https://github.com/sqlmapproject/sqlmap.git synced 2025-01-24 00:04:23 +03:00
Code Issues Packages Projects Releases Wiki Activity

minor cosmetics

Browse Source
This commit is contained in:
Miroslav Stampar 2010-12-03 22:28:09 +00:00
parent 5d37df6104
commit 5764816891
16 changed files with 45 additions and 45 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

6
lib/core/agent.py
View File

@ -371,7 +371,7 @@ class Agent:
if kb.dbms == DBMS.MYSQL:
concatenatedQuery = "CONCAT(%s,%s)" % (query1, query2)
elif kb.dbms in ( DBMS.POSTGRESQL, DBMS.ORACLE, DBMS.SQLITE ):
elif kb.dbms in ( DBMS.PGSQL, DBMS.ORACLE, DBMS.SQLITE ):
concatenatedQuery = "%s||%s" % (query1, query2)
elif kb.dbms == DBMS.MSSQL:
@ -429,7 +429,7 @@ class Agent:
elif fieldsNoSelect:
concatenatedQuery = "CONCAT('%s',%s,'%s')" % (kb.misc.start, concatenatedQuery, kb.misc.stop)
elif kb.dbms in ( DBMS.POSTGRESQL, DBMS.ORACLE, DBMS.SQLITE ):
elif kb.dbms in ( DBMS.PGSQL, DBMS.ORACLE, DBMS.SQLITE ):
if fieldsSelectCase:
concatenatedQuery = concatenatedQuery.replace("SELECT ", "'%s'||" % kb.misc.start, 1)
concatenatedQuery += "||'%s'" % kb.misc.stop
@ -580,7 +580,7 @@ class Agent:
fromFrom = limitedQuery[fromIndex+1:]
orderBy = False
if kb.dbms in ( DBMS.MYSQL, DBMS.POSTGRESQL, DBMS.SQLITE ):
if kb.dbms in ( DBMS.MYSQL, DBMS.PGSQL, DBMS.SQLITE ):
limitStr = queries[kb.dbms].limit.query % (num, 1)
limitedQuery += " %s" % limitStr

8
lib/core/common.py
View File

@ -735,7 +735,7 @@ def parseTargetDirect():
dbmsDict = { DBMS.MSSQL: [MSSQL_ALIASES, "python-pymssql", "http://pymssql.sourceforge.net/"],
DBMS.MYSQL: [MYSQL_ALIASES, "python-mysqldb", "http://mysql-python.sourceforge.net/"],
DBMS.POSTGRESQL: [PGSQL_ALIASES, "python-psycopg2", "http://initd.org/psycopg/"],
DBMS.PGSQL: [PGSQL_ALIASES, "python-psycopg2", "http://initd.org/psycopg/"],
DBMS.ORACLE: [ORACLE_ALIASES, "python cx_Oracle", "http://cx-oracle.sourceforge.net/"],
DBMS.SQLITE: [SQLITE_ALIASES, "python-pysqlite2", "http://pysqlite.googlecode.com/"],
DBMS.ACCESS: [ACCESS_ALIASES, "python-pyodbc", "http://pyodbc.googlecode.com/"],
@ -768,7 +768,7 @@ def parseTargetDirect():
elif dbmsName == DBMS.MYSQL:
import MySQLdb
elif dbmsName == DBMS.POSTGRESQL:
elif dbmsName == DBMS.PGSQL:
import psycopg2
elif dbmsName == DBMS.ORACLE:
import cx_Oracle
@ -926,13 +926,13 @@ def parseUnionPage(output, expression, partial=False, condition=None, sort=True)
def getDelayQuery(andCond=False):
query = None
if kb.dbms in (DBMS.MYSQL, DBMS.POSTGRESQL):
if kb.dbms in (DBMS.MYSQL, DBMS.PGSQL):
if not kb.data.banner:
conf.dbmsHandler.getVersionFromBanner()
banVer = kb.bannerFp["dbmsVersion"] if 'dbmsVersion' in kb.bannerFp else None
if banVer is None or (kb.dbms == DBMS.MYSQL and banVer >= "5.0.12") or (kb.dbms == DBMS.POSTGRESQL and banVer >= "8.2"):
if banVer is None or (kb.dbms == DBMS.MYSQL and banVer >= "5.0.12") or (kb.dbms == DBMS.PGSQL and banVer >= "8.2"):
query = queries[kb.dbms].timedelay.query % conf.timeSec
else:
query = queries[kb.dbms].timedelay.query2 % conf.timeSec

