mirror of
https://github.com/sqlmapproject/sqlmap.git
synced 2024-11-29 04:53:48 +03:00
Adding support for Mckoi
This commit is contained in:
parent
20700fd6b9
commit
60b642e2bd
|
@ -196,4 +196,10 @@
|
||||||
<error regexp="org\.jkiss\.dbeaver\.ext\.vertica"/>
|
<error regexp="org\.jkiss\.dbeaver\.ext\.vertica"/>
|
||||||
<error regexp="com\.vertica\.dsi\.dataengine"/>
|
<error regexp="com\.vertica\.dsi\.dataengine"/>
|
||||||
</dbms>
|
</dbms>
|
||||||
|
|
||||||
|
<!-- Mckoi -->
|
||||||
|
<dbms value="Mckoi">
|
||||||
|
<error regexp="com\.mckoi\.JDBCDriver"/>
|
||||||
|
<error regexp="com\.mckoi\.database\.jdbc"/>
|
||||||
|
</dbms>
|
||||||
</root>
|
</root>
|
||||||
|
|
|
@ -1088,4 +1088,46 @@
|
||||||
<blind query="SELECT DISTINCT(table_schema) FROM v_catalog.columns WHERE %s ORDER BY 1" query2="SELECT DISTINCT(table_name) FROM v_catalog.columns WHERE table_schema='%s'" count="SELECT COUNT(DISTINCT(table_schema)) FROM v_catalog.columns WHERE %s" count2="SELECT COUNT(DISTINCT(table_name)) FROM v_catalog.columns WHERE table_schema='%s'" condition="column_name" condition2="table_schema" condition3="table_name"/>
|
<blind query="SELECT DISTINCT(table_schema) FROM v_catalog.columns WHERE %s ORDER BY 1" query2="SELECT DISTINCT(table_name) FROM v_catalog.columns WHERE table_schema='%s'" count="SELECT COUNT(DISTINCT(table_schema)) FROM v_catalog.columns WHERE %s" count2="SELECT COUNT(DISTINCT(table_name)) FROM v_catalog.columns WHERE table_schema='%s'" condition="column_name" condition2="table_schema" condition3="table_name"/>
|
||||||
</search_column>
|
</search_column>
|
||||||
</dbms>
|
</dbms>
|
||||||
|
|
||||||
|
<!-- Mckoi -->
|
||||||
|
<!-- NOTE: DBMS with minimalistic set of (restricted) features -->
|
||||||
|
<dbms value="Mckoi">
|
||||||
|
<cast query="CONCAT('',%s)"/>
|
||||||
|
<length query="LENGTH(%s)"/>
|
||||||
|
<isnull query="IF(%s IS NULL,' ', %s)"/>
|
||||||
|
<delimiter query="||"/>
|
||||||
|
<limit/>
|
||||||
|
<limitregexp/>
|
||||||
|
<limitgroupstart/>
|
||||||
|
<limitgroupstop/>
|
||||||
|
<limitstring/>
|
||||||
|
<order query="ORDER BY %s ASC"/>
|
||||||
|
<count query="COUNT(%s)"/>
|
||||||
|
<comment query=";"/>
|
||||||
|
<substring query="SUBSTRING((%s),%d,%d)"/>
|
||||||
|
<concatenate query="%s||%s"/>
|
||||||
|
<case query="SELECT (IF(%s,1,0))"/>
|
||||||
|
<!-- NOTE: other way around does not work -->
|
||||||
|
<inference query="'%c'<SUBSTRING((%s),%d,1)"/>
|
||||||
|
<banner/>
|
||||||
|
<current_user/>
|
||||||
|
<current_db/>
|
||||||
|
<hostname/>
|
||||||
|
<table_comment/>
|
||||||
|
<column_comment/>
|
||||||
|
<is_dba/>
|
||||||
|
<dbs/>
|
||||||
|
<tables/>
|
||||||
|
<dump_table>
|
||||||
|
<inband query="SELECT %s FROM %s"/>
|
||||||
|
<blind query="SELECT MIN(%s) FROM %s WHERE CONCAT('',%s)>'%s'" query2="SELECT MAX(%s) FROM %s WHERE CONCAT('',%s) LIKE '%s'" count="SELECT COUNT(*) FROM %s" count2="SELECT COUNT(DISTINCT(%s)) FROM %s"/>
|
||||||
|
</dump_table>
|
||||||
|
<users/>
|
||||||
|
<privileges/>
|
||||||
|
<roles/>
|
||||||
|
<statements/>
|
||||||
|
<search_db/>
|
||||||
|
<search_table/>
|
||||||
|
<search_column/>
|
||||||
|
</dbms>
|
||||||
</root>
|
</root>
|
||||||
|
|
|
@ -879,12 +879,12 @@ def heuristicCheckDbms(injection):
|
||||||
kb.injection = injection
|
kb.injection = injection
|
||||||
|
|
||||||
for dbms in getPublicTypeMembers(DBMS, True):
|
for dbms in getPublicTypeMembers(DBMS, True):
|
||||||
randStr1, randStr2 = randomStr(), randomStr()
|
|
||||||
Backend.forceDbms(dbms)
|
|
||||||
|
|
||||||
if conf.noEscape and dbms not in FROM_DUMMY_TABLE:
|
if conf.noEscape and dbms not in FROM_DUMMY_TABLE:
|
||||||
continue
|
continue
|
||||||
|
|
||||||
|
randStr1, randStr2 = randomStr(), randomStr()
|
||||||
|
Backend.forceDbms(dbms)
|
||||||
|
|
||||||
if checkBooleanExpression("(SELECT '%s'%s)=%s%s%s" % (randStr1, FROM_DUMMY_TABLE.get(dbms, ""), SINGLE_QUOTE_MARKER, randStr1, SINGLE_QUOTE_MARKER)):
|
if checkBooleanExpression("(SELECT '%s'%s)=%s%s%s" % (randStr1, FROM_DUMMY_TABLE.get(dbms, ""), SINGLE_QUOTE_MARKER, randStr1, SINGLE_QUOTE_MARKER)):
|
||||||
if not checkBooleanExpression("(SELECT '%s'%s)=%s%s%s" % (randStr1, FROM_DUMMY_TABLE.get(dbms, ""), SINGLE_QUOTE_MARKER, randStr2, SINGLE_QUOTE_MARKER)):
|
if not checkBooleanExpression("(SELECT '%s'%s)=%s%s%s" % (randStr1, FROM_DUMMY_TABLE.get(dbms, ""), SINGLE_QUOTE_MARKER, randStr2, SINGLE_QUOTE_MARKER)):
|
||||||
retVal = dbms
|
retVal = dbms
|
||||||
|
|
|
@ -11,6 +11,7 @@ from lib.core.data import kb
|
||||||
from lib.core.dicts import DBMS_DICT
|
from lib.core.dicts import DBMS_DICT
|
||||||
from lib.core.enums import DBMS
|
from lib.core.enums import DBMS
|
||||||
from lib.core.exception import SqlmapConnectionException
|
from lib.core.exception import SqlmapConnectionException
|
||||||
|
from lib.core.settings import MCKOI_ALIASES
|
||||||
from lib.core.settings import MSSQL_ALIASES
|
from lib.core.settings import MSSQL_ALIASES
|
||||||
from lib.core.settings import MYSQL_ALIASES
|
from lib.core.settings import MYSQL_ALIASES
|
||||||
from lib.core.settings import ORACLE_ALIASES
|
from lib.core.settings import ORACLE_ALIASES
|
||||||
|
@ -29,6 +30,8 @@ from lib.core.settings import DERBY_ALIASES
|
||||||
from lib.core.settings import VERTICA_ALIASES
|
from lib.core.settings import VERTICA_ALIASES
|
||||||
from lib.utils.sqlalchemy import SQLAlchemy
|
from lib.utils.sqlalchemy import SQLAlchemy
|
||||||
|
|
||||||
|
from plugins.dbms.mckoi import MckoiMap
|
||||||
|
from plugins.dbms.mckoi.connector import Connector as MckoiConn
|
||||||
from plugins.dbms.mssqlserver import MSSQLServerMap
|
from plugins.dbms.mssqlserver import MSSQLServerMap
|
||||||
from plugins.dbms.mssqlserver.connector import Connector as MSSQLServerConn
|
from plugins.dbms.mssqlserver.connector import Connector as MSSQLServerConn
|
||||||
from plugins.dbms.mysql import MySQLMap
|
from plugins.dbms.mysql import MySQLMap
|
||||||
|
@ -85,6 +88,7 @@ def setHandler():
|
||||||
(DBMS.MONETDB, MONETDB_ALIASES, MonetDBMap, MonetDBConn),
|
(DBMS.MONETDB, MONETDB_ALIASES, MonetDBMap, MonetDBConn),
|
||||||
(DBMS.DERBY, DERBY_ALIASES, DerbyMap, DerbyConn),
|
(DBMS.DERBY, DERBY_ALIASES, DerbyMap, DerbyConn),
|
||||||
(DBMS.VERTICA, VERTICA_ALIASES, VerticaMap, VerticaConn),
|
(DBMS.VERTICA, VERTICA_ALIASES, VerticaMap, VerticaConn),
|
||||||
|
(DBMS.MCKOI, MCKOI_ALIASES, MckoiMap, MckoiConn),
|
||||||
]
|
]
|
||||||
|
|
||||||
_ = max(_ if (conf.get("dbms") or Backend.getIdentifiedDbms() or kb.heuristicExtendedDbms or "").lower() in _[1] else () for _ in items)
|
_ = max(_ if (conf.get("dbms") or Backend.getIdentifiedDbms() or kb.heuristicExtendedDbms or "").lower() in _[1] else () for _ in items)
|
||||||
|
|
|
@ -47,6 +47,7 @@ from lib.core.settings import BOUNDED_INJECTION_MARKER
|
||||||
from lib.core.settings import DEFAULT_COOKIE_DELIMITER
|
from lib.core.settings import DEFAULT_COOKIE_DELIMITER
|
||||||
from lib.core.settings import DEFAULT_GET_POST_DELIMITER
|
from lib.core.settings import DEFAULT_GET_POST_DELIMITER
|
||||||
from lib.core.settings import GENERIC_SQL_COMMENT
|
from lib.core.settings import GENERIC_SQL_COMMENT
|
||||||
|
from lib.core.settings import GENERIC_SQL_COMMENT_MARKER
|
||||||
from lib.core.settings import INFERENCE_MARKER
|
from lib.core.settings import INFERENCE_MARKER
|
||||||
