diff --git a/lib/core/agent.py b/lib/core/agent.py index 10ee4cfdd..48bf658a1 100644 --- a/lib/core/agent.py +++ b/lib/core/agent.py @@ -624,7 +624,7 @@ class Agent(object): elif fieldsNoSelect: concatenatedQuery = "CONCAT('%s',%s,'%s')" % (kb.chars.start, concatenatedQuery, kb.chars.stop) - elif Backend.getIdentifiedDbms() in (DBMS.PGSQL, DBMS.ORACLE, DBMS.SQLITE, DBMS.DB2, DBMS.FIREBIRD, DBMS.HSQLDB): + elif Backend.getIdentifiedDbms() in (DBMS.PGSQL, DBMS.ORACLE, DBMS.SQLITE, DBMS.DB2, DBMS.FIREBIRD, DBMS.HSQLDB, DBMS.H2): if fieldsExists: concatenatedQuery = concatenatedQuery.replace("SELECT ", "'%s'||" % kb.chars.start, 1) concatenatedQuery += "||'%s'" % kb.chars.stop diff --git a/lib/core/dump.py b/lib/core/dump.py index b5d0b6c68..444152e84 100644 --- a/lib/core/dump.py +++ b/lib/core/dump.py @@ -171,7 +171,7 @@ class Dump(object): def currentDb(self, data): if Backend.isDbms(DBMS.MAXDB): self.string("current database (no practical usage on %s)" % Backend.getIdentifiedDbms(), data, content_type=CONTENT_TYPE.CURRENT_DB) - elif Backend.getIdentifiedDbms() in (DBMS.ORACLE, DBMS.PGSQL, DBMS.HSQLDB): + elif Backend.getIdentifiedDbms() in (DBMS.ORACLE, DBMS.PGSQL, DBMS.HSQLDB, DBMS.H2): self.string("current schema (equivalent to database on %s)" % Backend.getIdentifiedDbms(), data, content_type=CONTENT_TYPE.CURRENT_DB) else: self.string("current database", data, content_type=CONTENT_TYPE.CURRENT_DB) diff --git a/lib/core/settings.py b/lib/core/settings.py index e99c4a326..130df4ff7 100644 --- a/lib/core/settings.py +++ b/lib/core/settings.py @@ -19,7 +19,7 @@ from lib.core.enums import DBMS_DIRECTORY_NAME from lib.core.enums import OS # sqlmap version (...) -VERSION = "1.2.10.21" +VERSION = "1.2.10.22" TYPE = "dev" if VERSION.count('.') > 2 and VERSION.split('.')[-1] != '0' else "stable" TYPE_COLORS = {"dev": 33, "stable": 90, "pip": 34} VERSION_STRING = "sqlmap/%s#%s" % ('.'.join(VERSION.split('.')[:-1]) if VERSION.count('.') > 2 and VERSION.split('.')[-1] == '0' else VERSION, TYPE) @@ -265,7 +265,7 @@ USER_AGENT_ALIASES = ("ua", "useragent", "user-agent") REFERER_ALIASES = ("ref", "referer", "referrer") HOST_ALIASES = ("host",) -HSQLDB_DEFAULT_SCHEMA = "PUBLIC" +H2_DEFAULT_SCHEMA = HSQLDB_DEFAULT_SCHEMA = "PUBLIC" # Names that can't be used to name files on Windows OS WINDOWS_RESERVED_NAMES = ("CON", "PRN", "AUX", "NUL", "COM1", "COM2", "COM3", "COM4", "COM5", "COM6", "COM7", "COM8", "COM9", "LPT1", "LPT2", "LPT3", "LPT4", "LPT5", "LPT6", "LPT7", "LPT8", "LPT9") diff --git a/plugins/dbms/h2/connector.py b/plugins/dbms/h2/connector.py index ee605409f..e9bc44f9e 100644 --- a/plugins/dbms/h2/connector.py +++ b/plugins/dbms/h2/connector.py @@ -5,87 +5,14 @@ Copyright (c) 2006-2018 sqlmap developers (http://sqlmap.org/) See the file 'LICENSE' for copying permission """ -try: - import jaydebeapi - import jpype -except: - pass - -import logging - -from lib.core.common import checkFile -from lib.core.common import readInput -from lib.core.data import conf -from lib.core.data import logger -from lib.core.exception import SqlmapConnectionException +from lib.core.exception import SqlmapUnsupportedFeatureException from plugins.generic.connector import Connector as GenericConnector class Connector(GenericConnector): - """ - Homepage: https://pypi.python.org/pypi/JayDeBeApi/ & http://jpype.sourceforge.net/ - User guide: https://pypi.python.org/pypi/JayDeBeApi/#usage & http://jpype.sourceforge.net/doc/user-guide/userguide.html - API: - - Debian package: - - License: LGPL & Apache License 2.0 - """ - def __init__(self): GenericConnector.