sqlmapproject/sqlmap
1
1
Fork 0
mirror of https://github.com/sqlmapproject/sqlmap.git synced 2024-11-29 04:53:48 +03:00
Code Issues Packages Projects Releases Wiki Activity

Better fingerprint technique for Microsoft SQL Server

Browse Source
This commit is contained in:
Bernardo Damele 2008-12-22 23:32:43 +00:00
parent 79c8d63b88
commit b0ad102efb
2 changed files with 5 additions and 3 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

1
doc/ChangeLog
View File

@ -7,6 +7,7 @@ sqlmap (0.6.4-1) stable; urgency=low
manipulation statements, etc from user in SQL query and SQL shell if manipulation statements, etc from user in SQL query and SQL shell if
stacked queries are supported by the web application technology in stacked queries are supported by the web application technology in
use; use;
* Major speed increase in DBMS basic fingerprint;
* Minor enhancement to support an option (--is-dba) to show if the * Minor enhancement to support an option (--is-dba) to show if the
current user is a database management system administrator; current user is a database management system administrator;
* Minor enhancement to support an option (--union-tech) to specify the * Minor enhancement to support an option (--union-tech) to specify the

7
plugins/dbms/mssqlserver.py
View File

@ -176,12 +176,13 @@ class MSSQLServerMap(Fingerprint, Enumeration, Filesystem, Takeover):
logMsg = "testing Microsoft SQL Server" logMsg = "testing Microsoft SQL Server"
logger.info(logMsg) logger.info(logMsg)
randInt = str(randomInt(1)) payload = agent.fullPayload(" AND LEN(@@version)=LEN(@@version)")
payload = agent.fullPayload(" AND LTRIM(STR(LEN(%s)))='%s'" % (randInt, randInt))
result = Request.queryPage(payload) result = Request.queryPage(payload)
if result == True: if result == True:
logMsg = "confirming Microsoft SQL Server"
logger.info(logMsg)
for version in ( 0, 5, 8 ): for version in ( 0, 5, 8 ):
payload = agent.fullPayload(" AND SUBSTRING((@@VERSION), 25, 1)='%d'" % version) payload = agent.fullPayload(" AND SUBSTRING((@@VERSION), 25, 1)='%d'" % version)
result = Request.queryPage(payload) result = Request.queryPage(payload)