from lib.core.settings import NULL
|
from lib.core.settings import NULL
|
||||||
from lib.core.settings import PAYLOAD_DELIMITER
|
from lib.core.settings import PAYLOAD_DELIMITER
|
||||||
|
@ -297,8 +298,8 @@ class Agent(object):
|
||||||
where = getTechniqueData().where if where is None else where
|
where = getTechniqueData().where if where is None else where
|
||||||
comment = getTechniqueData().comment if comment is None else comment
|
comment = getTechniqueData().comment if comment is None else comment
|
||||||
|
|
||||||
if Backend.getIdentifiedDbms() == DBMS.ACCESS and any((comment or "").startswith(_) for _ in ("--", "[GENERIC_SQL_COMMENT]")):
|
if Backend.getIdentifiedDbms() in (DBMS.ACCESS, DBMS.MCKOI) and any((comment or "").startswith(_) for _ in ("--", GENERIC_SQL_COMMENT_MARKER)):
|
||||||
comment = queries[DBMS.ACCESS].comment.query
|
comment = queries[Backend.getIdentifiedDbms()].comment.query
|
||||||
|
|
||||||
if comment is not None:
|
if comment is not None:
|
||||||
expression += comment
|
expression += comment
|
||||||
|
@ -454,7 +455,7 @@ class Agent(object):
|
||||||
else:
|
else:
|
||||||
if not (Backend.isDbms(DBMS.SQLITE) and not isDBMSVersionAtLeast('3')):
|
if not (Backend.isDbms(DBMS.SQLITE) and not isDBMSVersionAtLeast('3')):
|
||||||
nulledCastedField = rootQuery.cast.query % field
|
nulledCastedField = rootQuery.cast.query % field
|
||||||
if Backend.getIdentifiedDbms() in (DBMS.ACCESS,):
|
if Backend.getIdentifiedDbms() in (DBMS.ACCESS, DBMS.MCKOI):
|
||||||
nulledCastedField = rootQuery.isnull.query % (nulledCastedField, nulledCastedField)
|
nulledCastedField = rootQuery.isnull.query % (nulledCastedField, nulledCastedField)
|
||||||
else:
|
else:
|
||||||
nulledCastedField = rootQuery.isnull.query % nulledCastedField
|
nulledCastedField = rootQuery.isnull.query % nulledCastedField
|
||||||
|
@ -656,7 +657,7 @@ class Agent(object):
|
||||||
elif fieldsNoSelect:
|
elif fieldsNoSelect:
|
||||||
concatenatedQuery = "CONCAT('%s',%s,'%s')" % (kb.chars.start, concatenatedQuery, kb.chars.stop)
|
concatenatedQuery = "CONCAT('%s',%s,'%s')" % (kb.chars.start, concatenatedQuery, kb.chars.stop)
|
||||||
|
|
||||||
elif Backend.getIdentifiedDbms() in (DBMS.PGSQL, DBMS.ORACLE, DBMS.SQLITE, DBMS.DB2, DBMS.FIREBIRD, DBMS.HSQLDB, DBMS.H2, DBMS.MONETDB, DBMS.DERBY, DBMS.VERTICA):
|
elif Backend.getIdentifiedDbms() in (DBMS.PGSQL, DBMS.ORACLE, DBMS.SQLITE, DBMS.DB2, DBMS.FIREBIRD, DBMS.HSQLDB, DBMS.H2, DBMS.MONETDB, DBMS.DERBY, DBMS.VERTICA, DBMS.MCKOI):
|
||||||
if fieldsExists:
|
if fieldsExists:
|
||||||
concatenatedQuery = concatenatedQuery.replace("SELECT ", "'%s'||" % kb.chars.start, 1)
|
concatenatedQuery = concatenatedQuery.replace("SELECT ", "'%s'||" % kb.chars.start, 1)
|
||||||
concatenatedQuery += "||'%s'" % kb.chars.stop
|
concatenatedQuery += "||'%s'" % kb.chars.stop
|
||||||
|
@ -1058,12 +1059,15 @@ class Agent(object):
|
||||||
def forgeQueryOutputLength(self, expression):
|
def forgeQueryOutputLength(self, expression):
|
||||||
lengthQuery = queries[Backend.getIdentifiedDbms()].length.query
|
lengthQuery = queries[Backend.getIdentifiedDbms()].length.query
|
||||||
select = re.search(r"\ASELECT\s+", expression, re.I)
|
select = re.search(r"\ASELECT\s+", expression, re.I)
|
||||||
|
selectFrom = re.search(r"\ASELECT\s+(.+)\s+FROM\s+(.+)", expression, re.I)
|
||||||
selectTopExpr = re.search(r"\ASELECT\s+TOP\s+[\d]+\s+(.+?)\s+FROM", expression, re.I)
|
selectTopExpr = re.search(r"\ASELECT\s+TOP\s+[\d]+\s+(.+?)\s+FROM", expression, re.I)
|
||||||
selectMinMaxExpr = re.search(r"\ASELECT\s+(MIN|MAX)\(.+?\)\s+FROM", expression, re.I)
|
selectMinMaxExpr = re.search(r"\ASELECT\s+(MIN|MAX)\(.+?\)\s+FROM", expression, re.I)
|
||||||
|
|
||||||
_, _, _, _, _, _, fieldsStr, _ = self.getFields(expression)
|
_, _, _, _, _, _, fieldsStr, _ = self.getFields(expression)
|
||||||
|
|
||||||
if selectTopExpr or selectMinMaxExpr:
|
if Backend.getIdentifiedDbms() in (DBMS.MCKOI,) and selectFrom:
|
||||||
|
lengthExpr = "SELECT %s FROM %s" % (lengthQuery % selectFrom.group(1), selectFrom.group(2))
|
||||||
|
elif selectTopExpr or selectMinMaxExpr:
|
||||||
lengthExpr = lengthQuery % ("(%s)" % expression)
|
lengthExpr = lengthQuery % ("(%s)" % expression)
|
||||||
elif select:
|
elif select:
|
||||||
lengthExpr = expression.replace(fieldsStr, lengthQuery % fieldsStr, 1)
|
lengthExpr = expression.replace(fieldsStr, lengthQuery % fieldsStr, 1)
|
||||||
|
|
|
@ -4069,7 +4069,7 @@ def safeSQLIdentificatorNaming(name, isTable=False):
|
||||||
|
|
||||||
if Backend.getIdentifiedDbms() in (DBMS.MYSQL, DBMS.ACCESS, DBMS.SQLITE): # Note: in SQLite double-quotes are treated as string if column/identifier is non-existent (e.g. SELECT "foobar" FROM users)
|
if Backend.getIdentifiedDbms() in (DBMS.MYSQL, DBMS.ACCESS, DBMS.SQLITE): # Note: in SQLite double-quotes are treated as string if column/identifier is non-existent (e.g. SELECT "foobar" FROM users)
|
||||||
retVal = "`%s`" % retVal
|
retVal = "`%s`" % retVal
|
||||||
elif Backend.getIdentifiedDbms() in (DBMS.PGSQL, DBMS.DB2, DBMS.HSQLDB, DBMS.H2, DBMS.INFORMIX, DBMS.MONETDB, DBMS.VERTICA):
|
elif Backend.getIdentifiedDbms() in (DBMS.PGSQL, DBMS.DB2, DBMS.HSQLDB, DBMS.H2, DBMS.INFORMIX, DBMS.MONETDB, DBMS.VERTICA, DBMS.MCKOI):
|
||||||
retVal = "\"%s\"" % retVal
|
retVal = "\"%s\"" % retVal
|
||||||
elif Backend.getIdentifiedDbms() in (DBMS.ORACLE,):
|
elif Backend.getIdentifiedDbms() in (DBMS.ORACLE,):
|
||||||
retVal = "\"%s\"" % retVal.upper()
|
retVal = "\"%s\"" % retVal.upper()
|
||||||
|
@ -4107,7 +4107,7 @@ def unsafeSQLIdentificatorNaming(name):
|
||||||
if isinstance(name, six.string_types):
|
if isinstance(name, six.string_types):
|
||||||
if Backend.getIdentifiedDbms() in (DBMS.MYSQL, DBMS.ACCESS, DBMS.SQLITE):
|
if Backend.getIdentifiedDbms() in (DBMS.MYSQL, DBMS.ACCESS, DBMS.SQLITE):
|
||||||
retVal = name.replace("`", "")
|
retVal = name.replace("`", "")
|
||||||
elif Backend.getIdentifiedDbms() in (DBMS.PGSQL, DBMS.DB2, DBMS.INFORMIX, DBMS.HSQLDB, DBMS.MONETDB, DBMS.VERTICA):
|
elif Backend.getIdentifiedDbms() in (DBMS.PGSQL, DBMS.DB2, DBMS.INFORMIX, DBMS.HSQLDB, DBMS.MONETDB, DBMS.VERTICA, DBMS.MCKOI):
|
||||||
retVal = name.replace("\"", "")
|
retVal = name.replace("\"", "")
|
||||||
elif Backend.getIdentifiedDbms() in (DBMS.ORACLE,):
|
elif Backend.getIdentifiedDbms() in (DBMS.ORACLE,):
|
||||||
retVal = name.replace("\"", "").upper()
|
retVal = name.replace("\"", "").upper()
|
||||||
|
|
|
@ -18,6 +18,7 @@ from lib.core.settings import H2_ALIASES
|
||||||
from lib.core.settings import HSQLDB_ALIASES
|
from lib.core.settings import HSQLDB_ALIASES
|
||||||
from lib.core.settings import INFORMIX_ALIASES
|
from lib.core.settings import INFORMIX_ALIASES
|
||||||
from lib.core.settings import MAXDB_ALIASES
|
from lib.core.settings import MAXDB_ALIASES
|
||||||
|
from lib.core.settings import MCKOI_ALIASES
|
||||||
from lib.core.settings import MONETDB_ALIASES
|
from lib.core.settings import MONETDB_ALIASES
|
||||||
from lib.core.settings import MSSQL_ALIASES
|
from lib.core.settings import MSSQL_ALIASES
|
||||||
from lib.core.settings import MYSQL_ALIASES
|
from lib.core.settings import MYSQL_ALIASES
|
||||||
|
@ -204,6 +205,7 @@ DBMS_DICT = {
|
||||||
DBMS.MONETDB: (MONETDB_ALIASES, "pymonetdb", "https://github.com/gijzelaerr/pymonetdb", "monetdb"),