__init__(self) def connect(self): - self.initConnection() - try: - msg = "what's the location of 'hsqldb.jar'? " - jar = readInput(msg) - checkFile(jar) - args = "-Djava.class.path=%s" % jar - jvm_path = jpype.getDefaultJVMPath() - jpype.startJVM(jvm_path, args) - except Exception, msg: - raise SqlmapConnectionException(msg[0]) - - try: - driver = 'org.hsqldb.jdbc.JDBCDriver' - connection_string = 'jdbc:hsqldb:mem:.' # 'jdbc:hsqldb:hsql://%s/%s' % (self.hostname, self.db) - self.connector = jaydebeapi.connect(driver, connection_string, str(self.user), str(self.password)) - except Exception, msg: - raise SqlmapConnectionException(msg[0]) - - self.initCursor() - self.printConnected() - - def fetchall(self): - try: - return self.cursor.fetchall() - except Exception, msg: - logger.log(logging.WARN if conf.dbmsHandler else logging.DEBUG, "(remote) %s" % msg[1]) - return None - - def execute(self, query): - retVal = False - - try: - self.cursor.execute(query) - retVal = True - except Exception, msg: # TODO: fix with specific error - logger.log(logging.WARN if conf.dbmsHandler else logging.DEBUG, "(remote) %s" % msg[1]) - - self.connector.commit() - - return retVal - - def select(self, query): - retVal = None - - upper_query = query.upper() - - if query and not (upper_query.startswith("SELECT ") or upper_query.startswith("VALUES ")): - query = "VALUES %s" % query - - if query and upper_query.startswith("SELECT ") and " FROM " not in upper_query: - query = "%s FROM (VALUES(0))" % query - - self.cursor.execute(query) - retVal = self.cursor.fetchall() - - return retVal + errMsg = "on H2 it is not (currently) possible to establish a " + errMsg += "direct connection" + raise SqlmapUnsupportedFeatureException(errMsg) diff --git a/plugins/dbms/h2/enumeration.py b/plugins/dbms/h2/enumeration.py index 2035d6f25..c4f9560a2 100644 --- a/plugins/dbms/h2/enumeration.py +++ b/plugins/dbms/h2/enumeration.py @@ -12,6 +12,7 @@ from lib.core.data import logger from lib.core.data import queries from lib.core.common import unArrayizeValue from lib.core.enums import DBMS +from lib.core.settings import H2_DEFAULT_SCHEMA from lib.request import inject class Enumeration(GenericEnumeration): @@ -40,3 +41,12 @@ class Enumeration(GenericEnumeration): def getHostname(self): warnMsg = "on H2 it is not possible to enumerate the hostname" logger.warn(warnMsg) + + def getCurrentDb(self): + return H2_DEFAULT_SCHEMA + + def getPasswordHashes(self): + warnMsg = "on H2 it is not possible to list password hashes" + logger.warn(warnMsg) + + return {} diff --git a/plugins/dbms/h2/fingerprint.py b/plugins/dbms/h2/fingerprint.py index d11313aff..c2a90521c 100644 --- a/plugins/dbms/h2/fingerprint.py +++ b/plugins/dbms/h2/fingerprint.py @@ -27,32 +27,28 @@ class Fingerprint(GenericFingerprint): value = "" wsOsFp = Format.getOs("web server", kb.headersFp) - if wsOsFp and not conf.api: + if wsOsFp: value += "%s\n" % wsOsFp if kb.data.banner: dbmsOsFp = Format.getOs("back-end DBMS", kb.bannerFp) - if dbmsOsFp and not conf.api: + if dbmsOsFp: value += "%s\n" % dbmsOsFp value += "back-end DBMS: " - actVer = Format.getDbms() if not conf.extensiveFp: - value += actVer + value += DBMS.H2 return value + actVer = Format.getDbms() blank = " " * 15 value += "active fingerprint: %s" % actVer if kb.bannerFp: banVer = kb.bannerFp.get("dbmsVersion") - - if re.search(r"-log$", kb.data.banner): - banVer += ", logging