2
lib/core/enums.py
View File

@ -23,7 +23,7 @@ class DBMS:
MSSQL = "Microsoft SQL Server"
MYSQL = "MySQL"
ORACLE = "Oracle"
POSTGRESQL = "PostgreSQL"
PGSQL = "PostgreSQL"
SQLITE = "SQLite"
SYBASE = "Sybase"

2
lib/parse/banner.py
View File

@ -100,7 +100,7 @@ def bannerParser(banner):
xmlfile = paths.MYSQL_XML
elif kb.dbms == DBMS.ORACLE:
xmlfile = paths.ORACLE_XML
elif kb.dbms == DBMS.POSTGRESQL:
elif kb.dbms == DBMS.PGSQL:
xmlfile = paths.PGSQL_XML
if not xmlfile:

4
lib/request/inject.py
View File

@ -149,7 +149,7 @@ def __goInferenceProxy(expression, fromUser=False, expected=None, batch=False, r
topLimit = re.search("TOP\s+([\d]+)\s+", expression, re.I)
if limitRegExp or ( kb.dbms == DBMS.MSSQL and topLimit ):
if kb.dbms in ( DBMS.MYSQL, DBMS.POSTGRESQL ):
if kb.dbms in ( DBMS.MYSQL, DBMS.PGSQL ):
limitGroupStart = queries[kb.dbms].limitgroupstart.query
limitGroupStop = queries[kb.dbms].limitgroupstop.query
@ -188,7 +188,7 @@ def __goInferenceProxy(expression, fromUser=False, expected=None, batch=False, r
# From now on we need only the expression until the " LIMIT "
# (or similar, depending on the back-end DBMS) word
if kb.dbms in ( DBMS.MYSQL, DBMS.POSTGRESQL ):
if kb.dbms in ( DBMS.MYSQL, DBMS.PGSQL ):
stopLimit += startLimit
untilLimitChar = expression.index(queries[kb.dbms].limitstring.query)
expression = expression[:untilLimitChar]

8
lib/takeover/abstraction.py
View File

@ -38,7 +38,7 @@ class Abstraction(Web, UDF, xp_cmdshell):
if self.webBackdoorUrl and not kb.stackedTest:
self.webBackdoorRunCmd(cmd)
elif kb.dbms in ( DBMS.MYSQL, DBMS.POSTGRESQL ):
elif kb.dbms in ( DBMS.MYSQL, DBMS.PGSQL ):
self.udfExecCmd(cmd, silent=silent)
elif kb.dbms == DBMS.MSSQL:
@ -52,7 +52,7 @@ class Abstraction(Web, UDF, xp_cmdshell):
if self.webBackdoorUrl and not kb.stackedTest:
return self.webBackdoorRunCmd(cmd)
elif kb.dbms in ( DBMS.MYSQL, DBMS.POSTGRESQL ):
elif kb.dbms in ( DBMS.MYSQL, DBMS.PGSQL ):
return self.udfEvalCmd(cmd, first, last)
elif kb.dbms == DBMS.MSSQL:
@ -90,7 +90,7 @@ class Abstraction(Web, UDF, xp_cmdshell):
logger.info(infoMsg)
else:
if kb.dbms in ( DBMS.MYSQL, DBMS.POSTGRESQL ):
if kb.dbms in ( DBMS.MYSQL, DBMS.PGSQL ):
infoMsg = "going to use injected sys_eval and sys_exec "
infoMsg += "user-defined functions for operating system "
infoMsg += "command execution"
@ -148,7 +148,7 @@ class Abstraction(Web, UDF, xp_cmdshell):
warnMsg += "the session user is not a database administrator"
logger.warn(warnMsg)
if kb.dbms in ( DBMS.MYSQL, DBMS.POSTGRESQL ):
if kb.dbms in ( DBMS.MYSQL, DBMS.PGSQL ):
self.udfInjectSys()
elif kb.dbms == DBMS.MSSQL:
if mandatory:

