diff --git a/lib/core/common.py b/lib/core/common.py index abbfde45d..08ef7046d 100644 --- a/lib/core/common.py +++ b/lib/core/common.py @@ -2444,3 +2444,37 @@ def normalizeUnicode(value): if isinstance(value, unicode): retVal = unicodedata.normalize('NFKD', value).encode('ascii','ignore') return retVal + +def safeSQLIdentificatorNaming(name, isTable=False): + """ + Returns a safe representation of SQL identificator name + """ + retVal = name + if isinstance(name, basestring): + if isTable and Backend.getIdentifiedDbms() in (DBMS.MSSQL, DBMS.SYBASE) and '.' not in name: + name = "%s.%s" % (DEFAULT_MSSQL_SCHEMA, name) + + parts = name.split('.') + for i in range(len(parts)): + if not re.match(r"\A[A-Za-z0-9_]+\Z", parts[i]): + if Backend.getIdentifiedDbms() in (DBMS.MYSQL, DBMS.ACCESS): + parts[i] = "`%s`" % parts[i].strip("`") + elif Backend.getIdentifiedDbms() in (DBMS.MSSQL, DBMS.ORACLE, DBMS.PGSQL): + parts[i] = "\"%s\"" % parts[i].strip("\"") + retVal = ".".join(parts) + + return retVal + +def unsafeSQLIdentificatorNaming(name): + """ + Extracts identificator's name from it's safe SQL representation + """ + retVal = name + if isinstance(name, basestring): + if Backend.getIdentifiedDbms() in (DBMS.MYSQL, DBMS.ACCESS): + retVal = name.replace("`", "") + elif Backend.getIdentifiedDbms() in (DBMS.MSSQL, DBMS.ORACLE, DBMS.PGSQL): + retVal = name.replace("\"", "") + if Backend.getIdentifiedDbms() in (DBMS.MSSQL, DBMS.SYBASE): + retVal = retVal.lstrip("%s." % DEFAULT_MSSQL_SCHEMA) + return retVal diff --git a/lib/core/option.py b/lib/core/option.py index 94d48bf6d..d863f46c0 100644 --- a/lib/core/option.py +++ b/lib/core/option.py @@ -1307,6 +1307,7 @@ def __useWizardInterface(): map(lambda x: conf.__setitem__(x, True), ['getBanner', 'getCurrentUser', 'getCurrentDb', 'isDba']) conf.batch = True + conf.threads = 4 print def __saveCmdline(): diff --git a/lib/techniques/brute/use.py b/lib/techniques/brute/use.py index 825cf37cd..f238d5661 100644 --- a/lib/techniques/brute/use.py +++ b/lib/techniques/brute/use.py @@ -22,6 +22,7 @@ from lib.core.common import pushValue from lib.core.common import randomInt from lib.core.common import readInput from lib.core.common import safeStringFormat +from lib.core.common import safeSQLIdentificatorNaming from lib.core.data import conf from lib.core.data import kb from lib.core.data import logger @@ -60,7 +61,7 @@ def tableExists(tableFile, regex=None): def tableExistsThread(): while count[0] < length and kb.threadContinue: tbllock.acquire() - table = tables[count[0]] + table = safeSQLIdentificatorNaming(tables[count[0]]) count[0] += 1 tbllock.release() @@ -165,6 +166,7 @@ def columnExists(columnFile, regex=None): table = "%s%s%s" % (conf.db, '..' if Backend.getIdentifiedDbms() in (DBMS.MSSQL, DBMS.SYBASE) else '.', conf.tbl) else: table = conf.tbl + table = safeSQLIdentificatorNaming(table) retVal = [] infoMsg = "checking column existence using items from '%s'" % columnFile @@ -180,7 +182,7 @@ def columnExists(columnFile, regex=None): def columnExistsThread(): while count[0] < length and kb.threadContinue: collock.acquire() - column = columns[count[0]] + column = safeSQLIdentificatorNaming(columns[count[0]]) count[0] += 1 collock.release() diff --git a/plugins/dbms/mssqlserver/enumeration.py b/plugins/dbms/mssqlserver/enumeration.py index 255ccae1d..8d6a5b56a 100644 --- a/plugins/dbms/mssqlserver/enumeration.py +++ b/plugins/dbms/mssqlserver/enumeration.py @@ -13,6 +13,8 @@ from lib.core.common import Backend from lib.core.common import getRange from lib.core.common import isNumPosStrValue from lib.core.common import isTechniqueAvailable +from lib.core.common import safeSQLIdentificatorNaming +from lib.core.common import unsafeSQLIdentificatorNaming from lib.core.data import conf from lib.core.data import kb from lib.core.data import logger @@ -78,7 +80,7 @@ class Enumeration(GenericEnumeration): if isTechniqueAvailable(PAYLOAD.TECHNIQUE.UNION) or isTechniqueAvailable(PAYLOAD.TECHNIQUE.ERROR) or conf.direct: for db in dbs: - db = self.