enabled" - - banVer = Format.getDbms([banVer] if banVer else None) + banVer = Format.getDbms([banVer]) value += "\n%sbanner parsing fingerprint: %s" % (blank, banVer) htmlErrorFp = Format.getErrorParsedDBMSes() @@ -66,9 +62,6 @@ class Fingerprint(GenericFingerprint): if not conf.extensiveFp and Backend.isDbmsWithin(H2_ALIASES): setDbms("%s %s" % (DBMS.H2, Backend.getVersion())) - if Backend.isVersionGreaterOrEqualThan("1.7.2"): - kb.data.has_information_schema = True - self.getBanner() return True @@ -90,31 +83,15 @@ class Fingerprint(GenericFingerprint): return False else: - kb.data.has_information_schema = True - Backend.setVersion(">= 1.7.2") - setDbms("%s 1.7.2" % DBMS.H2) + setDbms(DBMS.H2) - banner = self.getBanner() - if banner: - Backend.setVersion("= %s" % banner) - else: - if inject.checkBooleanExpression("(SELECT [RANDNUM] FROM (VALUES(0)))=[RANDNUM]"): - Backend.setVersionList([">= 2.0.0", "< 2.3.0"]) - else: - banner = unArrayizeValue(inject.getValue("\"org.hsqldbdb.Library.getDatabaseFullProductVersion\"()", safeCharEncode=True)) - if banner: - Backend.setVersion("= %s" % banner) - else: - Backend.setVersionList([">= 1.7.2", "< 1.8.0"]) + self.getBanner() - return True + return True else: warnMsg = "the back-end DBMS is not %s" % DBMS.H2 logger.warn(warnMsg) - dbgMsg = "...or version is < 1.7.2" - logger.debug(dbgMsg) - return False def getHostname(self): diff --git a/plugins/dbms/maxdb/connector.py b/plugins/dbms/maxdb/connector.py index 9b4b8390f..70295c3c5 100644 --- a/plugins/dbms/maxdb/connector.py +++ b/plugins/dbms/maxdb/connector.py @@ -13,6 +13,6 @@ class Connector(GenericConnector): GenericConnector.__init__(self) def connect(self): - errMsg = "on SAP MaxDB it is not possible to establish a " + errMsg = "on SAP MaxDB it is not (currently) possible to establish a " errMsg += "direct connection" raise SqlmapUnsupportedFeatureException(errMsg) diff --git a/plugins/generic/databases.py b/plugins/generic/databases.py index 3f0354974..b63e57979 100644 --- a/plugins/generic/databases.py +++ b/plugins/generic/databases.py @@ -438,7 +438,7 @@ class Databases: raise SqlmapNoneDataException(errMsg) elif conf.db is not None: - if Backend.getIdentifiedDbms() in (DBMS.ORACLE, DBMS.DB2, DBMS.HSQLDB): + if Backend.getIdentifiedDbms() in (DBMS.ORACLE, DBMS.DB2, DBMS.HSQLDB, DBMS.H2): conf.db = conf.db.upper() if ',' in conf.db: @@ -465,7 +465,7 @@ class Databases: colList = filter(None, colList) if conf.tbl: - if Backend.getIdentifiedDbms() in (DBMS.ORACLE, DBMS.DB2, DBMS.HSQLDB): + if Backend.getIdentifiedDbms() in (DBMS.ORACLE, DBMS.DB2, DBMS.HSQLDB, DBMS.H2): conf.tbl = conf.tbl.upper() tblList = conf.tbl.split(',') diff --git a/txt/checksum.md5 b/txt/checksum.md5 index 4f2c6d2ae..b4c536e07 100644 --- a/txt/checksum.md5 +++ b/txt/checksum.md5 @@ -27,7 +27,7 @@ c1bccc94522d3425a372dcd57f78418e extra/wafdetectify/wafdetectify.py d6deacb76e1f479b3c690c215fad1c08 lib/controller/controller.py 97a0f363bfc33a5ee4853cdf91515423 lib/controller/handler.py 1e5532ede194ac9c083891c2f02bca93 lib/controller/__init__.py -a866dd953fdc4b5273a9c28f6b2361f1 lib/core/agent.py +cb865cf6eff60118bc97a0f106af5e4d lib/core/agent.py c347f085bd561adfa26d3a9512e5f3b9 lib/core/bigarray.py ce7fb7270b104f05d1e2be088b69c976 lib/core/common.py 0d082da16c388b3445e656e0760fb582 lib/core/convert.py @@ -36,7 +36,7 @@ ce7fb7270b104f05d1e2be088b69c976 lib/core/common.py 4086fb55f42e27de5330505605baad0f lib/core/decorators.py fbb55cc6100318ff922957b6577dc58f lib/core/defaults.py 