8
lib/takeover/metasploit.py
View File

@ -192,7 +192,7 @@ class Metasploit:
debugMsg += "injection will be successful"
logger.debug(debugMsg)
elif kb.dbms == DBMS.POSTGRESQL:
elif kb.dbms == DBMS.PGSQL:
choose = True
warnMsg = "by default PostgreSQL on Windows runs as "
@ -229,7 +229,7 @@ class Metasploit:
break
elif choice == "1":
if kb.dbms == DBMS.POSTGRESQL:
if kb.dbms == DBMS.PGSQL:
logger.warn("beware that the VNC injection might not work")
break
@ -554,7 +554,7 @@ class Metasploit:
# This is useful for sqlmap because on PostgreSQL it is not
# possible to write files bigger than 8192 bytes abusing the
# lo_export() feature implemented in sqlmap.
if kb.dbms == DBMS.POSTGRESQL:
if kb.dbms == DBMS.PGSQL:
self.__fileFormat = "exe-small"
else:
self.__fileFormat = "exe"
@ -656,7 +656,7 @@ class Metasploit:
self.__forgeMsfConsoleResource()
self.__forgeMsfConsoleCmd()
if kb.dbms in ( DBMS.MYSQL, DBMS.POSTGRESQL ):
if kb.dbms in ( DBMS.MYSQL, DBMS.PGSQL ):
self.uncPath = "\\\\\\\\%s\\\\%s" % (self.lhostStr, self.__randFile)
else:
self.uncPath = "\\\\%s\\%s" % (self.lhostStr, self.__randFile)

8
lib/takeover/udf.py
View File

@ -101,7 +101,7 @@ class UDF:
return output
def udfCheckNeeded(self):
if ( not conf.rFile or ( conf.rFile and kb.dbms != DBMS.POSTGRESQL ) ) and "sys_fileread" in self.sysUdfs:
if ( not conf.rFile or ( conf.rFile and kb.dbms != DBMS.PGSQL ) ) and "sys_fileread" in self.sysUdfs:
self.sysUdfs.pop("sys_fileread")
if not conf.osPwn:
@ -142,7 +142,7 @@ class UDF:
if kb.dbms == DBMS.MYSQL:
supportTblType = "longtext"
elif kb.dbms == DBMS.POSTGRESQL:
elif kb.dbms == DBMS.PGSQL:
supportTblType = "text"
self.udfCreateSupportTbl(supportTblType)
@ -153,7 +153,7 @@ class UDF:
self.udfInjectCore(self.sysUdfs)
def udfInjectCustom(self):
if kb.dbms not in ( DBMS.MYSQL, DBMS.POSTGRESQL ):
if kb.dbms not in ( DBMS.MYSQL, DBMS.PGSQL ):
errMsg = "UDF injection feature is not yet implemented on %s" % kb.dbms
raise sqlmapUnsupportedFeatureException(errMsg)
@ -235,7 +235,7 @@ class UDF:
if kb.dbms == DBMS.MYSQL:
defaultType = "string"
elif kb.dbms == DBMS.POSTGRESQL:
elif kb.dbms == DBMS.PGSQL:
defaultType = "text"
self.udfs[udfName]["input"] = []

4
lib/techniques/inband/union/use.py
View File

@ -69,7 +69,7 @@ def unionUse(expression, direct=False, unescape=True, resetCounter=False, nullCh
limitRegExp = re.search(queries[kb.dbms].limitregexp.query, expression, re.I)
if limitRegExp:
if kb.dbms in ( DBMS.MYSQL, DBMS.POSTGRESQL ):
if kb.dbms in ( DBMS.MYSQL, DBMS.PGSQL ):
limitGroupStart = queries[kb.dbms].limitgroupstart.query
limitGroupStop = queries[kb.dbms].limitgroupstop.query
@ -103,7 +103,7 @@ def unionUse(expression, direct=False, unescape=True, resetCounter=False, nullCh
# From now on we need only the expression until the " LIMIT "
# (or similar, depending on the back-end DBMS) word
if kb.dbms in ( DBMS.MYSQL, DBMS.POSTGRESQL ):
if kb.dbms in ( DBMS.MYSQL, DBMS.PGSQL ):
stopLimit += startLimit
untilLimitChar = expression.index(queries[kb.dbms].limitstring.query)
expression = expression[:untilLimitChar]