|
DBMS.MONETDB: (MONETDB_ALIASES, "pymonetdb", "https://github.com/gijzelaerr/pymonetdb", "monetdb"),
|
||||||
DBMS.DERBY: (DERBY_ALIASES, "pydrda", "https://github.com/nakagami/pydrda/", None),
|
DBMS.DERBY: (DERBY_ALIASES, "pydrda", "https://github.com/nakagami/pydrda/", None),
|
||||||
DBMS.VERTICA: (VERTICA_ALIASES, "vertica-python", "https://github.com/vertica/vertica-python", "vertica+vertica_python"),
|
DBMS.VERTICA: (VERTICA_ALIASES, "vertica-python", "https://github.com/vertica/vertica-python", "vertica+vertica_python"),
|
||||||
|
DBMS.MCKOI: (MCKOI_ALIASES, None, None, None),
|
||||||
}
|
}
|
||||||
|
|
||||||
FROM_DUMMY_TABLE = {
|
FROM_DUMMY_TABLE = {
|
||||||
|
|
|
@ -48,6 +48,7 @@ class DBMS(object):
|
||||||
MONETDB = "MonetDB"
|
MONETDB = "MonetDB"
|
||||||
DERBY = "Apache Derby"
|
DERBY = "Apache Derby"
|
||||||
VERTICA = "Vertica"
|
VERTICA = "Vertica"
|
||||||
|
MCKOI = "Mckoi"
|
||||||
|
|
||||||
class DBMS_DIRECTORY_NAME(object):
|
class DBMS_DIRECTORY_NAME(object):
|
||||||
ACCESS = "access"
|
ACCESS = "access"
|
||||||
|
@ -66,6 +67,7 @@ class DBMS_DIRECTORY_NAME(object):
|
||||||
MONETDB = "monetdb"
|
MONETDB = "monetdb"
|
||||||
DERBY = "derby"
|
DERBY = "derby"
|
||||||
VERTICA = "vertica"
|
VERTICA = "vertica"
|
||||||
|
MCKOI = "mckoi"
|
||||||
|
|
||||||
class FORK(object):
|
class FORK(object):
|
||||||
MARIADB = "MariaDB"
|
MARIADB = "MariaDB"
|
||||||
|
|
|
@ -18,7 +18,7 @@ from lib.core.enums import OS
|
||||||
from thirdparty.six import unichr as _unichr
|
from thirdparty.six import unichr as _unichr
|
||||||
|
|
||||||
# sqlmap version (<major>.<minor>.<month>.<monthly commit>)
|
# sqlmap version (<major>.<minor>.<month>.<monthly commit>)
|
||||||
VERSION = "1.4.1.35"
|
VERSION = "1.4.1.36"
|
||||||
TYPE = "dev" if VERSION.count('.') > 2 and VERSION.split('.')[-1] != '0' else "stable"
|
TYPE = "dev" if VERSION.count('.') > 2 and VERSION.split('.')[-1] != '0' else "stable"
|
||||||
TYPE_COLORS = {"dev": 33, "stable": 90, "pip": 34}
|
TYPE_COLORS = {"dev": 33, "stable": 90, "pip": 34}
|
||||||
VERSION_STRING = "sqlmap/%s#%s" % ('.'.join(VERSION.split('.')[:-1]) if VERSION.count('.') > 2 and VERSION.split('.')[-1] == '0' else VERSION, TYPE)
|
VERSION_STRING = "sqlmap/%s#%s" % ('.'.join(VERSION.split('.')[:-1]) if VERSION.count('.') > 2 and VERSION.split('.')[-1] == '0' else VERSION, TYPE)
|
||||||
|
@ -75,6 +75,7 @@ RANDOM_STRING_MARKER = "[RANDSTR]"
|
||||||
SLEEP_TIME_MARKER = "[SLEEPTIME]"
|
SLEEP_TIME_MARKER = "[SLEEPTIME]"
|
||||||
INFERENCE_MARKER = "[INFERENCE]"
|
INFERENCE_MARKER = "[INFERENCE]"
|
||||||
SINGLE_QUOTE_MARKER = "[SINGLE_QUOTE]"
|
SINGLE_QUOTE_MARKER = "[SINGLE_QUOTE]"
|
||||||
|
GENERIC_SQL_COMMENT_MARKER = "[GENERIC_SQL_COMMENT]"
|
||||||
|
|
||||||
PAYLOAD_DELIMITER = "__PAYLOAD_DELIMITER__"
|
PAYLOAD_DELIMITER = "__PAYLOAD_DELIMITER__"
|
||||||
CHAR_INFERENCE_MARK = "%c"
|
CHAR_INFERENCE_MARK = "%c"
|
||||||
|
@ -261,6 +262,7 @@ INFORMIX_SYSTEM_DBS = ("sysmaster", "sysutils", "sysuser", "sysadmin")
|
||||||
MONETDB_SYSTEM_DBS = ("tmp", "json", "profiler")
|
MONETDB_SYSTEM_DBS = ("tmp", "json", "profiler")
|
||||||
DERBY_SYSTEM_DBS = ("NULLID", "SQLJ", "SYS", "SYSCAT", "SYSCS_DIAG", "SYSCS_UTIL", "SYSFUN", "SYSIBM", "SYSPROC", "SYSSTAT")
|
DERBY_SYSTEM_DBS = ("NULLID", "SQLJ", "SYS", "SYSCAT", "SYSCS_DIAG", "SYSCS_UTIL", "SYSFUN", "SYSIBM", "SYSPROC", "SYSSTAT")
|
||||||
VERTICA_SYSTEM_DBS = ("v_catalog", "v_internal", "v_monitor",)
|
VERTICA_SYSTEM_DBS = ("v_catalog", "v_internal", "v_monitor",)
|
||||||
|
MCKOI_SYSTEM_DBS = ("",)
|
||||||
|
|
||||||
MSSQL_ALIASES = ("microsoft sql server", "mssqlserver", "mssql", "ms")
|
MSSQL_ALIASES = ("microsoft sql server", "mssqlserver", "mssql", "ms")
|
||||||
MYSQL_ALIASES = ("mysql", "my") + ("mariadb", "maria", "memsql")
|
MYSQL_ALIASES = ("mysql", "my") + ("mariadb", "maria", "memsql")
|
||||||
|
@ -278,13 +280,16 @@ INFORMIX_ALIASES = ("informix", "ibm informix", "ibminformix")
|
||||||
MONETDB_ALIASES = ("monet", "monetdb",)
|
MONETDB_ALIASES = ("monet", "monetdb",)
|
||||||
DERBY_ALIASES = ("derby", "apache derby",)
|
DERBY_ALIASES = ("derby", "apache derby",)
|
||||||
VERTICA_ALIASES = ("vertica",)
|
VERTICA_ALIASES = ("vertica",)
|
||||||
|
MCKOI_ALIASES = ("mckoi",)
|
||||||
|
|
||||||
|
UPPER_CASE_IDENTIFIERS = {DBMS.ORACLE, DBMS.DB2, DBMS.FIREBIRD, DBMS.HSQLDB, DBMS.MAXDB, DBMS.H2, DBMS.DERBY}
|
||||||
|
|
||||||
DBMS_DIRECTORY_DICT = dict((getattr(DBMS, _), getattr(DBMS_DIRECTORY_NAME, _)) for _ in dir(DBMS) if not _.startswith("_"))
|
DBMS_DIRECTORY_DICT = dict((getattr(DBMS, _), getattr(DBMS_DIRECTORY_NAME, _)) for _ in dir(DBMS) if not _.startswith("_"))
|
||||||
|
|
||||||
SUPPORTED_DBMS = MSSQL_ALIASES + MYSQL_ALIASES + PGSQL_ALIASES + ORACLE_ALIASES + SQLITE_ALIASES + ACCESS_ALIASES + FIREBIRD_ALIASES + MAXDB_ALIASES + SYBASE_ALIASES + DB2_ALIASES + HSQLDB_ALIASES + H2_ALIASES + INFORMIX_ALIASES + MONETDB_ALIASES + DERBY_ALIASES + VERTICA_ALIASES
|
SUPPORTED_DBMS = MSSQL_ALIASES + MYSQL_ALIASES + PGSQL_ALIASES + ORACLE_ALIASES + SQLITE_ALIASES + ACCESS_ALIASES + FIREBIRD_ALIASES + MAXDB_ALIASES + SYBASE_ALIASES + DB2_ALIASES + HSQLDB_ALIASES + H2_ALIASES + INFORMIX_ALIASES + MONETDB_ALIASES + DERBY_ALIASES + VERTICA_ALIASES + MCKOI_ALIASES
|
||||||
SUPPORTED_OS = ("linux", "windows")
|
SUPPORTED_OS = ("linux", "windows")
|
||||||
|
|
||||||
DBMS_ALIASES = ((DBMS.MSSQL, MSSQL_ALIASES), (DBMS.MYSQL, MYSQL_ALIASES), (DBMS.PGSQL, PGSQL_ALIASES), (DBMS.ORACLE, ORACLE_ALIASES), (DBMS.SQLITE, SQLITE_ALIASES), (DBMS.ACCESS, ACCESS_ALIASES), (DBMS.FIREBIRD, FIREBIRD_ALIASES), (DBMS.MAXDB, MAXDB_ALIASES), (DBMS.SYBASE, SYBASE_ALIASES), (DBMS.DB2, DB2_ALIASES), (DBMS.HSQLDB, HSQLDB_ALIASES), (DBMS.H2, H2_ALIASES), (DBMS.INFORMIX, INFORMIX_ALIASES), (DBMS.MONETDB, MONETDB_ALIASES), (DBMS.DERBY, DERBY_ALIASES), (DBMS.VERTICA, VERTICA_ALIASES))
|
DBMS_ALIASES = ((DBMS.MSSQL, MSSQL_ALIASES), (DBMS.MYSQL, MYSQL_ALIASES), (DBMS.PGSQL, PGSQL_ALIASES), (DBMS.ORACLE, ORACLE_ALIASES), (DBMS.SQLITE, SQLITE_ALIASES), (DBMS.ACCESS, ACCESS_ALIASES), (DBMS.FIREBIRD, FIREBIRD_ALIASES), (DBMS.MAXDB, MAXDB_ALIASES), (DBMS.SYBASE, SYBASE_ALIASES), (DBMS.DB2, DB2_ALIASES), (DBMS.HSQLDB, HSQLDB_ALIASES), (DBMS.H2, H2_ALIASES), (DBMS.INFORMIX, INFORMIX_ALIASES), (DBMS.MONETDB, MONETDB_ALIASES), (DBMS.DERBY, DERBY_ALIASES), (DBMS.VERTICA, VERTICA_ALIASES), (DBMS.MCKOI, MCKOI_ALIASES))
|
||||||
|
|
||||||
USER_AGENT_ALIASES = ("ua", "useragent", "user-agent")
|
USER_AGENT_ALIASES = ("ua", "useragent", "user-agent")
|
||||||
REFERER_ALIASES = ("ref", "referer", "referrer")
|
REFERER_ALIASES = ("ref", "referer", "referrer")
|
||||||
|
@ -293,6 +298,7 @@ HOST_ALIASES = ("host",)
|
||||||
# Default schemas to use (when unable to enumerate)
|
# Default schemas to use (when unable to enumerate)
|
||||||
H2_DEFAULT_SCHEMA = HSQLDB_DEFAULT_SCHEMA = "PUBLIC"
|
H2_DEFAULT_SCHEMA = HSQLDB_DEFAULT_SCHEMA = "PUBLIC"
|
||||||
VERTICA_DEFAULT_SCHEMA = "public"
|
VERTICA_DEFAULT_SCHEMA = "public"
|
||||||
|
MCKOI_DEFAULT_SCHEMA = "APP"
|
||||||
|
|
||||||
# Names that can't be used to name files on Windows OS
|
# Names that can't be used to name files on Windows OS
|
||||||
WINDOWS_RESERVED_NAMES = ("CON", "PRN", "AUX", "NUL", "COM1", "COM2", "COM3", "COM4", "COM5", "COM6", "COM7", "COM8", "COM9", "LPT1", "LPT2", "LPT3", "LPT4", "LPT5", "LPT6", "LPT7", "LPT8", "LPT9")
