mirror of
https://github.com/sqlmapproject/sqlmap.git
synced 2025-01-24 08:14:24 +03:00
More code refactoring of Backend class methods used
This commit is contained in:
Bernardo Damele
parent
2f2758b033
commit
9a4ae7d9e2
|
|
@ -282,14 +282,14 @@ class Agent:
|
|||
|
||||
# SQLite version 2 does not support neither CAST() nor IFNULL(),
|
||||
# introduced only in SQLite version 3
|
||||
if Backend.getIdentifiedDbms() == DBMS.SQLITE:
|
||||
if Backend.isDbms(DBMS.SQLITE):
|
||||
return field
|
||||
|
||||
if field.startswith("(CASE"):
|
||||
nulledCastedField = field
|
||||
else:
|
||||
nulledCastedField = queries[Backend.getIdentifiedDbms()].cast.query % field
|
||||
if Backend.getIdentifiedDbms() == DBMS.ACCESS:
|
||||
if Backend.isDbms(DBMS.ACCESS):
|
||||
nulledCastedField = queries[Backend.getIdentifiedDbms()].isnull.query % (nulledCastedField, nulledCastedField)
|
||||
else:
|
||||
nulledCastedField = queries[Backend.getIdentifiedDbms()].isnull.query % nulledCastedField
|
||||
|
|
@ -401,7 +401,7 @@ class Agent:
|
|||
def simpleConcatQuery(self, query1, query2):
|
||||
concatenatedQuery = ""
|
||||
|
||||
if Backend.getIdentifiedDbms() == DBMS.MYSQL:
|
||||
if Backend.isDbms(DBMS.MYSQL):
|
||||
concatenatedQuery = "CONCAT(%s,%s)" % (query1, query2)
|
||||
|
||||
elif Backend.getIdentifiedDbms() in (DBMS.PGSQL, DBMS.ORACLE, DBMS.SQLITE):
|
||||
|
|
@ -447,7 +447,7 @@ class Agent:
|
|||
else:
|
||||
return query
|
||||
|
||||
if Backend.getIdentifiedDbms() == DBMS.MYSQL:
|
||||
if Backend.isDbms(DBMS.MYSQL):
|
||||
if fieldsExists:
|
||||
concatenatedQuery = concatenatedQuery.replace("SELECT ", "CONCAT('%s'," % kb.misc.start, 1)
|
||||
concatenatedQuery += ",'%s')" % kb.misc.stop
|
||||
|
|
@ -540,7 +540,7 @@ class Agent:
|
|||
if query.startswith("TOP"):
|
||||
# TOP enumeration on DBMS.MSSQL is too specific and it has to go into it's own brackets
|
||||
# because those NULLs cause problems with ORDER BY clause
|
||||
if Backend.getIdentifiedDbms() == DBMS.MSSQL:
|
||||
if Backend.isDbms(DBMS.MSSQL):
|
||||
inbandQuery += ",".join(map(lambda x: char if x != position else '(SELECT %s)' % query, range(0, count)))
|
||||
inbandQuery = self.suffixQuery(inbandQuery, comment, suffix)
|
||||
return inbandQuery
|
||||
|
|
@ -633,11 +633,11 @@ class Agent:
|
|||
limitStr = queries[Backend.getIdentifiedDbms()].limit.query % (num, 1)
|
||||
limitedQuery += " %s" % limitStr
|
||||
|
||||
elif Backend.getIdentifiedDbms() == DBMS.FIREBIRD:
|
||||
elif Backend.isDbms(DBMS.FIREBIRD):
|
||||
limitStr = queries[Backend.getIdentifiedDbms()].limit.query % (num+1, num+1)
|
||||
limitedQuery += " %s" % limitStr
|
||||
|
||||
elif Backend.getIdentifiedDbms() == DBMS.ORACLE:
|
||||
elif Backend.isDbms(DBMS.ORACLE):
|
||||
if " ORDER BY " in limitedQuery and "(SELECT " in limitedQuery:
|
||||
orderBy = limitedQuery[limitedQuery.index(" ORDER BY "):]
|
||||
limitedQuery = limitedQuery[:limitedQuery.index(" ORDER BY ")]
|
||||
|
|
@ -650,7 +650,7 @@ class Agent:
|
|||
limitedQuery = limitedQuery % fromFrom
|
||||
limitedQuery += "=%d" % (num + 1)
|
||||
|
||||
elif Backend.getIdentifiedDbms() == DBMS.MSSQL:
|
||||
elif Backend.isDbms(DBMS.MSSQL):
|
||||
forgeNotIn = True
|
||||
|
||||
if " ORDER BY " in limitedQuery:
|
||||
|
|
|
|||
|
|
@ -869,7 +869,7 @@ def parsePasswordHash(password):
|
|||
if not password or password == " ":
|
||||
password = "NULL"
|
||||
|
||||
if Backend.getIdentifiedDbms() == DBMS.MSSQL and password != "NULL" and isHexEncodedString(password):
|
||||
if Backend.isDbms(DBMS.MSSQL) and password != "NULL" and isHexEncodedString(password):
|
||||
hexPassword = password
|
||||
password = "%s\n" % hexPassword
|
||||
password += "%sheader: %s\n" % (blank, hexPassword[:6])
|
||||
|
|
@ -1194,11 +1194,11 @@ def getDelayQuery(andCond=False):
|
|||
|
||||
banVer = kb.bannerFp["dbmsVersion"] if 'dbmsVersion' in kb.bannerFp else None
|
||||
|
||||
if banVer is None or (Backend.getIdentifiedDbms() == DBMS.MYSQL and banVer >= "5.0.12") or (Backend.getIdentifiedDbms() == DBMS.PGSQL and banVer >= "8.2"):
|
||||
if banVer is None or (Backend.isDbms(DBMS.MYSQL) and banVer >= "5.0.12") or (Backend.isDbms(DBMS.PGSQL) and banVer >= "8.2"):
|
||||
query = queries[Backend.getIdentifiedDbms()].timedelay.query % conf.timeSec
|
||||
else:
|
||||
query = queries[Backend.getIdentifiedDbms()].timedelay.query2 % conf.timeSec
|
||||
elif Backend.getIdentifiedDbms() == DBMS.FIREBIRD:
|
||||
elif Backend.isDbms(DBMS.FIREBIRD):
|
||||
query = queries[Backend.getIdentifiedDbms()].timedelay.query
|
||||
else:
|
||||
query = queries[Backend.getIdentifiedDbms()].timedelay.query % conf.timeSec
|
||||
|
|
@ -1206,7 +1206,7 @@ def getDelayQuery(andCond=False):
|
|||
if andCond:
|
||||
if Backend.getIdentifiedDbms() in ( DBMS.MYSQL, DBMS.SQLITE ):
|
||||
query = query.replace("SELECT ", "")
|
||||
elif Backend.getIdentifiedDbms() == DBMS.FIREBIRD:
|
||||
elif Backend.isDbms(DBMS.FIREBIRD):
|
||||
query = "(%s)>0" % query
|
||||
|
||||
return query
|
||||
|
|
|
|||
|
|
@ -104,9 +104,9 @@ class Dump:
|
|||
self.string("current user", data)
|
||||
|
||||
def currentDb(self,data):
|
||||
if Backend.getIdentifiedDbms() == DBMS.MAXDB:
|
||||
if Backend.isDbms(DBMS.MAXDB):
|
||||
self.string("current database (no practical usage on %s)" % Backend.getIdentifiedDbms(), data)
|
||||
elif Backend.getIdentifiedDbms() == DBMS.ORACLE:
|
||||
elif Backend.isDbms(DBMS.ORACLE):
|
||||
self.string("current schema (equivalent to database on %s)" % Backend.getIdentifiedDbms(), data)
|
||||
else:
|
||||
self.string("current database", data)
|
||||
|
|
|
|||
|
|
@ -97,13 +97,13 @@ def bannerParser(banner):
|
|||
|
||||
xmlfile = None
|
||||
|
||||
if Backend.getIdentifiedDbms() == DBMS.MSSQL:
|
||||
if Backend.isDbms(DBMS.MSSQL):
|
||||
xmlfile = paths.MSSQL_XML
|
||||
elif Backend.getIdentifiedDbms() == DBMS.MYSQL:
|
||||
elif Backend.isDbms(DBMS.MYSQL):
|
||||
xmlfile = paths.MYSQL_XML
|
||||
elif Backend.getIdentifiedDbms() == DBMS.ORACLE:
|
||||
elif Backend.isDbms(DBMS.ORACLE):
|
||||
xmlfile = paths.ORACLE_XML
|
||||
elif Backend.getIdentifiedDbms() == DBMS.PGSQL:
|
||||
elif Backend.isDbms(DBMS.PGSQL):
|
||||
xmlfile = paths.PGSQL_XML
|
||||
|
||||
if not xmlfile:
|
||||
|
|
@ -111,7 +111,7 @@ def bannerParser(banner):
|
|||
|
||||
checkFile(xmlfile)
|
||||
|
||||
if Backend.getIdentifiedDbms() == DBMS.MSSQL:
