sqlmapproject/sqlmap
1
1
Fork 0
mirror of https://github.com/sqlmapproject/sqlmap.git synced 2025-02-03 13:14:13 +03:00
Code Issues Packages Projects Releases Wiki Activity

Some cleaning up for #3283

Browse Source
This commit is contained in:
Miroslav Stampar 2018-10-16 13:26:55 +02:00
parent 411f56e710
commit 68f5597b4a
10 changed files with 44 additions and 135 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
lib/core/agent.py
View File

@ -624,7 +624,7 @@ class Agent(object):
elif fieldsNoSelect:
concatenatedQuery = "CONCAT('%s',%s,'%s')" % (kb.chars.start, concatenatedQuery, kb.chars.stop)
elif Backend.getIdentifiedDbms() in (DBMS.PGSQL, DBMS.ORACLE, DBMS.SQLITE, DBMS.DB2, DBMS.FIREBIRD, DBMS.HSQLDB):
elif Backend.getIdentifiedDbms() in (DBMS.PGSQL, DBMS.ORACLE, DBMS.SQLITE, DBMS.DB2, DBMS.FIREBIRD, DBMS.HSQLDB, DBMS.H2):
if fieldsExists:
concatenatedQuery = concatenatedQuery.replace("SELECT ", "'%s'||" % kb.chars.start, 1)
concatenatedQuery += "||'%s'" % kb.chars.stop

2
lib/core/dump.py
View File

@ -171,7 +171,7 @@ class Dump(object):
def currentDb(self, data):
if Backend.isDbms(DBMS.MAXDB):
self.string("current database (no practical usage on %s)" % Backend.getIdentifiedDbms(), data, content_type=CONTENT_TYPE.CURRENT_DB)
elif Backend.getIdentifiedDbms() in (DBMS.ORACLE, DBMS.PGSQL, DBMS.HSQLDB):
elif Backend.getIdentifiedDbms() in (DBMS.ORACLE, DBMS.PGSQL, DBMS.HSQLDB, DBMS.H2):
self.string("current schema (equivalent to database on %s)" % Backend.getIdentifiedDbms(), data, content_type=CONTENT_TYPE.CURRENT_DB)
else:
self.string("current database", data, content_type=CONTENT_TYPE.CURRENT_DB)

4
lib/core/settings.py
View File

@ -19,7 +19,7 @@ from lib.core.enums import DBMS_DIRECTORY_NAME
from lib.core.enums import OS
# sqlmap version (<major>.<minor>.<month>.<monthly commit>)
VERSION = "1.2.10.21"
VERSION = "1.2.10.22"
TYPE = "dev" if VERSION.count('.') > 2 and VERSION.split('.')[-1] != '0' else "stable"
TYPE_COLORS = {"dev": 33, "stable": 90, "pip": 34}
VERSION_STRING = "sqlmap/%s#%s" % ('.'.join(VERSION.split('.')[:-1]) if VERSION.count('.') > 2 and VERSION.split('.')[-1] == '0' else VERSION, TYPE)
@ -265,7 +265,7 @@ USER_AGENT_ALIASES = ("ua", "useragent", "user-agent")
REFERER_ALIASES = ("ref", "referer", "referrer")
HOST_ALIASES = ("host",)
HSQLDB_DEFAULT_SCHEMA = "PUBLIC"
H2_DEFAULT_SCHEMA = HSQLDB_DEFAULT_SCHEMA = "PUBLIC"
# Names that can't be used to name files on Windows OS
WINDOWS_RESERVED_NAMES = ("CON", "PRN", "AUX", "NUL", "COM1", "COM2", "COM3", "COM4", "COM5", "COM6", "COM7", "COM8", "COM9", "LPT1", "LPT2", "LPT3", "LPT4", "LPT5", "LPT6", "LPT7", "LPT8", "LPT9")