|
WINDOWS_RESERVED_NAMES = ("CON", "PRN", "AUX", "NUL", "COM1", "COM2", "COM3", "COM4", "COM5", "COM6", "COM7", "COM8", "COM9", "LPT1", "LPT2", "LPT3", "LPT4", "LPT5", "LPT6", "LPT7", "LPT8", "LPT9")
|
||||||
|
|
|
@ -496,7 +496,7 @@ def getValue(expression, blind=True, union=True, error=True, time=True, fromUser
|
||||||
if not any((kb.testMode, conf.dummy, conf.offline)) and value is None and Backend.getDbms() and conf.dbmsHandler and not conf.noCast and not conf.hexConvert:
|
if not any((kb.testMode, conf.dummy, conf.offline)) and value is None and Backend.getDbms() and conf.dbmsHandler and not conf.noCast and not conf.hexConvert:
|
||||||
warnMsg = "in case of continuous data retrieval problems you are advised to try "
|
warnMsg = "in case of continuous data retrieval problems you are advised to try "
|
||||||
warnMsg += "a switch '--no-cast' "
|
warnMsg += "a switch '--no-cast' "
|
||||||
warnMsg += "or switch '--hex'" if Backend.getIdentifiedDbms() not in (DBMS.ACCESS, DBMS.FIREBIRD) else ""
|
warnMsg += "or switch '--hex'" if Backend.getIdentifiedDbms() not in (DBMS.ACCESS, DBMS.FIREBIRD, DBMS.MONETDB, DBMS.MCKOI) else ""
|
||||||
singleTimeWarnMessage(warnMsg)
|
singleTimeWarnMessage(warnMsg)
|
||||||
|
|
||||||
# Dirty patch (safe-encoded unicode characters)
|
# Dirty patch (safe-encoded unicode characters)
|
||||||
|
|
|
@ -108,6 +108,14 @@ def bisection(payload, expression, length=None, charsetType=None, firstChar=None
|
||||||
|
|
||||||
return 0, retVal
|
return 0, retVal
|
||||||
|
|
||||||
|
if Backend.isDbms(DBMS.MCKOI):
|
||||||
|
match = re.search(r"\ASELECT\b(.+)\bFROM\b(.+)\Z", expression, re.I)
|
||||||
|
if match:
|
||||||
|
original = queries[Backend.getIdentifiedDbms()].inference.query
|
||||||
|
right = original.split('<')[1]
|
||||||
|
payload = payload.replace(right, "(SELECT %s FROM %s)" % (right, match.group(2).strip()))
|
||||||
|
expression = match.group(1).strip()
|
||||||
|
|
||||||
try:
|
try:
|
||||||
# Set kb.partRun in case "common prediction" feature (a.k.a. "good samaritan") is used or the engine is called from the API
|
# Set kb.partRun in case "common prediction" feature (a.k.a. "good samaritan") is used or the engine is called from the API
|
||||||
if conf.predictOutput:
|
if conf.predictOutput:
|
||||||
|
|
|
@ -41,6 +41,7 @@ from lib.core.exception import SqlmapNoneDataException
|
||||||
from lib.core.settings import BRUTE_COLUMN_EXISTS_TEMPLATE
|
from lib.core.settings import BRUTE_COLUMN_EXISTS_TEMPLATE
|
||||||
from lib.core.settings import BRUTE_TABLE_EXISTS_TEMPLATE
|
from lib.core.settings import BRUTE_TABLE_EXISTS_TEMPLATE
|
||||||
from lib.core.settings import METADB_SUFFIX
|
from lib.core.settings import METADB_SUFFIX
|
||||||
|
from lib.core.settings import UPPER_CASE_IDENTIFIERS
|
||||||
from lib.core.threads import getCurrentThreadData
|
from lib.core.threads import getCurrentThreadData
|
||||||
from lib.core.threads import runThreads
|
from lib.core.threads import runThreads
|
||||||
from lib.request import inject
|
from lib.request import inject
|
||||||
|
@ -83,7 +84,7 @@ def tableExists(tableFile, regex=None):
|
||||||
|
|
||||||
pushValue(conf.db)
|
pushValue(conf.db)
|
||||||
|
|
||||||
if conf.db and Backend.getIdentifiedDbms() in (DBMS.ORACLE, DBMS.DB2):
|
if conf.db and Backend.getIdentifiedDbms() in UPPER_CASE_IDENTIFIERS:
|
||||||
conf.db = conf.db.upper()
|
conf.db = conf.db.upper()
|
||||||
|
|
||||||
message = "which common tables (wordlist) file do you want to use?\n"
|
message = "which common tables (wordlist) file do you want to use?\n"
|
||||||
|
@ -131,6 +132,10 @@ def tableExists(tableFile, regex=None):
|
||||||
else:
|
else:
|
||||||
fullTableName = table
|
fullTableName = table
|
||||||
|
|
||||||
|
if Backend.isDbms(DBMS.MCKOI):
|
||||||
|
_ = randomInt(1)
|
||||||
|
result = inject.checkBooleanExpression("%s" % safeStringFormat("%d=(SELECT %d FROM %s)", (_, _, fullTableName)))
|
||||||
|
else:
|
||||||
result = inject.checkBooleanExpression("%s" % safeStringFormat(BRUTE_TABLE_EXISTS_TEMPLATE, (randomInt(1), fullTableName)))
|
result = inject.checkBooleanExpression("%s" % safeStringFormat(BRUTE_TABLE_EXISTS_TEMPLATE, (randomInt(1), fullTableName)))
|
||||||
|
|
||||||
kb.locks.io.acquire()
|
kb.locks.io.acquire()
|
||||||
|
@ -197,7 +202,7 @@ def columnExists(columnFile, regex=None):
|
||||||
errMsg = "missing table parameter"
|
errMsg = "missing table parameter"
|
||||||
raise SqlmapMissingMandatoryOptionException(errMsg)
|
raise SqlmapMissingMandatoryOptionException(errMsg)
|
||||||
|
|
||||||
if conf.db and Backend.getIdentifiedDbms() in (DBMS.ORACLE, DBMS.DB2):
|
if conf.db and Backend.getIdentifiedDbms() in UPPER_CASE_IDENTIFIERS:
|
||||||
conf.db = conf.db.upper()
|
conf.db = conf.db.upper()
|
||||||
|
|
||||||
result = inject.checkBooleanExpression(safeStringFormat(BRUTE_COLUMN_EXISTS_TEMPLATE, (randomStr(), randomStr())))
|
result = inject.checkBooleanExpression(safeStringFormat(BRUTE_COLUMN_EXISTS_TEMPLATE, (randomStr(), randomStr())))
|
||||||
|
@ -250,6 +255,9 @@ def columnExists(columnFile, regex=None):
|
||||||
kb.locks.count.release()
|
kb.locks.count.release()
|
||||||
break
|
break
|
||||||
|
|
||||||
|
if Backend.isDbms(DBMS.MCKOI):
|
||||||
|
result = inject.checkBooleanExpression(safeStringFormat("0<(SELECT COUNT(%s) FROM %s)", (column, table)))
|
||||||
|
else:
|
||||||
result = inject.checkBooleanExpression(safeStringFormat(BRUTE_COLUMN_EXISTS_TEMPLATE, (column, table)))
|
result = inject.checkBooleanExpression(safeStringFormat(BRUTE_COLUMN_EXISTS_TEMPLATE, (column, table)))
|
||||||
|
|
||||||
kb.locks.io.acquire()
|
kb.locks.io.acquire()
|
||||||
|
@ -291,6 +299,8 @@ def columnExists(columnFile, regex=None):
|
||||||
result = not inject.checkBooleanExpression("%s" % safeStringFormat("EXISTS(SELECT %s FROM %s WHERE %s REGEXP '[^0-9]')", (column, table, column)))
|
result = not inject.checkBooleanExpression("%s" % safeStringFormat("EXISTS(SELECT %s FROM %s WHERE %s REGEXP '[^0-9]')", (column, table, column)))
|
||||||
elif Backend.getIdentifiedDbms() in (DBMS.SQLITE,):
|
elif Backend.getIdentifiedDbms() in (DBMS.SQLITE,):
|
||||||
result = inject.checkBooleanExpression("%s" % safeStringFormat("EXISTS(SELECT %s FROM %s WHERE %s NOT GLOB '*[^0-9]*')", (column, table, column)))
|
result = inject.checkBooleanExpression("%s" % safeStringFormat("EXISTS(SELECT %s FROM %s WHERE %s NOT GLOB '*[^0-9]*')", (column, table, column)))
|
||||||
|
elif Backend.getIdentifiedDbms() in (DBMS.MCKOI,):
|
||||||
|
result = inject.checkBooleanExpression("%s" % safeStringFormat("0=(SELECT MAX(%s)-MAX(%s) FROM %s)", (column, column, table)))
|
||||||
else:
|
else:
|
||||||
result = inject.checkBooleanExpression("%s" % safeStringFormat("EXISTS(SELECT %s FROM %s WHERE ROUND(%s)=ROUND(%s))", (column, table, column, column)))
|
result = inject.checkBooleanExpression("%s" % safeStringFormat("EXISTS(SELECT %s FROM %s WHERE ROUND(%s)=ROUND(%s))", (column, table, column, column)))
|
||||||
|
|
||||||
|
|
|
@ -5,11 +5,24 @@ Copyright (c) 2006-2020 sqlmap developers (http://sqlmap.org/)
|
||||||
See the file 'LICENSE' for copying permission
|
See the file 'LICENSE' for copying permission
|
||||||
"""
|
"""
|
||||||
|
|
||||||
|
from lib.core.exception import SqlmapUnsupportedFeatureException
|
||||||