|
||||
if Backend.isDbms(DBMS.MSSQL):
|
||||
handler = MSSQLBannerHandler(banner, kb.bannerFp)
|
||||
parseXmlFile(xmlfile, handler)
|
||||
|
||||
|
|
|
|||
|
|
@ -27,7 +27,7 @@ def direct(query, content=True):
|
|||
select = True
|
||||
query = agent.payloadDirect(query)
|
||||
|
||||
if Backend.getIdentifiedDbms() == DBMS.ORACLE and query.startswith("SELECT ") and " FROM " not in query:
|
||||
if Backend.isDbms(DBMS.ORACLE) and query.startswith("SELECT ") and " FROM " not in query:
|
||||
query = "%s FROM DUAL" % query
|
||||
|
||||
for sqlTitle, sqlStatements in SQL_STATEMENTS.items():
|
||||
|
|
|
|||
|
|
@ -141,7 +141,7 @@ def __goInferenceProxy(expression, fromUser=False, expected=None, batch=False, r
|
|||
_, _, _, _, _, expressionFieldsList, expressionFields, _ = agent.getFields(expression)
|
||||
|
||||
rdbRegExp = re.search("RDB\$GET_CONTEXT\([^)]+\)", expression, re.I)
|
||||
if rdbRegExp and Backend.getIdentifiedDbms() == DBMS.FIREBIRD:
|
||||
if rdbRegExp and Backend.isDbms(DBMS.FIREBIRD):
|
||||
expressionFieldsList = [expressionFields]
|
||||
|
||||
if len(expressionFieldsList) > 1:
|
||||
|
|
@ -189,7 +189,7 @@ def __goInferenceProxy(expression, fromUser=False, expected=None, batch=False, r
|
|||
stopLimit = int(topLimit.group(1))
|
||||
limitCond = int(stopLimit) > 1
|
||||
|
||||
elif Backend.getIdentifiedDbms() == DBMS.ORACLE:
|
||||
elif Backend.isDbms(DBMS.ORACLE):
|
||||
limitCond = False
|
||||
else:
|
||||
limitCond = True
|
||||
|
|
|
|||
|
|
@ -45,7 +45,7 @@ class Abstraction(Web, UDF, xp_cmdshell):
|
|||
elif Backend.getIdentifiedDbms() in ( DBMS.MYSQL, DBMS.PGSQL ):
|
||||
self.udfExecCmd(cmd, silent=silent)
|
||||
|
||||
elif Backend.getIdentifiedDbms() == DBMS.MSSQL:
|
||||
elif Backend.isDbms(DBMS.MSSQL):
|
||||
self.xpCmdshellExecCmd(cmd, silent=silent)
|
||||
|
||||
else:
|
||||
|
|
@ -59,7 +59,7 @@ class Abstraction(Web, UDF, xp_cmdshell):
|
|||
elif Backend.getIdentifiedDbms() in ( DBMS.MYSQL, DBMS.PGSQL ):
|
||||
return self.udfEvalCmd(cmd, first, last)
|
||||
|
||||
elif Backend.getIdentifiedDbms() == DBMS.MSSQL:
|
||||
elif Backend.isDbms(DBMS.MSSQL):
|
||||
return self.xpCmdshellEvalCmd(cmd, first, last)
|
||||
|
||||
else:
|
||||
|
|
@ -100,7 +100,7 @@ class Abstraction(Web, UDF, xp_cmdshell):
|
|||
infoMsg += "command execution"
|
||||
logger.info(infoMsg)
|
||||
|
||||
elif Backend.getIdentifiedDbms() == DBMS.MSSQL:
|
||||
elif Backend.isDbms(DBMS.MSSQL):
|
||||
infoMsg = "going to use xp_cmdshell extended procedure for "
|
||||
infoMsg += "operating system command execution"
|
||||
logger.info(infoMsg)
|
||||
|
|
@ -154,7 +154,7 @@ class Abstraction(Web, UDF, xp_cmdshell):
|
|||
|
||||
if Backend.getIdentifiedDbms() in ( DBMS.MYSQL, DBMS.PGSQL ):
|
||||
self.udfInjectSys()
|
||||
elif Backend.getIdentifiedDbms() == DBMS.MSSQL:
|
||||
elif Backend.isDbms(DBMS.MSSQL):
|
||||
if mandatory:
|
||||
self.xpCmdshellInit()
|
||||
else:
|
||||
|
|
|
|||
|
|
@ -189,13 +189,13 @@ class Metasploit:
|
|||
if __payloadStr == "windows/vncinject":
|
||||
choose = False
|
||||
|
||||
if Backend.getIdentifiedDbms() == DBMS.MYSQL:
|
||||
if Backend.isDbms(DBMS.MYSQL):
|
||||
debugMsg = "by default MySQL on Windows runs as SYSTEM "
|
||||
debugMsg += "user, it is likely that the the VNC "
|
||||
debugMsg += "injection will be successful"
|
||||
logger.debug(debugMsg)
|
||||
|
||||
elif Backend.getIdentifiedDbms() == DBMS.PGSQL:
|
||||
elif Backend.isDbms(DBMS.PGSQL):
|
||||
choose = True
|
||||
|
||||
warnMsg = "by default PostgreSQL on Windows runs as "
|
||||
|
|
@ -203,7 +203,7 @@ class Metasploit:
|
|||
warnMsg += "injection will be successful"
|
||||
logger.warn(warnMsg)
|
||||
|
||||
elif Backend.getIdentifiedDbms() == DBMS.MSSQL and Backend.isVersionWithin(("2005", "2008")):
|
||||
elif Backend.isDbms(DBMS.MSSQL) and Backend.isVersionWithin(("2005", "2008")):
|
||||
choose = True
|
||||
|
||||
warnMsg = "it is unlikely that the VNC injection will be "
|
||||
|
|
@ -232,12 +232,12 @@ class Metasploit:
|
|||
break
|
||||
|
||||
elif choice == "1":
|
||||
if Backend.getIdentifiedDbms() == DBMS.PGSQL:
|
||||
if Backend.isDbms(DBMS.PGSQL):
|
||||
logger.warn("beware that the VNC injection might not work")
|
||||
|
||||
break
|
||||
|
||||
elif Backend.getIdentifiedDbms() == DBMS.MSSQL and Backend.isVersionWithin(("2005", "2008")):
|
||||
elif Backend.isDbms(DBMS.MSSQL) and Backend.isVersionWithin(("2005", "2008")):
|
||||
break
|
||||
|
||||
elif not choice.isdigit():
|
||||
|
|
|
|||
|
|
@ -144,9 +144,9 @@ class UDF:
|
|||
if udf in self.udfToCreate and udf not in self.createdUdf:
|
||||
self.udfCreateFromSharedLib(udf, inpRet)
|
||||
|
||||
if Backend.getIdentifiedDbms() == DBMS.MYSQL:
|
||||
if Backend.isDbms(DBMS.MYSQL):
|
||||
supportTblType = "longtext"
|
||||
elif Backend.getIdentifiedDbms() == DBMS.PGSQL:
|
||||
elif Backend.isDbms(DBMS.PGSQL):
|
||||
supportTblType = "text"
|
||||
|
||||
self.udfCreateSupportTbl(supportTblType)
|
||||
|
|
@ -237,9 +237,9 @@ class UDF:
|
|||
else:
|
||||
logger.warn("you need to specify the name of the UDF")
|
||||
|
||||
if Backend.getIdentifiedDbms() == DBMS.MYSQL:
|
||||
if Backend.isDbms(DBMS.MYSQL):
|
||||
defaultType = "string"
|
||||
elif Backend.getIdentifiedDbms() == DBMS.PGSQL:
|
||||
elif Backend.isDbms(DBMS.PGSQL):
|
||||
defaultType = "text"
|
||||
|
||||
self.udfs[udfName]["input"] = []
|
||||
|
|
|
|||
|
|
@ -57,7 +57,7 @@ def __oneShotErrorUse(expression, field):
|
|||
|
||||
nulledCastedField = agent.nullAndCastField(field)
|
||||
|
||||
if Backend.getIdentifiedDbms() == DBMS.MYSQL:
|
||||
if Backend.isDbms(DBMS.MYSQL):
|
||||
nulledCastedField = queries[DBMS.MYSQL].substring.query % (nulledCastedField, offset, MYSQL_ERROR_CHUNK_LENGTH)
|
||||
|
||||
# Forge the error-based SQL injection request
|
||||
|
|
@ -101,7 +101,7 @@ def __oneShotErrorUse(expression, field):
|
|||
if isinstance(output, basestring):
|
||||
output = htmlunescape(output).replace("<br>", "\n")
|
||||
|
||||
if Backend.getIdentifiedDbms() == DBMS.MYSQL:
|
||||
if Backend.isDbms(DBMS.MYSQL):
|
||||
if offset == 1:
|
||||
retVal = output
|
||||
else:
|
||||
|
|
@ -243,7 +243,7 @@ def errorUse(expression, expected=None, resumeValue=True, dump=False):
|
|||
stopLimit = int(topLimit.group(1))
|
||||
limitCond = int(stopLimit) > 1
|
||||
|
||||
elif Backend.getIdentifiedDbms() == DBMS.ORACLE:
