mirror of
https://github.com/sqlmapproject/sqlmap.git
synced 2025-01-23 15:54:24 +03:00
Support for Informix --roles/--privileges (Issue #552)
This commit is contained in:
parent
df645d7d3d
commit
aa0b97b562
|
@ -159,6 +159,17 @@ FIREBIRD_PRIVS = {
|
|||
"B": "SUBSCRIBE",
|
||||
}
|
||||
|
||||
# Reference(s): https://www.ibm.com/support/knowledgecenter/SSGU8G_12.1.0/com.ibm.sqls.doc/ids_sqs_0147.htm
|
||||
# https://www.ibm.com/support/knowledgecenter/SSGU8G_11.70.0/com.ibm.sqlr.doc/ids_sqr_077.htm
|
||||
|
||||
INFORMIX_PRIVS = {
|
||||
"D": "DBA (all privileges)",
|
||||
"R": "RESOURCE (create UDRs, UDTs, permanent tables and indexes)",
|
||||
"C": "CONNECT (work with existing tables)",
|
||||
"G": "ROLE",
|
||||
"U": "DEFAULT (implicit connection)",
|
||||
}
|
||||
|
||||
DB2_PRIVS = {
|
||||
1: "CONTROLAUTH",
|
||||
2: "ALTERAUTH",
|
||||
|
|
|
@ -19,7 +19,7 @@ from lib.core.enums import OS
|
|||
from lib.core.revision import getRevisionNumber
|
||||
|
||||
# sqlmap version (<major>.<minor>.<month>.<monthly commit>)
|
||||
VERSION = "1.0.9.32"
|
||||
VERSION = "1.0.9.33"
|
||||
REVISION = getRevisionNumber()
|
||||
TYPE = "dev" if VERSION.count('.') > 2 and VERSION.split('.')[-1] != '0' else "stable"
|
||||
TYPE_COLORS = {"dev": 33, "stable": 90, "pip": 34}
|
||||
|
|
|
@ -27,10 +27,11 @@ from lib.core.data import conf
|
|||
from lib.core.data import kb
|
||||
from lib.core.data import logger
|
||||
from lib.core.data import queries
|
||||
from lib.core.dicts import DB2_PRIVS
|
||||
from lib.core.dicts import FIREBIRD_PRIVS
|
||||
from lib.core.dicts import INFORMIX_PRIVS
|
||||
from lib.core.dicts import MYSQL_PRIVS
|
||||
from lib.core.dicts import PGSQL_PRIVS
|
||||
from lib.core.dicts import FIREBIRD_PRIVS
|
||||
from lib.core.dicts import DB2_PRIVS
|
||||
from lib.core.enums import CHARSET_TYPE
|
||||
from lib.core.enums import DBMS
|
||||
from lib.core.enums import EXPECTED
|
||||
|
@ -470,32 +471,35 @@ class Users:
|
|||
if Backend.isDbms(DBMS.MYSQL) and kb.data.has_information_schema:
|
||||
user = "%%%s%%" % user
|
||||
|
||||
infoMsg = "fetching number of privileges "
|
||||
infoMsg += "for user '%s'" % outuser
|
||||
logger.info(infoMsg)
|
||||
|
||||
if Backend.isDbms(DBMS.MYSQL) and not kb.data.has_information_schema:
|
||||
query = rootQuery.blind.count2 % user
|
||||
elif Backend.isDbms(DBMS.MYSQL) and kb.data.has_information_schema:
|
||||
query = rootQuery.blind.count % (conditionChar, user)
|
||||
elif Backend.isDbms(DBMS.ORACLE) and query2:
|
||||
query = rootQuery.blind.count2 % user
|
||||
if Backend.isDbms(DBMS.INFORMIX):
|
||||
count = 1
|
||||
else:
|
||||
query = rootQuery.blind.count % user
|
||||
infoMsg = "fetching number of privileges "
|
||||
infoMsg += "for user '%s'" % outuser
|
||||