81
plugins/dbms/h2/connector.py
View File

@ -5,87 +5,14 @@ Copyright (c) 2006-2018 sqlmap developers (http://sqlmap.org/)
See the file 'LICENSE' for copying permission
"""
try:
import jaydebeapi
import jpype
except:
pass
import logging
from lib.core.common import checkFile
from lib.core.common import readInput
from lib.core.data import conf
from lib.core.data import logger
from lib.core.exception import SqlmapConnectionException
from lib.core.exception import SqlmapUnsupportedFeatureException
from plugins.generic.connector import Connector as GenericConnector
class Connector(GenericConnector):
"""
Homepage: https://pypi.python.org/pypi/JayDeBeApi/ & http://jpype.sourceforge.net/
User guide: https://pypi.python.org/pypi/JayDeBeApi/#usage & http://jpype.sourceforge.net/doc/user-guide/userguide.html
API: -
Debian package: -
License: LGPL & Apache License 2.0
"""
def __init__(self):
GenericConnector.__init__(self)
def connect(self):
self.initConnection()
try:
msg = "what's the location of 'hsqldb.jar'? "
jar = readInput(msg)
checkFile(jar)
args = "-Djava.class.path=%s" % jar
jvm_path = jpype.getDefaultJVMPath()
jpype.startJVM(jvm_path, args)
except Exception, msg:
raise SqlmapConnectionException(msg[0])
try:
driver = 'org.hsqldb.jdbc.JDBCDriver'
connection_string = 'jdbc:hsqldb:mem:.' # 'jdbc:hsqldb:hsql://%s/%s' % (self.hostname, self.db)
self.connector = jaydebeapi.connect(driver, connection_string, str(self.user), str(self.password))
except Exception, msg:
raise SqlmapConnectionException(msg[0])
self.initCursor()
self.printConnected()
def fetchall(self):
try:
return self.cursor.fetchall()
except Exception, msg:
logger.log(logging.WARN if conf.dbmsHandler else logging.DEBUG, "(remote) %s" % msg[1])
return None
def execute(self, query):
retVal = False
try:
self.cursor.execute(query)
retVal = True
except Exception, msg: # TODO: fix with specific error
logger.log(logging.WARN if conf.dbmsHandler else logging.DEBUG, "(remote) %s" % msg[1])
self.connector.commit()
return retVal
def select(self, query):
retVal = None
upper_query = query.upper()
if query and not (upper_query.startswith("SELECT ") or upper_query.startswith("VALUES ")):
query = "VALUES %s" % query
if query and upper_query.startswith("SELECT ") and " FROM " not in upper_query:
query = "%s FROM (VALUES(0))" % query
self.cursor.execute(query)
retVal = self.cursor.fetchall()
return retVal
errMsg = "on H2 it is not (currently) possible to establish a "
errMsg += "direct connection"
raise SqlmapUnsupportedFeatureException(errMsg)

10
plugins/dbms/h2/enumeration.py
View File

@ -12,6 +12,7 @@ from lib.core.data import logger
from lib.core.data import queries
from lib.core.common import unArrayizeValue
from lib.core.enums import DBMS
from lib.core.settings import H2_DEFAULT_SCHEMA
from lib.request import inject
class Enumeration(GenericEnumeration):
@ -40,3 +41,12 @@ class Enumeration(GenericEnumeration):
def getHostname(self):
warnMsg = "on H2 it is not possible to enumerate the hostname"
logger.warn(warnMsg)
def getCurrentDb(self):
return H2_DEFAULT_SCHEMA
def getPasswordHashes(self):
warnMsg = "on H2 it is not possible to list password hashes"
logger.warn(warnMsg)
return {}