|
||||
elif Backend.isDbms(DBMS.ORACLE):
|
||||
limitCond = False
|
||||
else:
|
||||
limitCond = True
|
||||
|
|
|
|||
|
|
@ -184,7 +184,7 @@ def unionUse(expression, unpack=True, dump=False):
|
|||
stopLimit = int(topLimit.group(1))
|
||||
limitCond = int(stopLimit) > 1
|
||||
|
||||
elif Backend.getIdentifiedDbms() == DBMS.ORACLE:
|
||||
elif Backend.isDbms(DBMS.ORACLE):
|
||||
limitCond = False
|
||||
else:
|
||||
limitCond = True
|
||||
|
|
@ -256,7 +256,7 @@ def unionUse(expression, unpack=True, dump=False):
|
|||
for num in xrange(startLimit, stopLimit):
|
||||
if Backend.getIdentifiedDbms() in (DBMS.MSSQL, DBMS.SYBASE):
|
||||
field = expressionFieldsList[0]
|
||||
elif Backend.getIdentifiedDbms() == DBMS.ORACLE:
|
||||
elif Backend.isDbms(DBMS.ORACLE):
|
||||
field = expressionFieldsList
|
||||
else:
|
||||
field = None
|
||||
|
|
|
|||
|
|
@ -299,9 +299,9 @@ def hashRecognition(value):
|
|||
if isinstance(value, basestring):
|
||||
for name, regex in getPublicTypeMembers(HASH):
|
||||
# Hashes for Oracle and old MySQL look the same hence these checks
|
||||
if Backend.getIdentifiedDbms() == DBMS.ORACLE and regex == HASH.MYSQL_OLD:
|
||||
if Backend.isDbms(DBMS.ORACLE) and regex == HASH.MYSQL_OLD:
|
||||
continue
|
||||
elif Backend.getIdentifiedDbms() == DBMS.MYSQL and regex == HASH.ORACLE_OLD:
|
||||
elif Backend.isDbms(DBMS.MYSQL) and regex == HASH.ORACLE_OLD:
|
||||
continue
|
||||
elif regex == HASH.CRYPT_GENERIC:
|
||||
if any([getCompiledRegex(GENERAL_IP_ADDRESS_REGEX).match(value), value.lower() == value, value.upper() == value, value.isdigit()]):
|
||||
|
|
|
|||
|
|
@ -142,7 +142,7 @@ class Enumeration:
|
|||
infoMsg = "testing if current user is DBA"
|
||||
logger.info(infoMsg)
|
||||
|
||||
if Backend.getIdentifiedDbms() == DBMS.MYSQL:
|
||||
if Backend.isDbms(DBMS.MYSQL):
|
||||
self.getCurrentUser()
|
||||
query = queries[Backend.getIdentifiedDbms()].is_dba.query % (kb.data.currentUser.split("@")[0] if kb.data.currentUser else None)
|
||||
elif Backend.getIdentifiedDbms() in (DBMS.MSSQL, DBMS.SYBASE) and user is not None:
|
||||
|
|
@ -164,8 +164,8 @@ class Enumeration:
|
|||
|
||||
rootQuery = queries[Backend.getIdentifiedDbms()].users
|
||||
|
||||
condition = ( Backend.getIdentifiedDbms() == DBMS.MSSQL and Backend.isVersionWithin(("2005", "2008")) )
|
||||
condition |= ( Backend.getIdentifiedDbms() == DBMS.MYSQL and not kb.data.has_information_schema )
|
||||
condition = ( Backend.isDbms(DBMS.MSSQL) and Backend.isVersionWithin(("2005", "2008")) )
|
||||
condition |= ( Backend.isDbms(DBMS.MYSQL) and not kb.data.has_information_schema )
|
||||
|
||||
if isTechniqueAvailable(PAYLOAD.TECHNIQUE.UNION) or isTechniqueAvailable(PAYLOAD.TECHNIQUE.ERROR) or conf.direct:
|
||||
if condition:
|
||||
|
|
@ -191,7 +191,7 @@ class Enumeration:
|
|||
errMsg = "unable to retrieve the number of database users"
|
||||
raise sqlmapNoneDataException, errMsg
|
||||
|
||||
if Backend.getIdentifiedDbms() == DBMS.ORACLE:
|
||||
if Backend.isDbms(DBMS.ORACLE):
|
||||
plusOne = True
|
||||
else:
|
||||
plusOne = False
|
||||
|
|
@ -242,7 +242,7 @@ class Enumeration:
|
|||
users = []
|
||||
|
||||
if isTechniqueAvailable(PAYLOAD.TECHNIQUE.UNION) or isTechniqueAvailable(PAYLOAD.TECHNIQUE.ERROR) or conf.direct:
|
||||
if Backend.getIdentifiedDbms() == DBMS.MSSQL and Backend.isVersionWithin(("2005", "2008")):
|
||||
if Backend.isDbms(DBMS.MSSQL) and Backend.isVersionWithin(("2005", "2008")):
|
||||
query = rootQuery.inband.query2
|
||||
else:
|
||||
query = rootQuery.inband.query
|
||||
|
|
@ -253,7 +253,7 @@ class Enumeration:
|
|||
query += " WHERE "
|
||||
query += " OR ".join("%s = '%s'" % (condition, user) for user in users)
|
||||
|
||||
if Backend.getIdentifiedDbms() == DBMS.SYBASE:
|
||||
if Backend.isDbms(DBMS.SYBASE):
|
||||
randStr = randomStr()
|
||||
getCurrentThreadData().disableStdOut = True
|
||||
|
||||
|
|
@ -294,7 +294,7 @@ class Enumeration:
|
|||
if parsedUser:
|
||||
users[users.index(user)] = parsedUser.groups()[0]
|
||||
|
||||
if Backend.getIdentifiedDbms() == DBMS.SYBASE:
|
||||
if Backend.isDbms(DBMS.SYBASE):
|
||||
getCurrentThreadData().disableStdOut = True
|
||||
|
||||
randStr = randomStr()
|
||||
|
|
@ -323,7 +323,7 @@ class Enumeration:
|
|||
infoMsg += "for user '%s'" % user
|
||||
logger.info(infoMsg)
|
||||
|
||||
if Backend.getIdentifiedDbms() == DBMS.MSSQL and Backend.isVersionWithin(("2005", "2008")):
|
||||
if Backend.isDbms(DBMS.MSSQL) and Backend.isVersionWithin(("2005", "2008")):
|
||||
query = rootQuery.blind.count2 % user
|
||||
else:
|
||||
query = rootQuery.blind.count % user
|
||||
|
|
@ -340,14 +340,14 @@ class Enumeration:
|
|||
|
||||
passwords = []
|
||||
|
||||
if Backend.getIdentifiedDbms() == DBMS.ORACLE:
|
||||
if Backend.isDbms(DBMS.ORACLE):
|
||||
plusOne = True
|
||||
else:
|
||||
plusOne = False
|
||||
indexRange = getRange(count, plusOne=plusOne)
|
||||
|
||||
for index in indexRange:
|
||||
if Backend.getIdentifiedDbms() == DBMS.MSSQL:
|
||||
if Backend.isDbms(DBMS.MSSQL):
|
||||
if Backend.isVersionWithin(("2005", "2008")):
|
||||
query = rootQuery.blind.query2 % (user, index, user)
|
||||
else:
|
||||
|
|
@ -387,24 +387,24 @@ class Enumeration:
|
|||
def __isAdminFromPrivileges(self, privileges):
|
||||
# In PostgreSQL the usesuper privilege means that the
|
||||
# user is DBA
|
||||
dbaCondition = ( Backend.getIdentifiedDbms() == DBMS.PGSQL and "super" in privileges )
|
||||
dbaCondition = ( Backend.isDbms(DBMS.PGSQL) and "super" in privileges )
|
||||
|
||||
# In Oracle the DBA privilege means that the
|
||||
# user is DBA
|
||||
dbaCondition |= ( Backend.getIdentifiedDbms() == DBMS.ORACLE and "DBA" in privileges )
|
||||
dbaCondition |= ( Backend.isDbms(DBMS.ORACLE) and "DBA" in privileges )
|
||||
|
||||
# In MySQL >= 5.0 the SUPER privilege means
|
||||
# that the user is DBA
|
||||
dbaCondition |= ( Backend.getIdentifiedDbms() == DBMS.MYSQL and kb.data.has_information_schema and "SUPER" in privileges )
|
||||
dbaCondition |= ( Backend.isDbms(DBMS.MYSQL) and kb.data.has_information_schema and "SUPER" in privileges )
|
||||
|
||||
# In MySQL < 5.0 the super_priv privilege means
|
||||
# that the user is DBA
|
||||
dbaCondition |= ( Backend.getIdentifiedDbms() == DBMS.MYSQL and not kb.data.has_information_schema and "super_priv" in privileges )
|
||||
