updates, fixes and stuff

2025-03-14 15:14:31 +03:00 · 2010-03-30 11:06:30 +00:00 · 2010-03-30 11:06:30 +00:00 · 87d8c6719e
commit 87d8c6719e
parent f04449be03
7 changed files with 82 additions and 14 deletions
--- a/lib/core/common.py
+++ b/lib/core/common.py
@ -606,15 +606,21 @@ def parseTargetDirect():
    details = None

    for dbms in SUPPORTED_DBMS:
-        details = re.search("^(%s)://(.+?)\:(.+?)\@(.+?)\:([\d]+)\/(.+?)$" % dbms, conf.direct, re.I)
+        details = re.search("^(?P<dbms>%s)://(?P<optional>(?P<dbmsUser>.+?)\:(?P<dbmsPass>.+?)\@(?P<hostname>.+?)\:(?P<port>[\d]+)\/)?(?P<dbmsDb>.+?)$" % dbms, conf.direct, re.I)

        if details:
-            conf.dbms     = details.group(1)
-            conf.dbmsUser = details.group(2)
-            conf.dbmsPass = details.group(3)
-            conf.hostname = details.group(4)
-            conf.port     = int(details.group(5))
-            conf.dbmsDb   = details.group(6)
+            conf.dbms     = details.group('dbms')
+            if details.group('optional'):
+                conf.dbmsUser = details.group('dbmsUser')
+                conf.dbmsPass = details.group('dbmsPass')
+                conf.hostname = details.group('hostname')
+                conf.port     = int(details.group('port'))
+            else:
+                conf.dbmsUser = str()
+                conf.dbmsPass = str()
+                conf.hostname = "localhost"
+                conf.port     = 0         
+            conf.dbmsDb   = details.group('dbmsDb')

            conf.parameters[None] = "direct connection"

--- a/plugins/dbms/access/connector.py
+++ b/plugins/dbms/access/connector.py
@ -22,14 +22,67 @@ with sqlmap; if not, write to the Free Software Foundation, Inc., 51
 Franklin St, Fifth Floor, Boston, MA  02110-1301  USA
 """

+try:
+    import pyodbc
+except ImportError, _:
+    pass
+
+from lib.core.data import conf
+from lib.core.data import logger
+from lib.core.exception import sqlmapConnectionException
+
 from plugins.generic.connector import Connector as GenericConnector

 class Connector(GenericConnector):
    """
-    Homepage: 
-    User guide: 
-    API: 
+    Homepage: http://pyodbc.googlecode.com/
+    User guide: http://code.google.com/p/pyodbc/wiki/GettingStarted
+    API: http://code.google.com/p/pyodbc/w/list
+    Debian package: python-pyodbc
+    License: MIT
    """

    def __init__(self):
        GenericConnector.__init__(self)
+
+    def connect(self):
+        self.initConnection()
+
+        try:
+            self.connector = pyodbc.connect(driver='{Microsoft Access Driver (*.mdb)}', dbq=self.db)
+        except pyodbc.OperationalError, msg:
+            raise sqlmapConnectionException, msg[1]
+
+        self.setCursor()
+        self.connected()
+
+    def fetchall(self):
+        try:
+            return self.cursor.fetchall()
+        except pyodbc.OperationalError, msg:
+            logger.log(8, msg[1])
+            return None
+
+    def execute(self, query):
+        logger.debug(query)
+
+        try:
+            self.cursor.execute(query)
+        except pyodbc.OperationalError, msg:
+            logger.log(8, msg[1])
+        except pyodbc.Error, msg:
+            raise sqlmapConnectionException, msg[1]
+
+        self.connector.commit()
+
+    def select(self, query):
+        self.cursor.execute(query)
+        return self.cursor.fetchall()
+
+    def setCursor(self):
+        self.cursor = self.connector.cursor()
+
+    def close(self):
+        self.cursor.close()
+        self.connector.close()
+
--- a/plugins/dbms/access/fingerprint.py
+++ b/plugins/dbms/access/fingerprint.py
@ -143,6 +143,9 @@ class Fingerprint(GenericFingerprint):

        logMsg = "testing Microsoft Access"
        logger.info(logMsg)
+        
+        if conf.direct:
+            conf.dbmsConnector.connect()

        payload = agent.fullPayload(" AND VAL(CVAR(1))=1")
        result  = Request.queryPage(payload)
--- a/plugins/dbms/firebird/connector.py
+++ b/plugins/dbms/firebird/connector.py
@ -74,8 +74,8 @@ class Connector(GenericConnector):
        self.connector.commit()

    def select(self, query):
-        self.execute(query)
-        return self.fetchall()
+        self.cursor.execute(query)
+        return self.cursor.fetchall()

    def setCursor(self):
        self.cursor = self.connector.cursor()
--- a/plugins/dbms/firebird/fingerprint.py
+++ b/plugins/dbms/firebird/fingerprint.py
@ -127,6 +127,9 @@ class Fingerprint(GenericFingerprint):
        logMsg = "testing Firebird"
        logger.info(logMsg)
        
+        if conf.direct:
+            conf.dbmsConnector.connect()
+        
        randInt = randomInt()

        payload = agent.fullPayload(" AND EXISTS(SELECT * FROM RDB$DATABASE WHERE %d=%d)" % (randInt, randInt))
--- a/plugins/dbms/sqlite/connector.py
+++ b/plugins/dbms/sqlite/connector.py
@ -78,8 +78,8 @@ class Connector(GenericConnector):
        self.connector.commit()

    def select(self, query):
-        self.execute(query)
-        return self.fetchall()
+        self.cursor.execute(query)
+        return self.cursor.fetchall()

    def setCursor(self):
        self.cursor = self.connector.cursor()
--- a/plugins/dbms/sqlite/fingerprint.py
+++ b/plugins/dbms/sqlite/fingerprint.py
@ -93,6 +93,9 @@ class Fingerprint(GenericFingerprint):

        logMsg = "testing SQLite"
        logger.info(logMsg)
+        
+        if conf.direct:
+            conf.dbmsConnector.connect()

        payload = agent.fullPayload(" AND LAST_INSERT_ROWID()=LAST_INSERT_ROWID()")
        result  = Request.queryPage(payload)