from plugins.generic.takeover import Takeover as GenericTakeover
|
from plugins.generic.takeover import Takeover as GenericTakeover
|
||||||
|
|
||||||
class Takeover(GenericTakeover):
|
class Takeover(GenericTakeover):
|
||||||
def __init__(self):
|
def osCmd(self):
|
||||||
self.__basedir = None
|
errMsg = "on Apache Derby it is not possible to execute commands"
|
||||||
self.__datadir = None
|
raise SqlmapUnsupportedFeatureException(errMsg)
|
||||||
|
|
||||||
GenericTakeover.__init__(self)
|
def osShell(self):
|
||||||
|
errMsg = "on Apache Derby it is not possible to execute commands"
|
||||||
|
raise SqlmapUnsupportedFeatureException(errMsg)
|
||||||
|
|
||||||
|
def osPwn(self):
|
||||||
|
errMsg = "on Apache Derby it is not possible to establish an "
|
||||||
|
errMsg += "out-of-band connection"
|
||||||
|
raise SqlmapUnsupportedFeatureException(errMsg)
|
||||||
|
|
||||||
|
def osSmb(self):
|
||||||
|
errMsg = "on Apache Derby it is not possible to establish an "
|
||||||
|
errMsg += "out-of-band connection"
|
||||||
|
raise SqlmapUnsupportedFeatureException(errMsg)
|
||||||
|
|
29
plugins/dbms/mckoi/__init__.py
Normal file
29
plugins/dbms/mckoi/__init__.py
Normal file
|
@ -0,0 +1,29 @@
|
||||||
|
#!/usr/bin/env python
|
||||||
|
|
||||||
|
"""
|
||||||
|
Copyright (c) 2006-2020 sqlmap developers (http://sqlmap.org/)
|
||||||
|
See the file 'LICENSE' for copying permission
|
||||||
|
"""
|
||||||
|
|
||||||
|
from lib.core.enums import DBMS
|
||||||
|
from lib.core.settings import MCKOI_SYSTEM_DBS
|
||||||
|
from lib.core.unescaper import unescaper
|
||||||
|
from plugins.dbms.mckoi.enumeration import Enumeration
|
||||||
|
from plugins.dbms.mckoi.filesystem import Filesystem
|
||||||
|
from plugins.dbms.mckoi.fingerprint import Fingerprint
|
||||||
|
from plugins.dbms.mckoi.syntax import Syntax
|
||||||
|
from plugins.dbms.mckoi.takeover import Takeover
|
||||||
|
from plugins.generic.misc import Miscellaneous
|
||||||
|
|
||||||
|
class MckoiMap(Syntax, Fingerprint, Enumeration, Filesystem, Miscellaneous, Takeover):
|
||||||
|
"""
|
||||||
|
This class defines Mckoi methods
|
||||||
|
"""
|
||||||
|
|
||||||
|
def __init__(self):
|
||||||
|
self.excludeDbsList = MCKOI_SYSTEM_DBS
|
||||||
|
|
||||||
|
for cls in self.__class__.__bases__:
|
||||||
|
cls.__init__(self)
|
||||||
|
|
||||||
|
unescaper[DBMS.MCKOI] = Syntax.escape
|
15
plugins/dbms/mckoi/connector.py
Normal file
15
plugins/dbms/mckoi/connector.py
Normal file
|
@ -0,0 +1,15 @@
|
||||||
|
#!/usr/bin/env python
|
||||||
|
|
||||||
|
"""
|
||||||
|
Copyright (c) 2006-2020 sqlmap developers (http://sqlmap.org/)
|
||||||
|
See the file 'LICENSE' for copying permission
|
||||||
|
"""
|
||||||
|
|
||||||
|
from lib.core.exception import SqlmapUnsupportedFeatureException
|
||||||
|
from plugins.generic.connector import Connector as GenericConnector
|
||||||
|
|
||||||
|
class Connector(GenericConnector):
|
||||||
|
def connect(self):
|
||||||
|
errMsg = "on Mckoi it is not (currently) possible to establish a "
|
||||||
|
errMsg += "direct connection"
|
||||||
|
raise SqlmapUnsupportedFeatureException(errMsg)
|
84
plugins/dbms/mckoi/enumeration.py
Normal file
84
plugins/dbms/mckoi/enumeration.py
Normal file
|
@ -0,0 +1,84 @@
|
||||||
|
#!/usr/bin/env python
|
||||||
|
|
||||||
|
"""
|
||||||
|
Copyright (c) 2006-2020 sqlmap developers (http://sqlmap.org/)
|
||||||
|
See the file 'LICENSE' for copying permission
|
||||||
|
"""
|
||||||
|
|
||||||
|
from lib.core.data import logger
|
||||||
|
from plugins.generic.enumeration import Enumeration as GenericEnumeration
|
||||||
|
|
||||||
|
class Enumeration(GenericEnumeration):
|
||||||
|
def getBanner(self):
|
||||||
|
warnMsg = "on Mckoi it is not possible to get a banner"
|
||||||
|
logger.warn(warnMsg)
|
||||||
|
|
||||||
|
return None
|
||||||
|
|
||||||
|
def getCurrentUser(self):
|
||||||
|
warnMsg = "on Mckoi it is not possible to enumerate the current user"
|
||||||
|
logger.warn(warnMsg)
|
||||||
|
|
||||||
|
def getCurrentDb(self):
|
||||||
|
warnMsg = "on Mckoi it is not possible to get name of the current database"
|
||||||
|
logger.warn(warnMsg)
|
||||||
|
|
||||||
|
def isDba(self, user=None):
|
||||||
|
warnMsg = "on Mckoi it is not possible to test if current user is DBA"
|
||||||
|
logger.warn(warnMsg)
|
||||||
|
|
||||||
|
def getUsers(self):
|
||||||
|
warnMsg = "on Mckoi it is not possible to enumerate the users"
|
||||||
|
logger.warn(warnMsg)
|
||||||
|
|
||||||
|
return []
|
||||||
|
|
||||||
|
def getPasswordHashes(self):
|
||||||
|
warnMsg = "on Mckoi it is not possible to enumerate the user password hashes"
|
||||||
|
logger.warn(warnMsg)
|
||||||
|
|
||||||
|
return {}
|
||||||
|
|
||||||
|
def getPrivileges(self, *args, **kwargs):
|
||||||
|
warnMsg = "on Mckoi it is not possible to enumerate the user privileges"
|
||||||
|
logger.warn(warnMsg)
|
||||||
|
|
||||||
|
return {}
|
||||||
|
|
||||||
|
def getDbs(self):
|
||||||
|
warnMsg = "on Mckoi it is not possible to enumerate databases (use only '--tables')"
|
||||||
|
logger.warn(warnMsg)
|
||||||
|
|
||||||
|
return []
|
||||||
|
|
||||||
|
def searchDb(self):
|
||||||
|
warnMsg = "on Mckoi it is not possible to search databases"
|
||||||
|
logger.warn(warnMsg)
|
||||||
|
|
||||||
|
return []
|
||||||
|
|
||||||
|
def searchTable(self):
|
||||||
|
warnMsg = "on Mckoi it is not possible to search tables"
|
||||||
|
logger.warn(warnMsg)
|
||||||
|
|
||||||
|
return []
|
||||||
|
|
||||||
|
def searchColumn(self):
|
||||||
|
warnMsg = "on Mckoi it is not possible to search columns"
|
||||||
|
logger.warn(warnMsg)
|
||||||
|
|
||||||
|
return []
|
||||||
|
|
||||||
|
def search(self):
|
||||||
|
warnMsg = "on Mckoi search option is not available"
|
||||||
|
logger.warn(warnMsg)
|
||||||
|
|
||||||
|
def getHostname(self):
|
||||||
|
warnMsg = "on Mckoi it is not possible to enumerate the hostname"
|
||||||
|
logger.warn(warnMsg)
|
||||||
|
|
||||||
|
def getStatements(self):
|
||||||
|
warnMsg = "on Mckoi it is not possible to enumerate the SQL statements"
|
||||||
|
logger.warn(warnMsg)
|
||||||
|
|
||||||
|
return []
|
18
plugins/dbms/mckoi/filesystem.py
Normal file
18
plugins/dbms/mckoi/filesystem.py
Normal file
|
@ -0,0 +1,18 @@
|
||||||
|
#!/usr/bin/env python
|
||||||
|
|
||||||
|
"""
|
||||||
|
Copyright (c) 2006-2020 sqlmap developers (http://sqlmap.org/)
|
||||||
|
See the file 'LICENSE' for copying permission
|
||||||
|
"""
|
||||||
|
|
||||||
|
from lib.core.exception import SqlmapUnsupportedFeatureException
|
||||||
|
from plugins.generic.filesystem import Filesystem as GenericFilesystem
|
||||||
|
|
||||||
|
class Filesystem(GenericFilesystem):
|
||||||
|
def readFile(self, remoteFile):
|
||||||
|
errMsg = "on Mckoi it is not possible to read files"
|
||||||
|
raise SqlmapUnsupportedFeatureException(errMsg)
|
||||||
|
|
||||||
|
def writeFile(self, localFile, remoteFile, fileType=None, forceCheck=False):
|
||||||
|
errMsg = "on Mckoi it is not possible to write files"
|
||||||
|
raise SqlmapUnsupportedFeatureException(errMsg)
|
93
plugins/dbms/mckoi/fingerprint.py
Normal file
93
plugins/dbms/mckoi/fingerprint.py
Normal file
|
@ -0,0 +1,93 @@
|
||||||
|
#!/usr/bin/env python
|
||||||
|
|
||||||
|
"""
|
||||||
|
Copyright (c) 2006-2020 sqlmap developers (http://sqlmap.org/)
|
||||||
|
See the file 'LICENSE' for copying permission