dbaCondition |= ( Backend.isDbms(DBMS.MYSQL) and not kb.data.has_information_schema and "super_priv" in privileges )
|
||||
|
||||
# In Firebird there is no specific privilege that means
|
||||
# that the user is DBA
|
||||
# TODO: confirm
|
||||
dbaCondition |= ( Backend.getIdentifiedDbms() == DBMS.FIREBIRD and "SELECT" in privileges and "INSERT" in privileges and "UPDATE" in privileges and "DELETE" in privileges and "REFERENCES" in privileges and "EXECUTE" in privileges )
|
||||
dbaCondition |= ( Backend.isDbms(DBMS.FIREBIRD) and "SELECT" in privileges and "INSERT" in privileges and "UPDATE" in privileges and "DELETE" in privileges and "REFERENCES" in privileges and "EXECUTE" in privileges )
|
||||
|
||||
return dbaCondition
|
||||
|
||||
|
|
@ -438,10 +438,10 @@ class Enumeration:
|
|||
areAdmins = set()
|
||||
|
||||
if isTechniqueAvailable(PAYLOAD.TECHNIQUE.UNION) or isTechniqueAvailable(PAYLOAD.TECHNIQUE.ERROR) or conf.direct:
|
||||
if Backend.getIdentifiedDbms() == DBMS.MYSQL and not kb.data.has_information_schema:
|
||||
if Backend.isDbms(DBMS.MYSQL) and not kb.data.has_information_schema:
|
||||
query = rootQuery.inband.query2
|
||||
condition = rootQuery.inband.condition2
|
||||
elif Backend.getIdentifiedDbms() == DBMS.ORACLE and query2:
|
||||
elif Backend.isDbms(DBMS.ORACLE) and query2:
|
||||
query = rootQuery.inband.query2
|
||||
condition = rootQuery.inband.condition2
|
||||
else:
|
||||
|
|
@ -451,14 +451,14 @@ class Enumeration:
|
|||
if conf.user:
|
||||
query += " WHERE "
|
||||
|
||||
if Backend.getIdentifiedDbms() == DBMS.MYSQL and kb.data.has_information_schema:
|
||||
if Backend.isDbms(DBMS.MYSQL) and kb.data.has_information_schema:
|
||||
query += " OR ".join("%s LIKE '%%%s%%'" % (condition, user) for user in users)
|
||||
else:
|
||||
query += " OR ".join("%s = '%s'" % (condition, user) for user in users)
|
||||
|
||||
values = inject.getValue(query, blind=False)
|
||||
|
||||
if not values and Backend.getIdentifiedDbms() == DBMS.ORACLE and not query2:
|
||||
if not values and Backend.isDbms(DBMS.ORACLE) and not query2:
|
||||
infoMsg = "trying with table USER_SYS_PRIVS"
|
||||
logger.info(infoMsg)
|
||||
|
||||
|
|
@ -480,18 +480,18 @@ class Enumeration:
|
|||
|
||||
# In PostgreSQL we get 1 if the privilege is
|
||||
# True, 0 otherwise
|
||||
if Backend.getIdentifiedDbms() == DBMS.PGSQL and getUnicode(privilege).isdigit():
|
||||
if Backend.isDbms(DBMS.PGSQL) and getUnicode(privilege).isdigit():
|
||||
if int(privilege) == 1:
|
||||
privileges.add(pgsqlPrivs[count])
|
||||
|
||||
# In MySQL >= 5.0 and Oracle we get the list
|
||||
# of privileges as string
|
||||
elif Backend.getIdentifiedDbms() == DBMS.ORACLE or ( Backend.getIdentifiedDbms() == DBMS.MYSQL and kb.data.has_information_schema ):
|
||||
elif Backend.isDbms(DBMS.ORACLE) or ( Backend.isDbms(DBMS.MYSQL) and kb.data.has_information_schema ):
|
||||
privileges.add(privilege)
|
||||
|
||||
# In MySQL < 5.0 we get Y if the privilege is
|
||||
# True, N otherwise
|
||||
elif Backend.getIdentifiedDbms() == DBMS.MYSQL and not kb.data.has_information_schema:
|
||||
elif Backend.isDbms(DBMS.MYSQL) and not kb.data.has_information_schema:
|
||||
if privilege.upper() == "Y":
|
||||
privileges.add(mysqlPrivs[count])
|
||||
|
||||
|
|
@ -504,7 +504,7 @@ class Enumeration:
|
|||
kb.data.cachedUsersPrivileges[user] = list(privileges)
|
||||
|
||||
if not kb.data.cachedUsersPrivileges and not conf.direct:
|
||||
if Backend.getIdentifiedDbms() == DBMS.MYSQL and kb.data.has_information_schema:
|
||||
if Backend.isDbms(DBMS.MYSQL) and kb.data.has_information_schema:
|
||||
conditionChar = " LIKE "
|
||||
else:
|
||||
conditionChar = "="
|
||||
|
|
@ -525,25 +525,25 @@ class Enumeration:
|
|||
if user in retrievedUsers:
|
||||
continue
|
||||
|
||||
if Backend.getIdentifiedDbms() == DBMS.MYSQL and kb.data.has_information_schema:
|
||||
if Backend.isDbms(DBMS.MYSQL) and kb.data.has_information_schema:
|
||||
user = "%%%s%%" % user
|
||||
|
||||
infoMsg = "fetching number of privileges "
|
||||
infoMsg += "for user '%s'" % user
|
||||
logger.info(infoMsg)
|
||||
|
||||
if Backend.getIdentifiedDbms() == DBMS.MYSQL and not kb.data.has_information_schema:
|
||||
if Backend.isDbms(DBMS.MYSQL) and not kb.data.has_information_schema:
|
||||
query = rootQuery.blind.count2 % user
|
||||
elif Backend.getIdentifiedDbms() == DBMS.MYSQL and kb.data.has_information_schema:
|
||||
elif Backend.isDbms(DBMS.MYSQL) and kb.data.has_information_schema:
|
||||
query = rootQuery.blind.count % (conditionChar, user)
|
||||
elif Backend.getIdentifiedDbms() == DBMS.ORACLE and query2:
|
||||
elif Backend.isDbms(DBMS.ORACLE) and query2:
|
||||
query = rootQuery.blind.count2 % user
|
||||
else:
|
||||
query = rootQuery.blind.count % user
|
||||
count = inject.getValue(query, inband=False, error=False, expected=EXPECTED.INT, charsetType=2)
|
||||
|
||||
if not isNumPosStrValue(count):
|
||||
if not (isinstance(count, basestring) and count.isdigit()) and Backend.getIdentifiedDbms() == DBMS.ORACLE and not query2:
|
||||
if not (isinstance(count, basestring) and count.isdigit()) and Backend.isDbms(DBMS.ORACLE) and not query2:
|
||||
infoMsg = "trying with table USER_SYS_PRIVS"
|
||||
logger.info(infoMsg)
|
||||
|
||||
|
|
@ -559,20 +559,20 @@ class Enumeration:
|
|||
|
||||
privileges = set()
|
||||
|
||||
if Backend.getIdentifiedDbms() == DBMS.ORACLE:
|
||||
if Backend.isDbms(DBMS.ORACLE):
|
||||
plusOne = True
|
||||
else:
|
||||
plusOne = False
|
||||
indexRange = getRange(count, plusOne=plusOne)
|
||||
|
||||
for index in indexRange:
|
||||
if Backend.getIdentifiedDbms() == DBMS.MYSQL and not kb.data.has_information_schema:
|
||||
if Backend.isDbms(DBMS.MYSQL) and not kb.data.has_information_schema:
|
||||
query = rootQuery.blind.query2 % (user, index)
|
||||
elif Backend.getIdentifiedDbms() == DBMS.MYSQL and kb.data.has_information_schema:
|
||||
elif Backend.isDbms(DBMS.MYSQL) and kb.data.has_information_schema:
|
||||
query = rootQuery.blind.query % (conditionChar, user, index)
|
||||
elif Backend.getIdentifiedDbms() == DBMS.ORACLE and query2:
|
||||
elif Backend.isDbms(DBMS.ORACLE) and query2:
|
||||
query = rootQuery.blind.query2 % (user, index)
|
||||
elif Backend.getIdentifiedDbms() == DBMS.FIREBIRD:
|
||||
elif Backend.isDbms(DBMS.FIREBIRD):
|
||||
query = rootQuery.blind.query % (index, user)