56b79ee7acd2da19c1678250edfdafab lib/core/dicts.py -d4b3d448bcfd9f15d089fc81d38f4825 lib/core/dump.py +760de985e09f5d11aacd3a8f2d8e9ff2 lib/core/dump.py ee7da34f4947739778a07d6c9c05ab54 lib/core/enums.py cada93357a7321655927fc9625b3bfec lib/core/exception.py 1e5532ede194ac9c083891c2f02bca93 lib/core/__init__.py @@ -49,7 +49,7 @@ c8c386d644d57c659d74542f5f57f632 lib/core/patch.py 0c3eef46bdbf87e29a3f95f90240d192 lib/core/replication.py a7db43859b61569b601b97f187dd31c5 lib/core/revision.py fcb74fcc9577523524659ec49e2e964b lib/core/session.py -1eb1c8d9bf5f38efc0625524d7dfa8ed lib/core/settings.py +5a5c0538e7464803ea3cd2b55b98f991 lib/core/settings.py dd68a9d02fccb4fa1428b20e15b0db5d lib/core/shell.py a7edc9250d13af36ac0108f259859c19 lib/core/subprocessng.py 47ad325975ab21fc9f11d90b46d0d143 lib/core/target.py @@ -140,10 +140,10 @@ bf98dbd666c162088f23ee697c065010 plugins/dbms/firebird/fingerprint.py d4ea3036492b8ae15340548b2936021f plugins/dbms/firebird/__init__.py c56f2dabe88fd761a1a9a51e4d104088 plugins/dbms/firebird/syntax.py 1522a29bd4b54ea78bb2855fc32b6c72 plugins/dbms/firebird/takeover.py -271a7f16e781d56a0a31a3d5515a1945 plugins/dbms/h2/connector.py -687005cf105ab50c62b6686866d6ef13 plugins/dbms/h2/enumeration.py +79c44d8d0dffc140d38796a32e92a66a plugins/dbms/h2/connector.py +5b99e9a60409f54a140747ce1ca0342f plugins/dbms/h2/enumeration.py b1ed542fff0aa53c54e8bc07658aeaf1 plugins/dbms/h2/filesystem.py -443bc9ac09ce180360ff5a660ac3d6ba plugins/dbms/h2/fingerprint.py +4fe530d10b74210bd045205d9318b5d6 plugins/dbms/h2/fingerprint.py 1de698e4cfddd754ffe31ea2640a481a plugins/dbms/h2/__init__.py 4673ebfdce9859718c19e8a7765da8d3 plugins/dbms/h2/syntax.py af746ef421cfefedc1aaa9dca1503de2 plugins/dbms/h2/takeover.py @@ -162,7 +162,7 @@ b182f01c2ba82aa94fbe4948383ea98d plugins/dbms/informix/fingerprint.py aa77fec4fe6b2d7ca4a91aebd9ff4e21 plugins/dbms/informix/syntax.py 25f0fb28e9defcab48a2e946fbb7550a plugins/dbms/informix/takeover.py 1e5532ede194ac9c083891c2f02bca93 plugins/dbms/__init__.py -6917f9b045f6188b89e816dea9b46a3f plugins/dbms/maxdb/connector.py +9c0307881fae556521bec393956664b0 plugins/dbms/maxdb/connector.py 1f3f9d4c7ec62452ed2465cd9cf50aa1 plugins/dbms/maxdb/enumeration.py ffd26f64142226d0b1ed1d70f7f294c0 plugins/dbms/maxdb/filesystem.py 9f9f1c4c4c3150545c4b61d1cffc76a8 plugins/dbms/maxdb/fingerprint.py @@ -213,7 +213,7 @@ a3db8618eed5bb2807b6f77605cba9cc plugins/dbms/sybase/__init__.py 79f6c7017db4ded8f74a0117188836ff plugins/dbms/sybase/takeover.py 34d181a7086d6dfc7e72ae5f8a4cfe0f plugins/generic/connector.py ce6a6ff713852b5eca7b78316cc941c4 plugins/generic/custom.py -ca122ea307ed367a55b12a67a6079e74 plugins/generic/databases.py +dd0875db408080c8192c5186d2d9c246 plugins/generic/databases.py 35546acab0eea406c23b84363df4d534 plugins/generic/entries.py d82f2c78c1d4d7c6487e94fd3a68a908 plugins/generic/enumeration.py 0a67b8b46f69df7cfacc286b47a0d9a5 plugins/generic/filesystem.py @@ -484,4 +484,4 @@ a279656ea3fcb85c727249b02f828383 xml/livetests.xml 82c65823a0af3fccbecf37f1c75f0b29 xml/payloads/stacked_queries.xml 92c41925eba27afeed76bceba6b18be2 xml/payloads/time_blind.xml ac649aff0e7db413e4937e446e398736 xml/payloads/union_query.xml -39173640d6807991a6b78e9bea973339 xml/queries.xml +c83a948e23219f1d101d3b3aa7eb1391 xml/queries.xml diff --git a/xml/queries.xml b/xml/queries.xml index db9950f4b..ee1cf5ed7 100644 --- a/xml/queries.xml +++ b/xml/queries.xml @@ -676,7 +676,7 @@ - + @@ -739,23 +739,18 @@ - + mirek - + - - - + + - - - - - +