logger.info(infoMsg)
|
||||
|
||||
count = inject.getValue(query, union=False, error=False, expected=EXPECTED.INT, charsetType=CHARSET_TYPE.DIGITS)
|
||||
if Backend.isDbms(DBMS.MYSQL) and not kb.data.has_information_schema:
|
||||
query = rootQuery.blind.count2 % user
|
||||
elif Backend.isDbms(DBMS.MYSQL) and kb.data.has_information_schema:
|
||||
query = rootQuery.blind.count % (conditionChar, user)
|
||||
elif Backend.isDbms(DBMS.ORACLE) and query2:
|
||||
query = rootQuery.blind.count2 % user
|
||||
else:
|
||||
query = rootQuery.blind.count % user
|
||||
|
||||
if not isNumPosStrValue(count):
|
||||
if not retrievedUsers and Backend.isDbms(DBMS.ORACLE) and not query2:
|
||||
infoMsg = "trying with table USER_SYS_PRIVS"
|
||||
logger.info(infoMsg)
|
||||
count = inject.getValue(query, union=False, error=False, expected=EXPECTED.INT, charsetType=CHARSET_TYPE.DIGITS)
|
||||
|
||||
return self.getPrivileges(query2=True)
|
||||
if not isNumPosStrValue(count):
|
||||
if not retrievedUsers and Backend.isDbms(DBMS.ORACLE) and not query2:
|
||||
infoMsg = "trying with table USER_SYS_PRIVS"
|
||||
logger.info(infoMsg)
|
||||
|
||||
warnMsg = "unable to retrieve the number of "
|
||||
warnMsg += "privileges for user '%s'" % outuser
|
||||
logger.warn(warnMsg)
|
||||
continue
|
||||
return self.getPrivileges(query2=True)
|
||||
|
||||
warnMsg = "unable to retrieve the number of "
|
||||
warnMsg += "privileges for user '%s'" % outuser
|
||||
logger.warn(warnMsg)
|
||||
continue
|
||||
|
||||
infoMsg = "fetching privileges for user '%s'" % outuser
|
||||
logger.info(infoMsg)
|
||||
|
@ -514,6 +518,8 @@ class Users:
|
|||
query = rootQuery.blind.query2 % (user, index)
|
||||
elif Backend.isDbms(DBMS.FIREBIRD):
|
||||
query = rootQuery.blind.query % (index, user)
|
||||
elif Backend.isDbms(DBMS.INFORMIX):
|
||||
query = rootQuery.blind.query % (user,)
|
||||
else:
|
||||
query = rootQuery.blind.query % (user, index)
|
||||
|
||||
|
@ -561,6 +567,10 @@ class Users:
|
|||
elif Backend.isDbms(DBMS.FIREBIRD):
|
||||
privileges.add(FIREBIRD_PRIVS[privilege.strip()])
|
||||
|
||||
# In Informix we get one letter for the highest privilege
|
||||
elif Backend.isDbms(DBMS.INFORMIX):
|
||||
privileges.add(INFORMIX_PRIVS[privilege.strip()])
|
||||
|
||||
# In DB2 we get Y or G if the privilege is
|
||||
# True, N otherwise
|
||||
elif Backend.isDbms(DBMS.DB2):
|
||||
|
|
|
@ -32,7 +32,7 @@ e77cca1cb063016f71f6e6bdebf4ec73 lib/core/data.py
|
|||
1d042f0bc0557d3fd564ea5a46deb77e lib/core/datatype.py
|
||||
e4ca0fd47f20cf7ba6a5f5cbf980073c lib/core/decorators.py
|
||||
67f206cf2658145992cc1d7020138325 lib/core/defaults.py
|
||||
863095fcfb94799c4e5ba3d3d6f590d6 lib/core/dicts.py
|
||||
439cae0904cf3db20d1bc81d56980a21 lib/core/dicts.py
|
||||