|
||||
else:
|
||||
query = rootQuery.blind.query % (user, index)
|
||||
|
|
@ -580,7 +580,7 @@ class Enumeration:
|
|||
|
||||
# In PostgreSQL we get 1 if the privilege is True,
|
||||
# 0 otherwise
|
||||
if Backend.getIdentifiedDbms() == DBMS.PGSQL and ", " in privilege:
|
||||
if Backend.isDbms(DBMS.PGSQL) and ", " in privilege:
|
||||
privilege = privilege.replace(", ", ",")
|
||||
privs = privilege.split(",")
|
||||
i = 1
|
||||
|
|
@ -595,12 +595,12 @@ class Enumeration:
|
|||
|
||||
# In MySQL >= 5.0 and Oracle we get the list
|
||||
# of privileges as string
|
||||
elif Backend.getIdentifiedDbms() == DBMS.ORACLE or ( Backend.getIdentifiedDbms() == DBMS.MYSQL and kb.data.has_information_schema ):
|
||||
elif Backend.isDbms(DBMS.ORACLE) or ( Backend.isDbms(DBMS.MYSQL) and kb.data.has_information_schema ):
|
||||
privileges.add(privilege)
|
||||
|
||||
# In MySQL < 5.0 we get Y if the privilege is
|
||||
# True, N otherwise
|
||||
elif Backend.getIdentifiedDbms() == DBMS.MYSQL and not kb.data.has_information_schema:
|
||||
elif Backend.isDbms(DBMS.MYSQL) and not kb.data.has_information_schema:
|
||||
privilege = privilege.replace(", ", ",")
|
||||
privs = privilege.split(",")
|
||||
i = 1
|
||||
|
|
@ -614,7 +614,7 @@ class Enumeration:
|
|||
i += 1
|
||||
|
||||
# In Firebird we get one letter for each privilege
|
||||
elif Backend.getIdentifiedDbms() == DBMS.FIREBIRD:
|
||||
elif Backend.isDbms(DBMS.FIREBIRD):
|
||||
privileges.add(firebirdPrivs[privilege.strip()])
|
||||
|
||||
if self.__isAdminFromPrivileges(privileges):
|
||||
|
|
@ -623,7 +623,7 @@ class Enumeration:
|
|||
# In MySQL < 5.0 we break the cycle after the first
|
||||
# time we get the user's privileges otherwise we
|
||||
# duplicate the same query
|
||||
if Backend.getIdentifiedDbms() == DBMS.MYSQL and not kb.data.has_information_schema:
|
||||
if Backend.isDbms(DBMS.MYSQL) and not kb.data.has_information_schema:
|
||||
break
|
||||
|
||||
if privileges:
|
||||
|
|
@ -650,13 +650,13 @@ class Enumeration:
|
|||
return self.getPrivileges(query2)
|
||||
|
||||
def getDbs(self):
|
||||
if Backend.getIdentifiedDbms() == DBMS.MYSQL and not kb.data.has_information_schema:
|
||||
if Backend.isDbms(DBMS.MYSQL) and not kb.data.has_information_schema:
|
||||
warnMsg = "information_schema not available, "
|
||||
warnMsg += "back-end DBMS is MySQL < 5. database "
|
||||
warnMsg += "names will be fetched from 'mysql' database"
|
||||
logger.warn(warnMsg)
|
||||
|
||||
if Backend.getIdentifiedDbms() == DBMS.ORACLE:
|
||||
if Backend.isDbms(DBMS.ORACLE):
|
||||
warnMsg = "schema names are going to be used on Oracle "
|
||||
warnMsg += "for enumeration as the counterpart to database "
|
||||
warnMsg += "names on other DBMSes"
|
||||
|
|
@ -671,7 +671,7 @@ class Enumeration:
|
|||
rootQuery = queries[Backend.getIdentifiedDbms()].dbs
|
||||
|
||||
if isTechniqueAvailable(PAYLOAD.TECHNIQUE.UNION) or isTechniqueAvailable(PAYLOAD.TECHNIQUE.ERROR) or conf.direct:
|
||||
if Backend.getIdentifiedDbms() == DBMS.MYSQL and not kb.data.has_information_schema:
|
||||
if Backend.isDbms(DBMS.MYSQL) and not kb.data.has_information_schema:
|
||||
query = rootQuery.inband.query2
|
||||
else:
|
||||
query = rootQuery.inband.query
|
||||
|
|
@ -684,7 +684,7 @@ class Enumeration:
|
|||
infoMsg = "fetching number of databases"
|
||||
logger.info(infoMsg)
|
||||
|
||||
if Backend.getIdentifiedDbms() == DBMS.MYSQL and not kb.data.has_information_schema:
|
||||
if Backend.isDbms(DBMS.MYSQL) and not kb.data.has_information_schema:
|
||||
query = rootQuery.blind.count2
|
||||
else:
|
||||
query = rootQuery.blind.count
|
||||
|
|
@ -694,16 +694,16 @@ class Enumeration:
|
|||
errMsg = "unable to retrieve the number of databases"
|
||||
logger.error(errMsg)
|
||||
else:
|
||||
if Backend.getIdentifiedDbms() == DBMS.ORACLE:
|
||||
if Backend.isDbms(DBMS.ORACLE):
|
||||
plusOne = True
|
||||
else:
|
||||
plusOne = False
|
||||
indexRange = getRange(count, plusOne=plusOne)
|
||||
|
||||
for index in indexRange:
|
||||
if Backend.getIdentifiedDbms() == DBMS.SYBASE:
|
||||
if Backend.isDbms(DBMS.SYBASE):
|
||||
query = rootQuery.blind.query % (kb.data.cachedDbs[-1] if kb.data.cachedDbs else " ")
|
||||
elif Backend.getIdentifiedDbms() == DBMS.MYSQL and not kb.data.has_information_schema:
|
||||
elif Backend.isDbms(DBMS.MYSQL) and not kb.data.has_information_schema:
|
||||
query = rootQuery.blind.query2 % index
|
||||
else:
|
||||
query = rootQuery.blind.query % index
|
||||
|
|
@ -729,13 +729,13 @@ class Enumeration:
|
|||
self.forceDbmsEnum()
|
||||
|
||||
if bruteForce is None:
|
||||
if Backend.getIdentifiedDbms() == DBMS.MYSQL and not kb.data.has_information_schema:
|
||||
if Backend.isDbms(DBMS.MYSQL) and not kb.data.has_information_schema:
|
||||
errMsg = "information_schema not available, "
|
||||
errMsg += "back-end DBMS is MySQL < 5.0"
|
||||
logger.error(errMsg)
|
||||
bruteForce = True
|
||||
|
||||
elif Backend.getIdentifiedDbms() == DBMS.ACCESS:
|
||||
elif Backend.isDbms(DBMS.ACCESS):
|
||||
try:
|
||||
tables = self.getTables(False)
|
||||
except sqlmapNoneDataException:
|
||||
|
|
@ -815,13 +815,13 @@ class Enumeration:
|
|||
infoMsg = "skipping system databases: %s" % ", ".join(db for db in self.excludeDbsList)
|
||||
logger.info(infoMsg)
|
||||
|
||||
if Backend.getIdentifiedDbms() == DBMS.MSSQL:
|
||||
if Backend.isDbms(DBMS.MSSQL):
|
||||
query = safeStringFormat(query, conf.db)
|
||||
value = inject.getValue(query, blind=False)
|
||||
value = filter(lambda x: x, value)
|
||||
|
||||
if value:
|
||||
if Backend.getIdentifiedDbms() == DBMS.SQLITE:
|
||||
if Backend.isDbms(DBMS.SQLITE):
|
||||
if isinstance(value, basestring):
|
||||
value = [[ DBMS.SQLITE, value ]]
|
||||
elif isinstance(value, (list, tuple, set)):
|
||||
|
|
@ -874,7 +874,7 @@ class Enumeration:
|
|||
indexRange = getRange(count, plusOne=plusOne)
|
||||
|
||||
for index in indexRange:
|
||||
if Backend.getIdentifiedDbms() == DBMS.SYBASE:
|
||||
if Backend.isDbms(DBMS.SYBASE):
|
||||
query = rootQuery.blind.query % (db, (kb.data.cachedTables[-1] if kb.data.cachedTables else " "))
|
||||
elif Backend.getIdentifiedDbms() in (DBMS.MAXDB, DBMS.ACCESS):
|
||||
query = rootQuery.blind.query % (kb.data.cachedTables[-1] if kb.data.cachedTables else " ")
|
||||
|
|
@ -934,13 +934,13 @@ class Enumeration:
|
|||
|
||||
return self.getSchema()