39
plugins/dbms/h2/fingerprint.py
View File

@ -27,32 +27,28 @@ class Fingerprint(GenericFingerprint):
value = ""
wsOsFp = Format.getOs("web server", kb.headersFp)
if wsOsFp and not conf.api:
if wsOsFp:
value += "%s\n" % wsOsFp
if kb.data.banner:
dbmsOsFp = Format.getOs("back-end DBMS", kb.bannerFp)
if dbmsOsFp and not conf.api:
if dbmsOsFp:
value += "%s\n" % dbmsOsFp
value += "back-end DBMS: "
actVer = Format.getDbms()
if not conf.extensiveFp:
value += actVer
value += DBMS.H2
return value
actVer = Format.getDbms()
blank = " " * 15
value += "active fingerprint: %s" % actVer
if kb.bannerFp:
banVer = kb.bannerFp.get("dbmsVersion")
if re.search(r"-log$", kb.data.banner):
banVer += ", logging enabled"
banVer = Format.getDbms([banVer] if banVer else None)
banVer = Format.getDbms([banVer])
value += "\n%sbanner parsing fingerprint: %s" % (blank, banVer)
htmlErrorFp = Format.getErrorParsedDBMSes()
@ -66,9 +62,6 @@ class Fingerprint(GenericFingerprint):
if not conf.extensiveFp and Backend.isDbmsWithin(H2_ALIASES):
setDbms("%s %s" % (DBMS.H2, Backend.getVersion()))
if Backend.isVersionGreaterOrEqualThan("1.7.2"):
kb.data.has_information_schema = True
self.getBanner()
return True
@ -90,31 +83,15 @@ class Fingerprint(GenericFingerprint):
return False
else:
kb.data.has_information_schema = True
Backend.setVersion(">= 1.7.2")
setDbms("%s 1.7.2" % DBMS.H2)
setDbms(DBMS.H2)
banner = self.getBanner()
if banner:
Backend.setVersion("= %s" % banner)
else:
if inject.checkBooleanExpression("(SELECT [RANDNUM] FROM (VALUES(0)))=[RANDNUM]"):
Backend.setVersionList([">= 2.0.0", "< 2.3.0"])
else:
banner = unArrayizeValue(inject.getValue("\"org.hsqldbdb.Library.getDatabaseFullProductVersion\"()", safeCharEncode=True))
if banner:
Backend.setVersion("= %s" % banner)
else:
Backend.setVersionList([">= 1.7.2", "< 1.8.0"])
self.getBanner()
return True
return True
else:
warnMsg = "the back-end DBMS is not %s" % DBMS.H2
logger.warn(warnMsg)
dbgMsg = "...or version is < 1.7.2"
logger.debug(dbgMsg)
return False
def getHostname(self):

2
plugins/dbms/maxdb/connector.py
View File

@ -13,6 +13,6 @@ class Connector(GenericConnector):
GenericConnector.__init__(self)
def connect(self):
errMsg = "on SAP MaxDB it is not possible to establish a "
errMsg = "on SAP MaxDB it is not (currently) possible to establish a "
errMsg += "direct connection"
raise SqlmapUnsupportedFeatureException(errMsg)

4
plugins/generic/databases.py
View File

@ -438,7 +438,7 @@ class Databases:
raise SqlmapNoneDataException(errMsg)
elif conf.db is not None:
if Backend.getIdentifiedDbms() in (DBMS.ORACLE, DBMS.DB2, DBMS.HSQLDB):
if Backend.getIdentifiedDbms() in (DBMS.ORACLE, DBMS.DB2, DBMS.HSQLDB, DBMS.H2):
conf.db = conf.db.upper()
if ',' in conf.db:
@ -465,7 +465,7 @@ class Databases:
colList = filter(None, colList)
if conf.tbl:
if Backend.getIdentifiedDbms() in (DBMS.ORACLE, DBMS.DB2, DBMS.HSQLDB):
if Backend.getIdentifiedDbms() in (DBMS.ORACLE, DBMS.DB2, DBMS.HSQLDB, DBMS.H2):
conf.tbl = conf.tbl.upper()
tblList = conf.tbl.split(',')