1f98d3f57ce21d625fd67adb26cfd13c lib/core/dump.py
|
||||
1128705f593013359497b3959078b650 lib/core/enums.py
|
||||
e4aec2b11c1ad6039d0c3dbbfbc5eb1a lib/core/exception.py
|
||||
|
@ -45,7 +45,7 @@ e60456db5380840a586654344003d4e6 lib/core/readlineng.py
|
|||
5ef56abb8671c2ca6ceecb208258e360 lib/core/replication.py
|
||||
99a2b496b9d5b546b335653ca801153f lib/core/revision.py
|
||||
7c15dd2777af4dac2c89cab6df17462e lib/core/session.py
|
||||
5750f92c622c3c5468a1c263bde4b306 lib/core/settings.py
|
||||
55a79706107d51efb7ed0a771f80e58e lib/core/settings.py
|
||||
7af83e4f18cab6dff5e67840eb65be80 lib/core/shell.py
|
||||
23657cd7d924e3c6d225719865855827 lib/core/subprocessng.py
|
||||
0bc2fae1dec18cdd11954b22358293f2 lib/core/target.py
|
||||
|
@ -213,7 +213,7 @@ cc9c82cfffd8ee9b25ba3af6284f057e plugins/generic/__init__.py
|
|||
7b3e044a7fca497278d79883697089b7 plugins/generic/search.py
|
||||
73f8d047dbbcff307d62357836e382e6 plugins/generic/syntax.py
|
||||
da3ebc20998af02e3d952d0417a67792 plugins/generic/takeover.py
|
||||
4b5a6e2aec8e240fc43916d9dde27b14 plugins/generic/users.py
|
||||
078434ac78aaa539526031ebdd5556f2 plugins/generic/users.py
|
||||
cc9c82cfffd8ee9b25ba3af6284f057e plugins/__init__.py
|
||||
b04db3e861edde1f9dd0a3850d5b96c8 shell/backdoor.asp_
|
||||
158bfa168128393dde8d6ed11fe9a1b8 shell/backdoor.aspx_
|
||||
|
@ -455,4 +455,4 @@ a279656ea3fcb85c727249b02f828383 xml/livetests.xml
|
|||
96adb9bfbab867d221974d3ddb303cb6 xml/payloads/stacked_queries.xml
|
||||
c8b152ecebf04ec997e52c6c78cbd488 xml/payloads/time_blind.xml
|
||||
033b39025e8ee0f302935f6db3a39e77 xml/payloads/union_query.xml
|
||||
b788ef9f0198fa0bbb56644c206b688e xml/queries.xml
|
||||
3365321fc0217e148c2fa8a217cbfc5e xml/queries.xml
|
||||
|
|
|
@ -752,11 +752,11 @@
|
|||
<inband query="SELECT USERNAME,HASHED_PASSWORD,SALT FROM SYSUSER:SYSINTAUTHUSERS" condition="USERNAME"/>
|
||||
<blind query="SELECT HASHED_PASSWORD FROM SYSUSER:SYSINTAUTHUSERS WHERE USERNAME='%s'" query2="SELECT SALT FROM SYSUSER:SYSINTAUTHUSERS WHERE USERNAME='%s'"/>
|
||||
</passwords>
|
||||
<privileges/>
|
||||
<roles>
|
||||
<inband query="SELECT USERNAME,USERTYPE FROM SYSUSERS" condition="name"/>
|
||||
<blind query="SELECT GRANTED_ROLE FROM SYSUSERS WHERE USERNAME='s'"/>
|
||||
</roles>
|
||||
<privileges>
|
||||
<inband query="SELECT USERNAME,USERTYPE FROM SYSUSERS" condition="USERNAME"/>
|
||||
<blind query="SELECT USERTYPE FROM SYSUSERS WHERE USERNAME='%s'"/>
|
||||
</privileges>
|
||||
<roles/>
|
||||
<dbs>
|
||||
<inband query="SELECT NAME FROM SYSMASTER:SYSDATABASES"/>
|
||||
<blind query="SELECT SKIP %d LIMIT 1 NAME FROM SYSMASTER:SYSDATABASES ORDER BY NAME" count="SELECT COUNT(NAME) FROM SYSMASTER:SYSDATABASES"/>
|
||||
|
|
Loading…
Reference in New Issue
Block a user