|
||||
|
||||
if Backend.getIdentifiedDbms() == DBMS.MYSQL and not kb.data.has_information_schema:
|
||||
if Backend.isDbms(DBMS.MYSQL) and not kb.data.has_information_schema:
|
||||
errMsg = "information_schema not available, "
|
||||
errMsg += "back-end DBMS is MySQL < 5.0"
|
||||
logger.error(errMsg)
|
||||
bruteForce = True
|
||||
|
||||
elif Backend.getIdentifiedDbms() == DBMS.ACCESS:
|
||||
elif Backend.isDbms(DBMS.ACCESS):
|
||||
errMsg = "cannot retrieve column names, "
|
||||
errMsg += "back-end DBMS is Access"
|
||||
logger.error(errMsg)
|
||||
|
|
@ -986,7 +986,7 @@ class Enumeration:
|
|||
infoMsg = "fetching columns "
|
||||
|
||||
if conf.col:
|
||||
if Backend.getIdentifiedDbms() == DBMS.ORACLE:
|
||||
if Backend.isDbms(DBMS.ORACLE):
|
||||
conf.col = conf.col.upper()
|
||||
colList = conf.col.split(",")
|
||||
condQuery = " AND (" + " OR ".join("%s LIKE '%s'" % (condition, "%" + unsafeSQLIdentificatorNaming(col) + "%") for col in colList) + ")"
|
||||
|
|
@ -1002,21 +1002,21 @@ class Enumeration:
|
|||
if Backend.getIdentifiedDbms() in ( DBMS.MYSQL, DBMS.PGSQL ):
|
||||
query = rootQuery.inband.query % (unsafeSQLIdentificatorNaming(conf.tbl), unsafeSQLIdentificatorNaming(conf.db))
|
||||
query += condQuery
|
||||
elif Backend.getIdentifiedDbms() == DBMS.ORACLE:
|
||||
elif Backend.isDbms(DBMS.ORACLE):
|
||||
query = rootQuery.inband.query % unsafeSQLIdentificatorNaming(conf.tbl.upper())
|
||||
query += condQuery
|
||||
elif Backend.getIdentifiedDbms() == DBMS.MSSQL:
|
||||
elif Backend.isDbms(DBMS.MSSQL):
|
||||
query = rootQuery.inband.query % (conf.db, conf.db,
|
||||
conf.db, conf.db,
|
||||
conf.db, conf.db,
|
||||
conf.db, unsafeSQLIdentificatorNaming(conf.tbl))
|
||||
query += condQuery.replace("[DB]", conf.db)
|
||||
elif Backend.getIdentifiedDbms() == DBMS.SQLITE:
|
||||
elif Backend.isDbms(DBMS.SQLITE):
|
||||
query = rootQuery.inband.query % conf.tbl
|
||||
|
||||
value = inject.getValue(query, blind=False)
|
||||
|
||||
if Backend.getIdentifiedDbms() == DBMS.SQLITE:
|
||||
if Backend.isDbms(DBMS.SQLITE):
|
||||
parseSqliteTableSchema(value)
|
||||
elif value:
|
||||
table = {}
|
||||
|
|
@ -1047,7 +1047,7 @@ class Enumeration:
|
|||
query = rootQuery.blind.count % (unsafeSQLIdentificatorNaming(conf.tbl), unsafeSQLIdentificatorNaming(conf.db))
|
||||
query += condQuery
|
||||
|
||||
elif Backend.getIdentifiedDbms() == DBMS.ORACLE:
|
||||
elif Backend.isDbms(DBMS.ORACLE):
|
||||
query = rootQuery.blind.count % unsafeSQLIdentificatorNaming(conf.tbl.upper())
|
||||
query += condQuery
|
||||
|
||||
|
|
@ -1056,11 +1056,11 @@ class Enumeration:
|
|||
unsafeSQLIdentificatorNaming(conf.tbl))
|
||||
query += condQuery.replace("[DB]", conf.db)
|
||||
|
||||
elif Backend.getIdentifiedDbms() == DBMS.FIREBIRD:
|
||||
elif Backend.isDbms(DBMS.FIREBIRD):
|
||||
query = rootQuery.blind.count % (conf.tbl)
|
||||
query += condQuery
|
||||
|
||||
elif Backend.getIdentifiedDbms() == DBMS.SQLITE:
|
||||
elif Backend.isDbms(DBMS.SQLITE):
|
||||
query = rootQuery.blind.query % conf.tbl
|
||||
value = inject.getValue(query, inband=False, error=False)
|
||||
parseSqliteTableSchema(value)
|
||||
|
|
@ -1084,7 +1084,7 @@ class Enumeration:
|
|||
query = rootQuery.blind.query % (unsafeSQLIdentificatorNaming(conf.tbl), unsafeSQLIdentificatorNaming(conf.db))
|
||||
query += condQuery
|
||||
field = None
|
||||
elif Backend.getIdentifiedDbms() == DBMS.ORACLE:
|
||||
elif Backend.isDbms(DBMS.ORACLE):
|
||||
query = rootQuery.blind.query % unsafeSQLIdentificatorNaming(conf.tbl.upper())
|
||||
query += condQuery
|
||||
field = None
|
||||
|
|
@ -1095,7 +1095,7 @@ class Enumeration:
|
|||
unsafeSQLIdentificatorNaming(conf.tbl))
|
||||
query += condQuery.replace("[DB]", conf.db)
|
||||
field = condition.replace("[DB]", conf.db)
|
||||
elif Backend.getIdentifiedDbms() == DBMS.FIREBIRD:
|
||||
elif Backend.isDbms(DBMS.FIREBIRD):
|
||||
query = rootQuery.blind.query % (conf.tbl)
|
||||
query += condQuery
|
||||
field = None
|
||||
|
|
@ -1106,18 +1106,18 @@ class Enumeration:
|
|||
if not onlyColNames:
|
||||
if Backend.getIdentifiedDbms() in ( DBMS.MYSQL, DBMS.PGSQL ):
|
||||
query = rootQuery.blind.query2 % (unsafeSQLIdentificatorNaming(conf.tbl), column, unsafeSQLIdentificatorNaming(conf.db))
|
||||
elif Backend.getIdentifiedDbms() == DBMS.ORACLE:
|
||||
elif Backend.isDbms(DBMS.ORACLE):
|
||||
query = rootQuery.blind.query2 % (unsafeSQLIdentificatorNaming(conf.tbl.upper()), column)
|
||||
elif Backend.getIdentifiedDbms() == DBMS.MSSQL:
|
||||
elif Backend.isDbms(DBMS.MSSQL):
|
||||
query = rootQuery.blind.query2 % (conf.db, conf.db, conf.db,
|
||||
conf.db, column, conf.db,
|
||||
conf.db, conf.db, unsafeSQLIdentificatorNaming(conf.tbl))
|
||||
elif Backend.getIdentifiedDbms() == DBMS.FIREBIRD:
|
||||
elif Backend.isDbms(DBMS.FIREBIRD):
|
||||
query = rootQuery.blind.query2 % (conf.tbl, column)
|
||||
|
||||
colType = inject.getValue(query, inband=False, error=False)
|
||||
|
||||
if Backend.getIdentifiedDbms() == DBMS.FIREBIRD:
|
||||
if Backend.isDbms(DBMS.FIREBIRD):
|
||||
colType = firebirdTypes[colType] if colType in firebirdTypes else colType
|
||||
|
||||
column = safeSQLIdentificatorNaming(column)
|
||||
|
|
@ -1402,7 +1402,7 @@ class Enumeration:
|
|||
entries = []
|
||||
query = None
|
||||
|
||||
if all([Backend.getIdentifiedDbms() == DBMS.MYSQL, isTechniqueAvailable(PAYLOAD.TECHNIQUE.ERROR), conf.groupConcat]):
|
||||
if all([Backend.isDbms(DBMS.MYSQL), isTechniqueAvailable(PAYLOAD.TECHNIQUE.ERROR), conf.groupConcat]):
|
||||
randStr, randStr2 = randomStr(), randomStr()
|
||||
filterFunction = "REPLACE(REPLACE(IFNULL(%s, ' '),'%s','%s'),'%s','%s')"\
|
||||
% ('%s', CONCAT_VALUE_DELIMITER, randStr, CONCAT_ROW_DELIMITER, randStr2)
|
||||
|
|
@ -1416,9 +1416,9 @@ class Enumeration:
|
|||
row = map(lambda x: x.replace(randStr, CONCAT_VALUE_DELIMITER).replace(randStr2, CONCAT_ROW_DELIMITER), row)
|
||||
entries.append(row)
|
||||
|
||||
if Backend.getIdentifiedDbms() == DBMS.ORACLE:
|
||||
if Backend.isDbms(DBMS.ORACLE):
|
||||
query = rootQuery.inband.query % (colString, conf.tbl.upper() if not conf.db else ("%s.%s" % (conf.db.upper(), conf.tbl.upper())))
|
||||
elif Backend.getIdentifiedDbms() == DBMS.SQLITE:
|
||||
elif Backend.isDbms(DBMS.SQLITE):
|
||||
query = rootQuery.inband.query % (colString, conf.tbl)
|
||||