18
txt/checksum.md5
View File

@ -27,7 +27,7 @@ c1bccc94522d3425a372dcd57f78418e extra/wafdetectify/wafdetectify.py
d6deacb76e1f479b3c690c215fad1c08 lib/controller/controller.py
97a0f363bfc33a5ee4853cdf91515423 lib/controller/handler.py
1e5532ede194ac9c083891c2f02bca93 lib/controller/__init__.py
a866dd953fdc4b5273a9c28f6b2361f1 lib/core/agent.py
cb865cf6eff60118bc97a0f106af5e4d lib/core/agent.py
c347f085bd561adfa26d3a9512e5f3b9 lib/core/bigarray.py
ce7fb7270b104f05d1e2be088b69c976 lib/core/common.py
0d082da16c388b3445e656e0760fb582 lib/core/convert.py
@ -36,7 +36,7 @@ ce7fb7270b104f05d1e2be088b69c976 lib/core/common.py
4086fb55f42e27de5330505605baad0f lib/core/decorators.py
fbb55cc6100318ff922957b6577dc58f lib/core/defaults.py
56b79ee7acd2da19c1678250edfdafab lib/core/dicts.py
d4b3d448bcfd9f15d089fc81d38f4825 lib/core/dump.py
760de985e09f5d11aacd3a8f2d8e9ff2 lib/core/dump.py
ee7da34f4947739778a07d6c9c05ab54 lib/core/enums.py
cada93357a7321655927fc9625b3bfec lib/core/exception.py
1e5532ede194ac9c083891c2f02bca93 lib/core/__init__.py
@ -49,7 +49,7 @@ c8c386d644d57c659d74542f5f57f632 lib/core/patch.py
0c3eef46bdbf87e29a3f95f90240d192 lib/core/replication.py
a7db43859b61569b601b97f187dd31c5 lib/core/revision.py
fcb74fcc9577523524659ec49e2e964b lib/core/session.py
1eb1c8d9bf5f38efc0625524d7dfa8ed lib/core/settings.py
5a5c0538e7464803ea3cd2b55b98f991 lib/core/settings.py
dd68a9d02fccb4fa1428b20e15b0db5d lib/core/shell.py
a7edc9250d13af36ac0108f259859c19 lib/core/subprocessng.py
47ad325975ab21fc9f11d90b46d0d143 lib/core/target.py
@ -140,10 +140,10 @@ bf98dbd666c162088f23ee697c065010 plugins/dbms/firebird/fingerprint.py
d4ea3036492b8ae15340548b2936021f plugins/dbms/firebird/__init__.py
c56f2dabe88fd761a1a9a51e4d104088 plugins/dbms/firebird/syntax.py
1522a29bd4b54ea78bb2855fc32b6c72 plugins/dbms/firebird/takeover.py
271a7f16e781d56a0a31a3d5515a1945 plugins/dbms/h2/connector.py
687005cf105ab50c62b6686866d6ef13 plugins/dbms/h2/enumeration.py
79c44d8d0dffc140d38796a32e92a66a plugins/dbms/h2/connector.py
5b99e9a60409f54a140747ce1ca0342f plugins/dbms/h2/enumeration.py
b1ed542fff0aa53c54e8bc07658aeaf1 plugins/dbms/h2/filesystem.py
443bc9ac09ce180360ff5a660ac3d6ba plugins/dbms/h2/fingerprint.py
4fe530d10b74210bd045205d9318b5d6 plugins/dbms/h2/fingerprint.py
1de698e4cfddd754ffe31ea2640a481a plugins/dbms/h2/__init__.py
4673ebfdce9859718c19e8a7765da8d3 plugins/dbms/h2/syntax.py
af746ef421cfefedc1aaa9dca1503de2 plugins/dbms/h2/takeover.py
@ -162,7 +162,7 @@ b182f01c2ba82aa94fbe4948383ea98d plugins/dbms/informix/fingerprint.py
aa77fec4fe6b2d7ca4a91aebd9ff4e21 plugins/dbms/informix/syntax.py
25f0fb28e9defcab48a2e946fbb7550a plugins/dbms/informix/takeover.py
1e5532ede194ac9c083891c2f02bca93 plugins/dbms/__init__.py
6917f9b045f6188b89e816dea9b46a3f plugins/dbms/maxdb/connector.py
9c0307881fae556521bec393956664b0 plugins/dbms/maxdb/connector.py
1f3f9d4c7ec62452ed2465cd9cf50aa1 plugins/dbms/maxdb/enumeration.py
ffd26f64142226d0b1ed1d70f7f294c0 plugins/dbms/maxdb/filesystem.py
9f9f1c4c4c3150545c4b61d1cffc76a8 plugins/dbms/maxdb/fingerprint.py
@ -213,7 +213,7 @@ a3db8618eed5bb2807b6f77605cba9cc plugins/dbms/sybase/__init__.py
79f6c7017db4ded8f74a0117188836ff plugins/dbms/sybase/takeover.py
34d181a7086d6dfc7e72ae5f8a4cfe0f plugins/generic/connector.py
ce6a6ff713852b5eca7b78316cc941c4 plugins/generic/custom.py
ca122ea307ed367a55b12a67a6079e74 plugins/generic/databases.py
dd0875db408080c8192c5186d2d9c246 plugins/generic/databases.py
35546acab0eea406c23b84363df4d534 plugins/generic/entries.py
d82f2c78c1d4d7c6487e94fd3a68a908 plugins/generic/enumeration.py
0a67b8b46f69df7cfacc286b47a0d9a5 plugins/generic/filesystem.py
@ -484,4 +484,4 @@ a279656ea3fcb85c727249b02f828383 xml/livetests.xml
82c65823a0af3fccbecf37f1c75f0b29 xml/payloads/stacked_queries.xml
92c41925eba27afeed76bceba6b18be2 xml/payloads/time_blind.xml
ac649aff0e7db413e4937e446e398736 xml/payloads/union_query.xml
39173640d6807991a6b78e9bea973339 xml/queries.xml
c83a948e23219f1d101d3b3aa7eb1391 xml/queries.xml

