sqlmapproject/sqlmap
1
1
Fork 0
mirror of https://github.com/sqlmapproject/sqlmap.git synced 2025-02-26 16:50:35 +03:00
Code Issues Packages Projects Releases Wiki Activity

Minor cleanup

Browse Source
This commit is contained in:
stamparm 2013-07-01 12:05:02 +02:00
parent f7d15cb465
commit b5e644694a
2 changed files with 8 additions and 5 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

6
plugins/dbms/hsqldb/fingerprint.py
View File

@ -104,7 +104,7 @@ class Fingerprint(GenericFingerprint):
logger.info(infoMsg)
# TODO This gets mangled in UNION queries because of the dummy table
result = inject.checkBooleanExpression("\"java.lang.Math.sqrt\"(1)=1")
result = inject.checkBooleanExpression("CASEWHEN(1=1,1,0)=1")
if result:
infoMsg = "confirming %s" % DBMS.HSQLDB
@ -144,3 +144,7 @@ class Fingerprint(GenericFingerprint):
logger.warn(warnMsg)
return False
def getHostname(self):
warnMsg = "on HSQLDB it is not possible to enumerate the hostname"
logger.warn(warnMsg)

7
xml/queries.xml
View File

@ -626,7 +626,6 @@
</search_column>
</dbms>
<!-- HSQL (Based on MYSQL)-->
<dbms value="HyperSQL">
<cast query="CAST(%s AS LONGVARCHAR)"/>
<length query="CHAR_LENGTH(%s)"/>
@ -648,16 +647,16 @@
<banner query="DATABASE_VERSION()"/>
<current_user query="CURRENT_USER"/>
<current_db query="DATABASE()"/>
<hostname query=""/>
<hostname/>
<is_dba query="SELECT ADMIN FROM INFORMATION_SCHEMA.SYSTEM_USERS WHERE USER=CURRENT_USER"/>
<check_udf/>
<users>
<inband query="SELECT user FROM INFORMATION_SCHEMA.SYSTEM_USERS"/>
<!-- LIMIT is needed at start for v1.7 this gets mangled unless no-cast is used -->
<!-- LIMIT is needed at start for v1.7 this gets mangled unless no-cast is used -->
<blind query="SELECT LIMIT %d 1 DISTINCT(user) FROM INFORMATION_SCHEMA.SYSTEM_USERS" count="SELECT COUNT(DISTINCT(user)) FROM INFORMATION_SCHEMA.SYSTEM_USERS"/>
</users>
<passwords>
<!-- Passwords only shown in later versions &gt;=2.0 -->
<!-- Passwords only shown in later versions &gt;=2.0 -->
<inband query="SELECT user_name,password_digest FROM INFORMATION_SCHEMA.SYSTEM_USERS" condition="user_name"/>
<blind query="SELECT LIMIT %d 1 DISTINCT(password_digest) FROM INFORMATION_SCHEMA.SYSTEM_USERS WHERE user_name='%s'" count="SELECT COUNT(DISTINCT(password_digest)) FROM INFORMATION_SCHEMA.SYSTEM_USERS WHERE user_name='%s'"/>
</passwords>