elif Backend.getIdentifiedDbms() in (DBMS.SYBASE, DBMS.MSSQL):
|
||||
# Partial inband and error
|
||||
|
|
@ -1477,13 +1477,13 @@ class Enumeration:
|
|||
infoMsg += "on database '%s'" % conf.db
|
||||
logger.info(infoMsg)
|
||||
|
||||
if Backend.getIdentifiedDbms() == DBMS.ORACLE:
|
||||
if Backend.isDbms(DBMS.ORACLE):
|
||||
query = rootQuery.blind.count % (conf.tbl.upper() if not conf.db else ("%s.%s" % (conf.db.upper(), conf.tbl.upper())))
|
||||
elif Backend.getIdentifiedDbms() in (DBMS.SQLITE, DBMS.ACCESS, DBMS.FIREBIRD):
|
||||
query = rootQuery.blind.count % conf.tbl
|
||||
elif Backend.getIdentifiedDbms() in (DBMS.SYBASE, DBMS.MSSQL):
|
||||
query = rootQuery.blind.count % ("%s.%s" % (conf.db, conf.tbl))
|
||||
elif Backend.getIdentifiedDbms() == DBMS.MAXDB:
|
||||
elif Backend.isDbms(DBMS.MAXDB):
|
||||
query = rootQuery.blind.count % ("%s" % conf.tbl)
|
||||
else:
|
||||
query = rootQuery.blind.count % (conf.db, conf.tbl)
|
||||
|
|
@ -1505,11 +1505,11 @@ class Enumeration:
|
|||
|
||||
try:
|
||||
if Backend.getIdentifiedDbms() in (DBMS.ACCESS, DBMS.SYBASE, DBMS.MAXDB, DBMS.MSSQL):
|
||||
if Backend.getIdentifiedDbms() == DBMS.ACCESS:
|
||||
if Backend.isDbms(DBMS.ACCESS):
|
||||
table = conf.tbl
|
||||
elif Backend.getIdentifiedDbms() in (DBMS.SYBASE, DBMS.MSSQL):
|
||||
table = "%s.%s" % (conf.db, conf.tbl)
|
||||
elif Backend.getIdentifiedDbms() == DBMS.MAXDB:
|
||||
elif Backend.isDbms(DBMS.MAXDB):
|
||||
table = "%s.%s" % (conf.db, conf.tbl)
|
||||
|
||||
retVal = self.__pivotDumpTable(table, colList, count, blind=True)
|
||||
|
|
@ -1517,7 +1517,7 @@ class Enumeration:
|
|||
entries, lengths = retVal
|
||||
|
||||
else:
|
||||
if Backend.getIdentifiedDbms() == DBMS.ORACLE:
|
||||
if Backend.isDbms(DBMS.ORACLE):
|
||||
plusOne = True
|
||||
else:
|
||||
plusOne = False
|
||||
|
|
@ -1534,14 +1534,14 @@ class Enumeration:
|
|||
if Backend.getIdentifiedDbms() in ( DBMS.MYSQL, DBMS.PGSQL ):
|
||||
query = rootQuery.blind.query % (column, conf.db,
|
||||
conf.tbl, index)
|
||||
elif Backend.getIdentifiedDbms() == DBMS.ORACLE:
|
||||
elif Backend.isDbms(DBMS.ORACLE):
|
||||
query = rootQuery.blind.query % (column, column,
|
||||
conf.tbl.upper() if not conf.db else ("%s.%s" % (conf.db.upper(), conf.tbl.upper())),
|
||||
index)
|
||||
elif Backend.getIdentifiedDbms() == DBMS.SQLITE:
|
||||
elif Backend.isDbms(DBMS.SQLITE):
|
||||
query = rootQuery.blind.query % (column, conf.tbl, index)
|
||||
|
||||
elif Backend.getIdentifiedDbms() == DBMS.FIREBIRD:
|
||||
elif Backend.isDbms(DBMS.FIREBIRD):
|
||||
query = rootQuery.blind.query % (index, column, conf.tbl)
|
||||
|
||||
value = inject.getValue(query, inband=False, error=False, dump=True)
|
||||
|
|
@ -1585,7 +1585,7 @@ class Enumeration:
|
|||
return kb.data.dumpedTable
|
||||
|
||||
def dumpAll(self):
|
||||
if Backend.getIdentifiedDbms() == DBMS.MYSQL and not kb.data.has_information_schema:
|
||||
if Backend.isDbms(DBMS.MYSQL) and not kb.data.has_information_schema:
|
||||
errMsg = "information_schema not available, "
|
||||
errMsg += "back-end DBMS is MySQL < 5.0"
|
||||
raise sqlmapUnsupportedFeatureException, errMsg
|
||||
|
|
@ -1700,7 +1700,7 @@ class Enumeration:
|
|||
rootQuery = queries[Backend.getIdentifiedDbms()].search_db
|
||||
dbList = conf.db.split(",")
|
||||
|
||||
if Backend.getIdentifiedDbms() == DBMS.MYSQL and not kb.data.has_information_schema:
|
||||
if Backend.isDbms(DBMS.MYSQL) and not kb.data.has_information_schema:
|
||||
dbCond = rootQuery.inband.condition2
|
||||
else:
|
||||
dbCond = rootQuery.inband.condition
|
||||
|
|
@ -1727,7 +1727,7 @@ class Enumeration:
|
|||
dbQuery = dbQuery % unsafeSQLIdentificatorNaming(db)
|
||||
|
||||
if isTechniqueAvailable(PAYLOAD.TECHNIQUE.UNION) or isTechniqueAvailable(PAYLOAD.TECHNIQUE.ERROR) or conf.direct:
|
||||
if Backend.getIdentifiedDbms() == DBMS.MYSQL and not kb.data.has_information_schema:
|
||||
if Backend.isDbms(DBMS.MYSQL) and not kb.data.has_information_schema:
|
||||
query = rootQuery.inband.query2
|
||||
else:
|
||||
query = rootQuery.inband.query
|
||||
|
|
@ -1749,7 +1749,7 @@ class Enumeration:
|
|||
infoMsg += " '%s'" % unsafeSQLIdentificatorNaming(db)
|
||||
logger.info(infoMsg)
|
||||
|
||||
if Backend.getIdentifiedDbms() == DBMS.MYSQL and not kb.data.has_information_schema:
|
||||
if Backend.isDbms(DBMS.MYSQL) and not kb.data.has_information_schema:
|
||||
query = rootQuery.blind.count2
|
||||
else:
|
||||
query = rootQuery.blind.count
|
||||
|
|
@ -1769,7 +1769,7 @@ class Enumeration:
|
|||
indexRange = getRange(count)
|
||||
|
||||
for index in indexRange:
|
||||
if Backend.getIdentifiedDbms() == DBMS.MYSQL and not kb.data.has_information_schema:
|
||||
if Backend.isDbms(DBMS.MYSQL) and not kb.data.has_information_schema:
|
||||
query = rootQuery.blind.query2
|
||||
else:
|
||||
query = rootQuery.blind.query
|
||||
|
|
@ -1786,12 +1786,12 @@ class Enumeration:
|
|||
def searchTable(self):
|
||||
bruteForce = False
|
||||
|
||||
if Backend.getIdentifiedDbms() == DBMS.MYSQL and not kb.data.has_information_schema:
|
||||
if Backend.isDbms(DBMS.MYSQL) and not kb.data.has_information_schema:
|
||||
errMsg = "information_schema not available, "
|
||||
errMsg += "back-end DBMS is MySQL < 5.0"
|
||||
bruteForce = True
|
||||
|
||||
elif Backend.getIdentifiedDbms() == DBMS.ACCESS:
|
||||
elif Backend.isDbms(DBMS.ACCESS):
|
||||
errMsg = "cannot retrieve table names, "
|
||||
errMsg += "back-end DBMS is Access"
|
||||
logger.error(errMsg)
|
||||
|
|
@ -1820,7 +1820,7 @@ class Enumeration:
|
|||
for tbl in tblList:
|
||||
tbl = safeSQLIdentificatorNaming(tbl, True)
|
||||
|
||||
if Backend.getIdentifiedDbms() == DBMS.ORACLE:
|
||||
if Backend.isDbms(DBMS.ORACLE):
|
||||
tbl = tbl.upper()
|
||||
|
||||
infoMsg = "searching table"
|
||||
|
|
@ -1941,12 +1941,12 @@ class Enumeration:
|
|||
def searchColumn(self):
|
||||
bruteForce = False
|
||||
|
||||
if Backend.getIdentifiedDbms() == DBMS.MYSQL and not kb.data.has_information_schema:
|
||||
if Backend.isDbms(DBMS.MYSQL) and not kb.data.has_information_schema:
|
||||
errMsg = "information_schema not available, "
|
||||
errMsg += "back-end DBMS is MySQL < 5.0"
|
||||
bruteForce = True
|
||||
|
||||
elif Backend.getIdentifiedDbms() == DBMS.ACCESS:
|
||||
elif Backend.isDbms(DBMS.ACCESS):
|
||||
errMsg = "cannot retrieve column names, "
|
||||