17
xml/queries.xml
View File

@ -676,7 +676,7 @@
<hostname/>
<table_comment/>
<column_comment/>
<is_dba query="SELECT ADMIN FROM INFORMATION_SCHEMA.SYSTEM_USERS WHERE USER=CURRENT_USER"/>
<is_dba query="SELECT ADMIN FROM INFORMATION_SCHEMA.USERS WHERE NAME=CURRENT_USER"/>
<check_udf/>
<users>
<!-- LIMIT is needed at start for v1.7 this gets mangled unless no-cast is used -->
@ -739,23 +739,18 @@
<hex query="RAWTOHEX(%s)"/>
<inference query="ASCII(SUBSTR((%s),%d,1))>%d"/>
<banner query="H2VERSION()"/>
<current_user query="CURRENT_USER"/>
<current_user query="CURRENT_USER"/>mirek
<current_db query="DATABASE()"/>
<hostname/>
<table_comment/>
<column_comment/>
<is_dba query="SELECT ADMIN FROM INFORMATION_SCHEMA.SYSTEM_USERS WHERE USER=CURRENT_USER"/>
<is_dba query="SELECT CURRENT_USER='SA'"/>
<check_udf/>
<users>
<!-- LIMIT is needed at start for v1.7 this gets mangled unless no-cast is used -->
<blind query="SELECT LIMIT %d 1 DISTINCT(user) FROM INFORMATION_SCHEMA.SYSTEM_USERS ORDER BY user" count="SELECT COUNT(DISTINCT(user)) FROM INFORMATION_SCHEMA.SYSTEM_USERS"/>
<inband query="SELECT user FROM INFORMATION_SCHEMA.SYSTEM_USERS ORDER BY user"/>
<inband query="SELECT NAME FROM INFORMATION_SCHEMA.USERS"/>
<blind query="SELECT NAME FROM INFORMATION_SCHEMA.USERS OFFSET %d LIMIT 1" count="SELECT COUNT(NAME) FROM INFORMATION_SCHEMA.USERS"/>
</users>
<passwords>
<!-- Passwords only shown in later versions &gt;=2.0 -->
<blind query="SELECT LIMIT %d 1 DISTINCT(password_digest) FROM INFORMATION_SCHEMA.SYSTEM_USERS WHERE user_name='%s' ORDER BY password_digest" count="SELECT COUNT(DISTINCT(password_digest)) FROM INFORMATION_SCHEMA.SYSTEM_USERS WHERE user_name='%s'"/>
<inband query="SELECT user_name,password_digest FROM INFORMATION_SCHEMA.SYSTEM_USERS ORDER BY user_name" condition="user_name"/>
</passwords>
<passwords/>
<privileges/>
<roles/>
<dbs>