|
||||||
|
"""
|
||||||
|
|
||||||
|
from lib.core.common import Backend
|
||||||
|
from lib.core.common import Format
|
||||||
|
from lib.core.data import conf
|
||||||
|
from lib.core.data import kb
|
||||||
|
from lib.core.data import logger
|
||||||
|
from lib.core.enums import DBMS
|
||||||
|
from lib.core.session import setDbms
|
||||||
|
from lib.core.settings import MCKOI_ALIASES
|
||||||
|
from lib.core.settings import MCKOI_DEFAULT_SCHEMA
|
||||||
|
from lib.request import inject
|
||||||
|
from plugins.generic.fingerprint import Fingerprint as GenericFingerprint
|
||||||
|
|
||||||
|
class Fingerprint(GenericFingerprint):
|
||||||
|
def __init__(self):
|
||||||
|
GenericFingerprint.__init__(self, DBMS.MCKOI)
|
||||||
|
|
||||||
|
def getFingerprint(self):
|
||||||
|
value = ""
|
||||||
|
wsOsFp = Format.getOs("web server", kb.headersFp)
|
||||||
|
|
||||||
|
if wsOsFp:
|
||||||
|
value += "%s\n" % wsOsFp
|
||||||
|
|
||||||
|
if kb.data.banner:
|
||||||
|
dbmsOsFp = Format.getOs("back-end DBMS", kb.bannerFp)
|
||||||
|
|
||||||
|
if dbmsOsFp:
|
||||||
|
value += "%s\n" % dbmsOsFp
|
||||||
|
|
||||||
|
value += "back-end DBMS: "
|
||||||
|
|
||||||
|
if not conf.extensiveFp:
|
||||||
|
value += DBMS.MCKOI
|
||||||
|
return value
|
||||||
|
|
||||||
|
actVer = Format.getDbms()
|
||||||
|
blank = " " * 15
|
||||||
|
value += "active fingerprint: %s" % actVer
|
||||||
|
|
||||||
|
if kb.bannerFp:
|
||||||
|
banVer = kb.bannerFp.get("dbmsVersion")
|
||||||
|
|
||||||
|
if banVer:
|
||||||
|
banVer = Format.getDbms([banVer])
|
||||||
|
value += "\n%sbanner parsing fingerprint: %s" % (blank, banVer)
|
||||||
|
|
||||||
|
htmlErrorFp = Format.getErrorParsedDBMSes()
|
||||||
|
|
||||||
|
if htmlErrorFp:
|
||||||
|
value += "\n%shtml error message fingerprint: %s" % (blank, htmlErrorFp)
|
||||||
|
|
||||||
|
return value
|
||||||
|
|
||||||
|
def checkDbms(self):
|
||||||
|
if not conf.extensiveFp and Backend.isDbmsWithin(MCKOI_ALIASES):
|
||||||
|
setDbms(DBMS.MCKOI)
|
||||||
|
return True
|
||||||
|
|
||||||
|
infoMsg = "testing %s" % DBMS.MCKOI
|
||||||
|
logger.info(infoMsg)
|
||||||
|
|
||||||
|
result = inject.checkBooleanExpression("DATEOB()>=DATEOB(NULL)")
|
||||||
|
|
||||||
|
if result:
|
||||||
|
infoMsg = "confirming %s" % DBMS.MCKOI
|
||||||
|
logger.info(infoMsg)
|
||||||
|
|
||||||
|
result = inject.checkBooleanExpression("ABS(1/0)>ABS(0/1)")
|
||||||
|
|
||||||
|
if not result:
|
||||||
|
warnMsg = "the back-end DBMS is not %s" % DBMS.MCKOI
|
||||||
|
logger.warn(warnMsg)
|
||||||
|
|
||||||
|
return False
|
||||||
|
|
||||||
|
setDbms(DBMS.MCKOI)
|
||||||
|
|
||||||
|
return True
|
||||||
|
else:
|
||||||
|
warnMsg = "the back-end DBMS is not %s" % DBMS.MCKOI
|
||||||
|
logger.warn(warnMsg)
|
||||||
|
|
||||||
|
return False
|
||||||
|
|
||||||
|
def forceDbmsEnum(self):
|
||||||
|
conf.db = MCKOI_DEFAULT_SCHEMA
|
18
plugins/dbms/mckoi/syntax.py
Normal file
18
plugins/dbms/mckoi/syntax.py
Normal file
|
@ -0,0 +1,18 @@
|
||||||
|
#!/usr/bin/env python
|
||||||
|
|
||||||
|
"""
|
||||||
|
Copyright (c) 2006-2020 sqlmap developers (http://sqlmap.org/)
|
||||||
|
See the file 'LICENSE' for copying permission
|
||||||
|
"""
|
||||||
|
|
||||||
|
from plugins.generic.syntax import Syntax as GenericSyntax
|
||||||
|
|
||||||
|
class Syntax(GenericSyntax):
|
||||||
|
@staticmethod
|
||||||
|
def escape(expression, quote=True):
|
||||||
|
"""
|
||||||
|
>>> Syntax.escape("SELECT 'abcdefgh' FROM foobar") == u"SELECT 'abcdefgh' FROM foobar"
|
||||||
|
True
|
||||||
|
"""
|
||||||
|
|
||||||
|
return expression
|
28
plugins/dbms/mckoi/takeover.py
Normal file
28
plugins/dbms/mckoi/takeover.py
Normal file
|
@ -0,0 +1,28 @@
|
||||||
|
#!/usr/bin/env python
|
||||||
|
|
||||||
|
"""
|
||||||
|
Copyright (c) 2006-2020 sqlmap developers (http://sqlmap.org/)
|
||||||
|
See the file 'LICENSE' for copying permission
|
||||||
|
"""
|
||||||
|
|
||||||
|
from lib.core.exception import SqlmapUnsupportedFeatureException
|
||||||
|
from plugins.generic.takeover import Takeover as GenericTakeover
|
||||||
|
|
||||||
|
class Takeover(GenericTakeover):
|
||||||
|
def osCmd(self):
|
||||||
|
errMsg = "on Mckoi it is not possible to execute commands"
|
||||||
|
raise SqlmapUnsupportedFeatureException(errMsg)
|
||||||
|
|
||||||
|
def osShell(self):
|
||||||
|
errMsg = "on Mckoi it is not possible to execute commands"
|
||||||
|
raise SqlmapUnsupportedFeatureException(errMsg)
|
||||||
|
|
||||||
|
def osPwn(self):
|
||||||
|
errMsg = "on Mckoi it is not possible to establish an "
|
||||||
|
errMsg += "out-of-band connection"
|
||||||
|
raise SqlmapUnsupportedFeatureException(errMsg)
|
||||||
|
|
||||||
|
def osSmb(self):
|
||||||
|
errMsg = "on Mckoi it is not possible to establish an "
|
||||||
|
errMsg += "out-of-band connection"
|
||||||
|
raise SqlmapUnsupportedFeatureException(errMsg)
|
|
@ -5,11 +5,24 @@ Copyright (c) 2006-2020 sqlmap developers (http://sqlmap.org/)
|
||||||
See the file 'LICENSE' for copying permission
|
See the file 'LICENSE' for copying permission
|
||||||
"""
|
"""
|
||||||
|
|
||||||
|
from lib.core.exception import SqlmapUnsupportedFeatureException
|
||||||
from plugins.generic.takeover import Takeover as GenericTakeover
|
from plugins.generic.takeover import Takeover as GenericTakeover
|
||||||
|
|
||||||
class Takeover(GenericTakeover):
|
class Takeover(GenericTakeover):
|
||||||
def __init__(self):
|
def osCmd(self):
|
||||||
self.__basedir = None
|
errMsg = "on MonetDB it is not possible to execute commands"
|
||||||
self.__datadir = None
|
raise SqlmapUnsupportedFeatureException(errMsg)
|
||||||
|
|
||||||
GenericTakeover.__init__(self)
|
def osShell(self):
|
||||||
|
errMsg = "on MonetDB it is not possible to execute commands"
|
||||||
|
raise SqlmapUnsupportedFeatureException(errMsg)
|
||||||
|
|
||||||
|
def osPwn(self):
|
||||||
|
errMsg = "on MonetDB it is not possible to establish an "
|
||||||
|
errMsg += "out-of-band connection"
|
||||||
|
raise SqlmapUnsupportedFeatureException(errMsg)
|
||||||
|
|
||||||
|
def osSmb(self):
|
||||||
|
errMsg = "on MonetDB it is not possible to establish an "
|
||||||
|
errMsg += "out-of-band connection"
|
||||||
|
raise SqlmapUnsupportedFeatureException(errMsg)
|
||||||
|
|
|
@ -5,11 +5,24 @@ Copyright (c) 2006-2020 sqlmap developers (http://sqlmap.org/)
|
||||||
See the file 'LICENSE' for copying permission
|
See the file 'LICENSE' for copying permission
|
||||||
"""
|
"""
|
||||||
|
|
||||||
|
from lib.core.exception import SqlmapUnsupportedFeatureException
|
||||||
from plugins.generic.takeover import Takeover as GenericTakeover
|
from plugins.generic.takeover import Takeover as GenericTakeover
|
||||||
|
|
||||||
class Takeover(GenericTakeover):
|
class Takeover(GenericTakeover):
|
||||||
def __init__(self):
|
def osCmd(self):
|
||||||
self.__basedir = None
|
errMsg = "on Vertica it is not possible to execute commands"
|
||||||
self.__datadir = None
|
raise SqlmapUnsupportedFeatureException(errMsg)
|
||||||
|
|
||||||
GenericTakeover.__init__(self)
|
def osShell(self):
|
||||||
|
errMsg = "on Vertica it is not possible to execute commands"
|
||||||
|
raise SqlmapUnsupportedFeatureException(errMsg)
|
||||||
|
|
||||||
|
def osPwn(self):
|
||||||
|
errMsg = "on Vertica it is not possible to establish an "
|
||||||
|