2
lib/utils/resume.py
View File

@ -59,7 +59,7 @@ def queryOutputLength(expression, payload):
if selectDistinctExpr:
lengthExpr = "SELECT %s FROM (%s)" % (lengthQuery % regExpr, expression)
if kb.dbms in ( DBMS.MYSQL, DBMS.POSTGRESQL ):
if kb.dbms in ( DBMS.MYSQL, DBMS.PGSQL ):
lengthExpr += " AS %s" % randomStr(lowercase=True)
elif select:
lengthExpr = expression.replace(regExpr, lengthQuery % regExpr, 1)

2
plugins/dbms/postgresql/enumeration.py
View File

@ -12,4 +12,4 @@ from plugins.generic.enumeration import Enumeration as GenericEnumeration
class Enumeration(GenericEnumeration):
def __init__(self):
GenericEnumeration.__init__(self, DBMS.POSTGRESQL)
GenericEnumeration.__init__(self, DBMS.PGSQL)

6
plugins/dbms/postgresql/fingerprint.py
View File

@ -47,7 +47,7 @@ class Fingerprint(GenericFingerprint):
value += "back-end DBMS: "
if not conf.extensiveFp:
value += DBMS.POSTGRESQL
value += DBMS.PGSQL
return value
actVer = formatDBMSfp()
@ -74,7 +74,7 @@ class Fingerprint(GenericFingerprint):
"""
if (kb.dbms is not None and kb.dbms.lower() in PGSQL_ALIASES) or conf.dbms in PGSQL_ALIASES:
setDbms(DBMS.POSTGRESQL)
setDbms(DBMS.PGSQL)
self.getBanner()
@ -102,7 +102,7 @@ class Fingerprint(GenericFingerprint):
return False
setDbms(DBMS.POSTGRESQL)
setDbms(DBMS.PGSQL)
self.getBanner()

16
plugins/generic/enumeration.py
View File

@ -342,7 +342,7 @@ class Enumeration:
def __isAdminFromPrivileges(self, privileges):
# In PostgreSQL the usesuper privilege means that the
# user is DBA
dbaCondition = ( kb.dbms == DBMS.POSTGRESQL and "super" in privileges )
dbaCondition = ( kb.dbms == DBMS.PGSQL and "super" in privileges )
# In Oracle the DBA privilege means that the
# user is DBA
@ -467,7 +467,7 @@ class Enumeration:
# In PostgreSQL we get 1 if the privilege is
# True, 0 otherwise
if kb.dbms == DBMS.POSTGRESQL and getUnicode(privilege).isdigit():
if kb.dbms == DBMS.PGSQL and getUnicode(privilege).isdigit():
for position, pgsqlPriv in pgsqlPrivs:
if count == position and int(privilege) == 1:
privileges.add(pgsqlPriv)
@ -586,7 +586,7 @@ class Enumeration:
# In PostgreSQL we get 1 if the privilege is True,
# 0 otherwise
if kb.dbms == DBMS.POSTGRESQL and ", " in privilege:
if kb.dbms == DBMS.PGSQL and ", " in privilege:
privilege = privilege.replace(", ", ",")
privs = privilege.split(",")
i = 1
@ -931,7 +931,7 @@ class Enumeration:
logger.info(infoMsg)
if kb.unionPosition is not None or conf.direct:
if kb.dbms in ( DBMS.MYSQL, DBMS.POSTGRESQL ):
if kb.dbms in ( DBMS.MYSQL, DBMS.PGSQL ):
query = rootQuery.inband.query % (conf.tbl, conf.db)
query += condQuery
elif kb.dbms == DBMS.ORACLE:
@ -968,7 +968,7 @@ class Enumeration:
infoMsg += " on database '%s'" % conf.db
logger.info(infoMsg)
if kb.dbms in ( DBMS.MYSQL, DBMS.POSTGRESQL ):
if kb.dbms in ( DBMS.MYSQL, DBMS.PGSQL ):
query = rootQuery.blind.count % (conf.tbl, conf.db)
query += condQuery
elif kb.dbms == DBMS.ORACLE:
@ -995,7 +995,7 @@ class Enumeration:
indexRange = getRange(count)
for index in indexRange:
if kb.dbms in ( DBMS.MYSQL, DBMS.POSTGRESQL ):
if kb.dbms in ( DBMS.MYSQL, DBMS.PGSQL ):
query = rootQuery.blind.query % (conf.tbl, conf.db)
query += condQuery
field = None
@ -1019,7 +1019,7 @@ class Enumeration:
column = inject.getValue(query, inband=False)
if not onlyColNames:
if kb.dbms in ( DBMS.MYSQL, DBMS.POSTGRESQL ):
if kb.dbms in ( DBMS.MYSQL, DBMS.PGSQL ):
query = rootQuery.blind.query2 % (conf.tbl, column, conf.db)
elif kb.dbms == DBMS.ORACLE:
query = rootQuery.blind.query2 % (conf.tbl.upper(), column)
@ -1194,7 +1194,7 @@ class Enumeration:
if column not in entries:
entries[column] = []
if kb.dbms in ( DBMS.MYSQL, DBMS.POSTGRESQL ):
if kb.dbms in ( DBMS.MYSQL, DBMS.PGSQL ):
query = rootQuery.blind.query % (column, conf.db,
conf.tbl, index)
elif kb.dbms == DBMS.ORACLE:

2
plugins/generic/filesystem.py
View File

@ -87,7 +87,7 @@ class Filesystem:
if kb.dbms == DBMS.MYSQL:
lengthQuery = "SELECT LENGTH(LOAD_FILE('%s'))" % dFile
elif kb.dbms == DBMS.POSTGRESQL:
elif kb.dbms == DBMS.PGSQL:
lengthQuery = "SELECT LENGTH(data) FROM pg_largeobject WHERE loid=%d" % self.oid
elif kb.dbms == DBMS.MSSQL:

4
plugins/generic/misc.py
View File

@ -57,7 +57,7 @@ class Miscellaneous:
if kb.dbms == DBMS.MYSQL:
first, last = 1, 6
elif kb.dbms == DBMS.POSTGRESQL:
elif kb.dbms == DBMS.PGSQL:
first, last = 12, 6
elif kb.dbms == DBMS.MSSQL:
@ -130,7 +130,7 @@ class Miscellaneous:
if not output or output in ("y", "Y"):
dropStr = "DROP FUNCTION %s" % udf
if kb.dbms == DBMS.POSTGRESQL:
if kb.dbms == DBMS.PGSQL:
inp = ", ".join(i for i in inpRet["input"])
dropStr += "(%s)" % inp

8
plugins/generic/takeover.py
View File

@ -146,7 +146,7 @@ class Takeover(Abstraction, Metasploit, ICMPsh, Registry, Miscellaneous):
errMsg += "is unlikely to receive commands send from you"
logger.error(errMsg)
if kb.dbms in ( DBMS.MYSQL, DBMS.POSTGRESQL ):
if kb.dbms in ( DBMS.MYSQL, DBMS.PGSQL ):
self.sysUdfs.pop("sys_bineval")
if kb.stackedTest or conf.direct:
@ -156,7 +156,7 @@ class Takeover(Abstraction, Metasploit, ICMPsh, Registry, Miscellaneous):
self.initEnv(web=web)
if tunnel == 1:
if kb.dbms in ( DBMS.MYSQL, DBMS.POSTGRESQL ):
if kb.dbms in ( DBMS.MYSQL, DBMS.PGSQL ):
msg = "how do you want to execute the Metasploit shellcode "
msg += "on the back-end database underlying operating system?"
msg += "\n[1] Via UDF 'sys_bineval' (in-memory way, anti-forensics, default)"
@ -253,7 +253,7 @@ class Takeover(Abstraction, Metasploit, ICMPsh, Registry, Miscellaneous):
raise sqlmapUnsupportedDBMSException(errMsg)
if not kb.stackedTest and not conf.direct:
if kb.dbms in ( DBMS.POSTGRESQL, DBMS.MSSQL ):
if kb.dbms in ( DBMS.PGSQL, DBMS.MSSQL ):
errMsg = "on this back-end DBMS it is only possible to "
errMsg += "perform the SMB relay attack if stacked "
errMsg += "queries are supported"
@ -274,7 +274,7 @@ class Takeover(Abstraction, Metasploit, ICMPsh, Registry, Miscellaneous):
warnMsg += "not send the NTLM session hash when connecting to "
warnMsg += "a SMB service"
elif kb.dbms == DBMS.POSTGRESQL:
elif kb.dbms == DBMS.PGSQL:
warnMsg += "because by default PostgreSQL on Windows runs "
warnMsg += "as postgres user which is a real user of the "
warnMsg += "system, but not within the Administrators group"