errMsg += "back-end DBMS is Access"
|
||||
logger.error(errMsg)
|
||||
|
|
|
|||
|
|
@ -93,13 +93,13 @@ class Filesystem:
|
|||
return fileLines
|
||||
|
||||
def __checkWrittenFile(self, wFile, dFile, fileType):
|
||||
if Backend.getIdentifiedDbms() == DBMS.MYSQL:
|
||||
if Backend.isDbms(DBMS.MYSQL):
|
||||
lengthQuery = "SELECT LENGTH(LOAD_FILE('%s'))" % dFile
|
||||
|
||||
elif Backend.getIdentifiedDbms() == DBMS.PGSQL:
|
||||
elif Backend.isDbms(DBMS.PGSQL):
|
||||
lengthQuery = "SELECT LENGTH(data) FROM pg_largeobject WHERE loid=%d" % self.oid
|
||||
|
||||
elif Backend.getIdentifiedDbms() == DBMS.MSSQL:
|
||||
elif Backend.isDbms(DBMS.MSSQL):
|
||||
self.createSupportTbl(self.fileTblName, self.tblField, "text")
|
||||
|
||||
# Reference: http://msdn.microsoft.com/en-us/library/ms188365.aspx
|
||||
|
|
|
|||
|
|
@ -58,13 +58,13 @@ class Miscellaneous:
|
|||
infoMsg = "detecting back-end DBMS version from its banner"
|
||||
logger.info(infoMsg)
|
||||
|
||||
if Backend.getIdentifiedDbms() == DBMS.MYSQL:
|
||||
if Backend.isDbms(DBMS.MYSQL):
|
||||
first, last = 1, 6
|
||||
|
||||
elif Backend.getIdentifiedDbms() == DBMS.PGSQL:
|
||||
elif Backend.isDbms(DBMS.PGSQL):
|
||||
first, last = 12, 6
|
||||
|
||||
elif Backend.getIdentifiedDbms() == DBMS.MSSQL:
|
||||
elif Backend.isDbms(DBMS.MSSQL):
|
||||
first, last = 29, 9
|
||||
|
||||
else:
|
||||
|
|
@ -122,7 +122,7 @@ class Miscellaneous:
|
|||
if not onlyFileTbl:
|
||||
inject.goStacked("DROP TABLE %s" % self.cmdTblName, silent=True)
|
||||
|
||||
if Backend.getIdentifiedDbms() == DBMS.MSSQL:
|
||||
if Backend.isDbms(DBMS.MSSQL):
|
||||
return
|
||||
|
||||
if udfDict is None:
|
||||
|
|
@ -135,7 +135,7 @@ class Miscellaneous:
|
|||
if not output or output in ("y", "Y"):
|
||||
dropStr = "DROP FUNCTION %s" % udf
|
||||
|
||||
if Backend.getIdentifiedDbms() == DBMS.PGSQL:
|
||||
if Backend.isDbms(DBMS.PGSQL):
|
||||
inp = ", ".join(i for i in inpRet["input"])
|
||||
dropStr += "(%s)" % inp
|
||||
|
||||
|
|
|
|||
|
|
@ -46,7 +46,7 @@ class Takeover(Abstraction, Metasploit, ICMPsh, Registry, Miscellaneous):
|
|||
def osCmd(self):
|
||||
if isTechniqueAvailable(PAYLOAD.TECHNIQUE.STACKED) or conf.direct:
|
||||
web = False
|
||||
elif not isTechniqueAvailable(PAYLOAD.TECHNIQUE.STACKED) and Backend.getIdentifiedDbms() == DBMS.MYSQL:
|
||||
elif not isTechniqueAvailable(PAYLOAD.TECHNIQUE.STACKED) and Backend.isDbms(DBMS.MYSQL):
|
||||
infoMsg = "going to use a web backdoor for command execution"
|
||||
logger.info(infoMsg)
|
||||
|
||||
|
|
@ -67,7 +67,7 @@ class Takeover(Abstraction, Metasploit, ICMPsh, Registry, Miscellaneous):
|
|||
def osShell(self):
|
||||
if isTechniqueAvailable(PAYLOAD.TECHNIQUE.STACKED) or conf.direct:
|
||||
web = False
|
||||
elif not isTechniqueAvailable(PAYLOAD.TECHNIQUE.STACKED) and Backend.getIdentifiedDbms() == DBMS.MYSQL:
|
||||
elif not isTechniqueAvailable(PAYLOAD.TECHNIQUE.STACKED) and Backend.isDbms(DBMS.MYSQL):
|
||||
infoMsg = "going to use a web backdoor for command prompt"
|
||||
logger.info(infoMsg)
|
||||
|
||||
|
|
@ -201,7 +201,7 @@ class Takeover(Abstraction, Metasploit, ICMPsh, Registry, Miscellaneous):
|
|||
self.uploadShellcodeexec()
|
||||
|
||||
if Backend.isOs(OS.WINDOWS) and conf.privEsc:
|
||||
if Backend.getIdentifiedDbms() == DBMS.MYSQL:
|
||||
if Backend.isDbms(DBMS.MYSQL):
|
||||
debugMsg = "by default MySQL on Windows runs as SYSTEM "
|
||||
debugMsg += "user, no need to privilege escalate"
|
||||
logger.debug(debugMsg)
|
||||
|
|
@ -219,7 +219,7 @@ class Takeover(Abstraction, Metasploit, ICMPsh, Registry, Miscellaneous):
|
|||
self.uploadIcmpshSlave(web=web)
|
||||
self.icmpPwn()
|
||||
|
||||
elif not isTechniqueAvailable(PAYLOAD.TECHNIQUE.STACKED) and Backend.getIdentifiedDbms() == DBMS.MYSQL:
|
||||
elif not isTechniqueAvailable(PAYLOAD.TECHNIQUE.STACKED) and Backend.isDbms(DBMS.MYSQL):
|
||||
web = True
|
||||
|
||||
infoMsg = "going to use a web backdoor to establish the tunnel"
|
||||
|
|
@ -274,7 +274,7 @@ class Takeover(Abstraction, Metasploit, ICMPsh, Registry, Miscellaneous):
|
|||
errMsg += "queries are supported"
|
||||
raise sqlmapUnsupportedDBMSException(errMsg)
|
||||
|
||||
elif Backend.getIdentifiedDbms() == DBMS.MYSQL:
|
||||
elif Backend.isDbms(DBMS.MYSQL):
|
||||
debugMsg = "since stacked queries are not supported, "
|
||||
debugMsg += "sqlmap is going to perform the SMB relay "
|
||||
debugMsg += "attack via inference blind SQL injection"
|
||||
|
|
@ -283,18 +283,18 @@ class Takeover(Abstraction, Metasploit, ICMPsh, Registry, Miscellaneous):
|
|||
printWarn = True
|
||||
warnMsg = "it is unlikely that this attack will be successful "
|
||||
|
||||
if Backend.getIdentifiedDbms() == DBMS.MYSQL:
|
||||
if Backend.isDbms(DBMS.MYSQL):
|
||||
warnMsg += "because by default MySQL on Windows runs as "
|
||||
warnMsg += "Local System which is not a real user, it does "
|
||||
warnMsg += "not send the NTLM session hash when connecting to "
|
||||
warnMsg += "a SMB service"
|
||||
|
||||
elif Backend.getIdentifiedDbms() == DBMS.PGSQL:
|
||||
elif Backend.isDbms(DBMS.PGSQL):
|
||||
warnMsg += "because by default PostgreSQL on Windows runs "
|
||||
warnMsg += "as postgres user which is a real user of the "
|
||||
warnMsg += "system, but not within the Administrators group"
|
||||
|
||||
elif Backend.getIdentifiedDbms() == DBMS.MSSQL and Backend.isVersionWithin(("2005", "2008")):
|
||||
elif Backend.isDbms(DBMS.MSSQL) and Backend.isVersionWithin(("2005", "2008")):
|
||||
warnMsg += "because often Microsoft SQL Server %s " % Backend.getVersion()
|
||||
warnMsg += "runs as Network Service which is not a real user, "
|
||||
warnMsg += "it does not send the NTLM session hash when "
|
||||
|
|
@ -312,7 +312,7 @@ class Takeover(Abstraction, Metasploit, ICMPsh, Registry, Miscellaneous):
|
|||
if not isTechniqueAvailable(PAYLOAD.TECHNIQUE.STACKED) and not conf.direct:
|
||||
return
|
||||
|
||||
if not Backend.getIdentifiedDbms() == DBMS.MSSQL or not Backend.isVersionWithin(("2000", "2005")):
|
||||
if not Backend.isDbms(DBMS.MSSQL) or not Backend.isVersionWithin(("2000", "2005")):
|
||||
errMsg = "the back-end DBMS must be Microsoft SQL Server "
|
||||
errMsg += "2000 or 2005 to be able to exploit the heap-based "
|
||||
errMsg += "buffer overflow in the 'sp_replwritetovarbin' "
|
||||
|
|
|
|||
Loading…
Reference in New Issue
Block a user