errMsg += "out-of-band connection"
|
||||||
|
raise SqlmapUnsupportedFeatureException(errMsg)
|
||||||
|
|
||||||
|
def osSmb(self):
|
||||||
|
errMsg = "on Vertica it is not possible to establish an "
|
||||||
|
errMsg += "out-of-band connection"
|
||||||
|
raise SqlmapUnsupportedFeatureException(errMsg)
|
||||||
|
|
|
@ -48,6 +48,7 @@ from lib.core.exception import SqlmapNoneDataException
|
||||||
from lib.core.exception import SqlmapUserQuitException
|
from lib.core.exception import SqlmapUserQuitException
|
||||||
from lib.core.settings import CURRENT_DB
|
from lib.core.settings import CURRENT_DB
|
||||||
from lib.core.settings import REFLECTED_VALUE_MARKER
|
from lib.core.settings import REFLECTED_VALUE_MARKER
|
||||||
|
from lib.core.settings import UPPER_CASE_IDENTIFIERS
|
||||||
from lib.core.settings import VERTICA_DEFAULT_SCHEMA
|
from lib.core.settings import VERTICA_DEFAULT_SCHEMA
|
||||||
from lib.request import inject
|
from lib.request import inject
|
||||||
from lib.techniques.union.use import unionUse
|
from lib.techniques.union.use import unionUse
|
||||||
|
@ -208,7 +209,10 @@ class Databases(object):
|
||||||
logger.error(errMsg)
|
logger.error(errMsg)
|
||||||
bruteForce = True
|
bruteForce = True
|
||||||
|
|
||||||
elif Backend.isDbms(DBMS.ACCESS):
|
elif Backend.getIdentifiedDbms() in (DBMS.MCKOI,):
|
||||||
|
bruteForce = True
|
||||||
|
|
||||||
|
elif Backend.getIdentifiedDbms() in (DBMS.ACCESS,):
|
||||||
try:
|
try:
|
||||||
tables = self.getTables(False)
|
tables = self.getTables(False)
|
||||||
except SqlmapNoneDataException:
|
except SqlmapNoneDataException:
|
||||||
|
@ -216,7 +220,7 @@ class Databases(object):
|
||||||
|
|
||||||
if not tables:
|
if not tables:
|
||||||
errMsg = "cannot retrieve table names, "
|
errMsg = "cannot retrieve table names, "
|
||||||
errMsg += "back-end DBMS is Access"
|
errMsg += "back-end DBMS is %s" % Backend.getIdentifiedDbms()
|
||||||
logger.error(errMsg)
|
logger.error(errMsg)
|
||||||
bruteForce = True
|
bruteForce = True
|
||||||
else:
|
else:
|
||||||
|
@ -225,7 +229,7 @@ class Databases(object):
|
||||||
if conf.db == CURRENT_DB:
|
if conf.db == CURRENT_DB:
|
||||||
conf.db = self.getCurrentDb()
|
conf.db = self.getCurrentDb()
|
||||||
|
|
||||||
if conf.db and Backend.getIdentifiedDbms() in (DBMS.ORACLE, DBMS.DB2, DBMS.HSQLDB, DBMS.DERBY):
|
if conf.db and Backend.getIdentifiedDbms() in UPPER_CASE_IDENTIFIERS:
|
||||||
conf.db = conf.db.upper()
|
conf.db = conf.db.upper()
|
||||||
|
|
||||||
if conf.db:
|
if conf.db:
|
||||||
|
@ -256,7 +260,7 @@ class Databases(object):
|
||||||
|
|
||||||
return kb.data.cachedTables
|
return kb.data.cachedTables
|
||||||
|
|
||||||
message = "do you want to use common table existence check? %s " % ("[Y/n/q]" if Backend.getIdentifiedDbms() in (DBMS.ACCESS,) else "[y/N/q]")
|
message = "do you want to use common table existence check? %s " % ("[Y/n/q]" if Backend.getIdentifiedDbms() in (DBMS.ACCESS, DBMS.MCKOI) else "[y/N/q]")
|
||||||
choice = readInput(message, default='Y' if 'Y' in message else 'N').upper()
|
choice = readInput(message, default='Y' if 'Y' in message else 'N').upper()
|
||||||
|
|
||||||
if choice == 'N':
|
if choice == 'N':
|
||||||
|
@ -348,7 +352,7 @@ class Databases(object):
|
||||||
infoMsg += "database '%s'" % unsafeSQLIdentificatorNaming(db)
|
infoMsg += "database '%s'" % unsafeSQLIdentificatorNaming(db)
|
||||||
logger.info(infoMsg)
|
logger.info(infoMsg)
|
||||||
|
|
||||||
if Backend.getIdentifiedDbms() in (DBMS.SQLITE, DBMS.FIREBIRD, DBMS.MAXDB, DBMS.ACCESS):
|
if Backend.getIdentifiedDbms() in (DBMS.SQLITE, DBMS.FIREBIRD, DBMS.MAXDB, DBMS.ACCESS, DBMS.MCKOI):
|
||||||
query = rootQuery.blind.count
|
query = rootQuery.blind.count
|
||||||
else:
|
else:
|
||||||
query = rootQuery.blind.count % unsafeSQLIdentificatorNaming(db)
|
query = rootQuery.blind.count % unsafeSQLIdentificatorNaming(db)
|
||||||
|
@ -375,7 +379,7 @@ class Databases(object):
|
||||||
for index in indexRange:
|
for index in indexRange:
|
||||||
if Backend.isDbms(DBMS.SYBASE):
|
if Backend.isDbms(DBMS.SYBASE):
|
||||||
query = rootQuery.blind.query % (db, (kb.data.cachedTables[-1] if kb.data.cachedTables else " "))
|
query = rootQuery.blind.query % (db, (kb.data.cachedTables[-1] if kb.data.cachedTables else " "))
|
||||||
elif Backend.getIdentifiedDbms() in (DBMS.MAXDB, DBMS.ACCESS):
|
elif Backend.getIdentifiedDbms() in (DBMS.MAXDB, DBMS.ACCESS, DBMS.MCKOI):
|
||||||
query = rootQuery.blind.query % (kb.data.cachedTables[-1] if kb.data.cachedTables else " ")
|
query = rootQuery.blind.query % (kb.data.cachedTables[-1] if kb.data.cachedTables else " ")
|
||||||
elif Backend.getIdentifiedDbms() in (DBMS.SQLITE, DBMS.FIREBIRD):
|
elif Backend.getIdentifiedDbms() in (DBMS.SQLITE, DBMS.FIREBIRD):
|
||||||
query = rootQuery.blind.query % index
|
query = rootQuery.blind.query % index
|
||||||
|
@ -454,7 +458,7 @@ class Databases(object):
|
||||||
raise SqlmapNoneDataException(errMsg)
|
raise SqlmapNoneDataException(errMsg)
|
||||||
|
|
||||||
elif conf.db is not None:
|
elif conf.db is not None:
|
||||||
if Backend.getIdentifiedDbms() in (DBMS.ORACLE, DBMS.DB2, DBMS.HSQLDB, DBMS.H2, DBMS.DERBY):
|
if Backend.getIdentifiedDbms() in UPPER_CASE_IDENTIFIERS:
|
||||||
conf.db = conf.db.upper()
|
conf.db = conf.db.upper()
|
||||||
|
|
||||||
if ',' in conf.db:
|
if ',' in conf.db:
|
||||||
|
@ -514,9 +518,9 @@ class Databases(object):
|
||||||
logger.error(errMsg)
|
logger.error(errMsg)
|
||||||
bruteForce = True
|
bruteForce = True
|
||||||
|
|
||||||
elif Backend.isDbms(DBMS.ACCESS):
|
elif Backend.getIdentifiedDbms() in (DBMS.ACCESS, DBMS.MCKOI):
|
||||||
errMsg = "cannot retrieve column names, "
|
errMsg = "cannot retrieve column names, "
|
||||||
errMsg += "back-end DBMS is %s" % DBMS.ACCESS
|
errMsg += "back-end DBMS is %s" % Backend.getIdentifiedDbms()
|
||||||
logger.error(errMsg)
|
logger.error(errMsg)
|
||||||
bruteForce = True
|
bruteForce = True
|
||||||
|
|
||||||
|
@ -547,7 +551,7 @@ class Databases(object):
|
||||||
|
|
||||||
return kb.data.cachedColumns
|
return kb.data.cachedColumns
|
||||||
|
|
||||||
message = "do you want to use common column existence check? %s" % ("[Y/n/q]" if Backend.getIdentifiedDbms() in (DBMS.ACCESS,) else "[y/N/q]")
|
message = "do you want to use common column existence check? %s" % ("[Y/n/q]" if Backend.getIdentifiedDbms() in (DBMS.ACCESS, DBMS.MCKOI) else "[y/N/q]")
|
||||||
choice = readInput(message, default='Y' if 'Y' in message else 'N').upper()
|
choice = readInput(message, default='Y' if 'Y' in message else 'N').upper()
|
||||||
|
|
||||||
if choice == 'N':
|
if choice == 'N':
|
||||||
|
@ -665,7 +669,7 @@ class Databases(object):
|
||||||
if conf.getComments:
|
if conf.getComments:
|
||||||
_ = queries[Backend.getIdentifiedDbms()].column_comment
|
_ = queries[Backend.getIdentifiedDbms()].column_comment
|
||||||
if hasattr(_, "query"):
|
if hasattr(_, "query"):
|
||||||
if Backend.getIdentifiedDbms() in (DBMS.ORACLE, DBMS.DB2, DBMS.DERBY):
|
if Backend.getIdentifiedDbms() in UPPER_CASE_IDENTIFIERS:
|
||||||
query = _.query % (unsafeSQLIdentificatorNaming(conf.db.upper()), unsafeSQLIdentificatorNaming(tbl.upper()), unsafeSQLIdentificatorNaming(name.upper()))
|
query = _.query % (unsafeSQLIdentificatorNaming(conf.db.upper()), unsafeSQLIdentificatorNaming(tbl.upper()), unsafeSQLIdentificatorNaming(name.upper()))
|
||||||
else:
|
else:
|
||||||
query = _.query % (unsafeSQLIdentificatorNaming(conf.db), unsafeSQLIdentificatorNaming(tbl), unsafeSQLIdentificatorNaming(name))
|
query = _.query % (unsafeSQLIdentificatorNaming(conf.db), unsafeSQLIdentificatorNaming(tbl), unsafeSQLIdentificatorNaming(name))
|
||||||
|
@ -829,7 +833,7 @@ class Databases(object):
|
||||||
if conf.getComments:
|
if conf.getComments:
|
||||||
_ = queries[Backend.getIdentifiedDbms()].column_comment
|
_ = queries[Backend.getIdentifiedDbms()].column_comment
|
||||||
if hasattr(_, "query"):
|
if hasattr(_, "query"):
|
||||||
if Backend.getIdentifiedDbms() in (DBMS.ORACLE, DBMS.DB2, DBMS.DERBY):
|
if Backend.getIdentifiedDbms() in UPPER_CASE_IDENTIFIERS:
|
||||||
query = _.query % (unsafeSQLIdentificatorNaming(conf.db.upper()), unsafeSQLIdentificatorNaming(tbl.upper()), unsafeSQLIdentificatorNaming(column.upper()))
|
query = _.query % (unsafeSQLIdentificatorNaming(conf.db.upper()), unsafeSQLIdentificatorNaming(tbl.upper()), unsafeSQLIdentificatorNaming(column.upper()))
|
||||||
else:
|
else:
|
||||||
query = _.query % (unsafeSQLIdentificatorNaming(conf.db), unsafeSQLIdentificatorNaming(tbl), unsafeSQLIdentificatorNaming(column))
|
query = _.query % (unsafeSQLIdentificatorNaming(conf.db), unsafeSQLIdentificatorNaming(tbl), unsafeSQLIdentificatorNaming(column))
|
||||||
|
@ -935,7 +939,7 @@ class Databases(object):
|
||||||
db = db.upper()
|
db = db.upper()
|
||||||
table = table.upper()
|
table = table.upper()
|
||||||
|
|
||||||
if Backend.getIdentifiedDbms() in (DBMS.SQLITE, DBMS.ACCESS, DBMS.FIREBIRD):
|
if Backend.getIdentifiedDbms() in (DBMS.SQLITE, DBMS.ACCESS, DBMS.FIREBIRD, DBMS.MCKOI):
|
||||||
query = "SELECT %s FROM %s" % (queries[Backend.getIdentifiedDbms()].count.query % '*', safeSQLIdentificatorNaming(table, True))
|
query = "SELECT %s FROM %s" % (queries[Backend.getIdentifiedDbms()].count.query % '*', safeSQLIdentificatorNaming(table, True))
|
||||||
else:
|
else:
|
||||||
query = "SELECT %s FROM %s.%s" % (queries[Backend.getIdentifiedDbms()].count.query % '*', safeSQLIdentificatorNaming(db), safeSQLIdentificatorNaming(table, True))
|
query = "SELECT %s FROM %s.%s" % (queries[Backend.getIdentifiedDbms()].count.query % '*', safeSQLIdentificatorNaming(db), safeSQLIdentificatorNaming(table, True))
|
||||||
|
@ -963,7 +967,7 @@ class Databases(object):
|
||||||
if not conf.db:
|
if not conf.db:
|
||||||
conf.db, conf.tbl = conf.tbl.split('.', 1)
|
conf.db, conf.tbl = conf.tbl.split('.', 1)
|
||||||
|
|
||||||
if conf.tbl is not None and conf.db is None and Backend.getIdentifiedDbms() not in (DBMS.SQLITE, DBMS.ACCESS, DBMS.FIREBIRD):
|
if conf.tbl is not None and conf.db is None and Backend.getIdentifiedDbms() not in (DBMS.SQLITE, DBMS.ACCESS, DBMS.FIREBIRD, DBMS.MCKOI):
|
||||||
warnMsg = "missing database parameter. sqlmap is going to "
|
warnMsg = "missing database parameter. sqlmap is going to "
|
||||||
warnMsg += "use the current database to retrieve the "
|
warnMsg += "use the current database to retrieve the "
|
||||||
warnMsg += "number of entries for table '%s'" % unsafeSQLIdentificatorNaming(conf.tbl)
|
warnMsg += "number of entries for table '%s'" % unsafeSQLIdentificatorNaming(conf.tbl)
|
||||||
|
|
|
@ -178,7 +178,7 @@ class Entries(object):
|
||||||
|
|
||||||
if Backend.getIdentifiedDbms() in (DBMS.ORACLE, DBMS.DB2, DBMS.DERBY):
|
if Backend.getIdentifiedDbms() in (DBMS.ORACLE, DBMS.DB2, DBMS.DERBY):
|
||||||
query = rootQuery.inband.query % (colString, tbl.upper() if not conf.db else ("%s.%s" % (conf.db.upper(), tbl.upper())))
|
query = rootQuery.inband.query % (colString, tbl.upper() if not conf.db else ("%s.%s" % (conf.db.upper(), tbl.upper())))
|
||||||
elif Backend.getIdentifiedDbms() in (DBMS.SQLITE, DBMS.ACCESS, DBMS.FIREBIRD, DBMS.MAXDB):
|
elif Backend.getIdentifiedDbms() in (DBMS.SQLITE, DBMS.ACCESS, DBMS.FIREBIRD, DBMS.MAXDB, DBMS.MCKOI):
|
||||||
query = rootQuery.inband.query % (colString, tbl)
|
query = rootQuery.inband.query % (colString, tbl)
|
||||||
elif Backend.getIdentifiedDbms() in (DBMS.SYBASE, DBMS.MSSQL):
|
elif Backend.getIdentifiedDbms() in (DBMS.SYBASE, DBMS.MSSQL):
|
||||||
# Partial inband and error
|
# Partial inband and error
|
||||||
|
@ -287,7 +287,7 @@ class Entries(object):
|
||||||
|
|
||||||
if Backend.getIdentifiedDbms() in (DBMS.ORACLE, DBMS.DB2, DBMS.DERBY):
|
if Backend.getIdentifiedDbms() in (DBMS.ORACLE, DBMS.DB2, DBMS.DERBY):
|
||||||
query = rootQuery.blind.count % (tbl.upper() if not conf.db else ("%s.%s" % (conf.db.upper(), tbl.upper())))
|
query = rootQuery.blind.count % (tbl.upper() if not conf.db else ("%s.%s" % (conf.db.upper(), tbl.upper())))
|
||||||
elif Backend.getIdentifiedDbms() in (DBMS.SQLITE, DBMS.ACCESS, DBMS.FIREBIRD):
|
elif Backend.getIdentifiedDbms() in (DBMS.SQLITE, DBMS.ACCESS, DBMS.FIREBIRD, DBMS.MCKOI):
|
||||||
query = rootQuery.blind.count % tbl
|
query = rootQuery.blind.count % tbl
|
||||||
elif Backend.getIdentifiedDbms() in (DBMS.SYBASE, DBMS.MSSQL):
|
elif Backend.getIdentifiedDbms() in (DBMS.SYBASE, DBMS.MSSQL):
|
||||||
query = rootQuery.blind.count % ("%s.%s" % (conf.db, tbl))
|
query = rootQuery.blind.count % ("%s.%s" % (conf.db, tbl))
|
||||||
|
@ -325,8 +325,8 @@ class Entries(object):
|
||||||
|
|
||||||
continue
|
continue
|
||||||
|
|
||||||
elif Backend.getIdentifiedDbms() in (DBMS.ACCESS, DBMS.SYBASE, DBMS.MAXDB, DBMS.MSSQL, DBMS.INFORMIX):
|
elif Backend.getIdentifiedDbms() in (DBMS.ACCESS, DBMS.SYBASE, DBMS.MAXDB, DBMS.MSSQL, DBMS.INFORMIX, DBMS.MCKOI):
|
||||||
if Backend.isDbms(DBMS.ACCESS):
|
if Backend.getIdentifiedDbms() in (DBMS.ACCESS, DBMS.MCKOI):
|
||||||
table = tbl
|
table = tbl
|
||||||
elif Backend.getIdentifiedDbms() in (DBMS.SYBASE, DBMS.MSSQL):
|
elif Backend.getIdentifiedDbms() in (DBMS.SYBASE, DBMS.MSSQL):
|
||||||
table = "%s.%s" % (conf.db, tbl)
|
table = "%s.%s" % (conf.db, tbl)
|
||||||
|
|
|
@ -148,7 +148,7 @@ class Search(object):
|
||||||
bruteForce = True
|
bruteForce = True
|
||||||
|
|
||||||
if bruteForce:
|
if bruteForce:
|
||||||
message = "do you want to use common table existence check? %s" % ("[Y/n/q]" if Backend.getIdentifiedDbms() in (DBMS.ACCESS,) else "[y/N/q]")
|
message = "do you want to use common table existence check? %s" % ("[Y/n/q]" if Backend.getIdentifiedDbms() in (DBMS.ACCESS, DBMS.MCKOI) else "[y/N/q]")
|
||||||
choice = readInput(message, default='Y' if 'Y' in message else 'N').upper()
|
choice = readInput(message, default='Y' if 'Y' in message else 'N').upper()
|
||||||
|
|
||||||
if choice == 'N':
|
if choice == 'N':
|
||||||
|
@ -350,7 +350,7 @@ class Search(object):
|
||||||
bruteForce = True
|
bruteForce = True
|
||||||
|
|
||||||
if bruteForce:
|
if bruteForce:
|
||||||
message = "do you want to use common column existence check? %s" % ("[Y/n/q]" if Backend.getIdentifiedDbms() in (DBMS.ACCESS,) else "[y/N/q]")
|
message = "do you want to use common column existence check? %s" % ("[Y/n/q]" if Backend.getIdentifiedDbms() in (DBMS.ACCESS, DBMS.MCKOI) else "[y/N/q]")
|
||||||
choice = readInput(message, default='Y' if 'Y' in message else 'N').upper()
|
choice = readInput(message, default='Y' if 'Y' in message else 'N').upper()
|
||||||
|
|
||||||
if choice == 'N':
|
if choice == 'N':
|
||||||
|
|
Loading…
Reference in New Issue
Block a user