__safeSQLIdentificatorNaming(db) + db = safeSQLIdentificatorNaming(db) if conf.excludeSysDbs and db in self.excludeDbsList: infoMsg = "skipping system database '%s'" % db @@ -94,7 +96,7 @@ class Enumeration(GenericEnumeration): if not kb.data.cachedTables and not conf.direct: for db in dbs: - db = self.__safeSQLIdentificatorNaming(db) + db = safeSQLIdentificatorNaming(db) if conf.excludeSysDbs and db in self.excludeDbsList: infoMsg = "skipping system database '%s'" % db @@ -154,23 +156,23 @@ class Enumeration(GenericEnumeration): if isinstance(db, list): db = db[0] - db = self.__safeSQLIdentificatorNaming(db) + db = safeSQLIdentificatorNaming(db) foundTbls[db] = [] for tbl in tblList: - tbl = self.__safeSQLIdentificatorNaming(tbl, True) + tbl = safeSQLIdentificatorNaming(tbl, True) infoMsg = "searching table" if tblConsider == "1": infoMsg += "s like" - infoMsg += " '%s'" % self.__unsafeSQLIdentificatorNaming(tbl) + infoMsg += " '%s'" % unsafeSQLIdentificatorNaming(tbl) logger.info(infoMsg) tblQuery = "%s%s" % (tblCond, tblCondParam) - tblQuery = tblQuery % self.__unsafeSQLIdentificatorNaming(tbl) + tblQuery = tblQuery % unsafeSQLIdentificatorNaming(tbl) for db in foundTbls.keys(): - db = self.__safeSQLIdentificatorNaming(db) + db = safeSQLIdentificatorNaming(db) if conf.excludeSysDbs and db in self.excludeDbsList: infoMsg = "skipping system database '%s'" % db @@ -196,7 +198,7 @@ class Enumeration(GenericEnumeration): infoMsg = "fetching number of table" if tblConsider == "1": infoMsg += "s like" - infoMsg += " '%s' in database '%s'" % (self.__unsafeSQLIdentificatorNaming(tbl), self.__unsafeSQLIdentificatorNaming(db)) + infoMsg += " '%s' in database '%s'" % (unsafeSQLIdentificatorNaming(tbl), unsafeSQLIdentificatorNaming(db)) logger.info(infoMsg) query = rootQuery.blind.count2 @@ -208,8 +210,8 @@ class Enumeration(GenericEnumeration): warnMsg = "no table" if tblConsider == "1": warnMsg += "s like" - warnMsg += " '%s' " % self.__unsafeSQLIdentificatorNaming(tbl) - warnMsg += "in database '%s'" % self.__unsafeSQLIdentificatorNaming(db) + warnMsg += " '%s' " % unsafeSQLIdentificatorNaming(tbl) + warnMsg += "in database '%s'" % unsafeSQLIdentificatorNaming(db) logger.warn(warnMsg) continue @@ -245,25 +247,25 @@ class Enumeration(GenericEnumeration): enumDbs = kb.data.cachedDbs for db in enumDbs: - db = self.__safeSQLIdentificatorNaming(db) + db = safeSQLIdentificatorNaming(db) dbs[db] = {} for column in colList: - column = self.__safeSQLIdentificatorNaming(column) + column = safeSQLIdentificatorNaming(column) infoMsg = "searching column" if colConsider == "1": infoMsg += "s like" - infoMsg += " '%s'" % self.__unsafeSQLIdentificatorNaming(column) + infoMsg += " '%s'" % unsafeSQLIdentificatorNaming(column) logger.info(infoMsg) foundCols[column] = {} colQuery = "%s%s" % (colCond, colCondParam) - colQuery = colQuery % self.__unsafeSQLIdentificatorNaming(column) + colQuery = colQuery % unsafeSQLIdentificatorNaming(column) for db in dbs.keys(): - db = self.__safeSQLIdentificatorNaming(db) + db = safeSQLIdentificatorNaming(db) if conf.excludeSysDbs and db in self.excludeDbsList: infoMsg = "skipping system database '%s'" % db @@ -281,7 +283,7 @@ class Enumeration(GenericEnumeration): values = [ values ] for foundTbl in values: - foundTbl = self.__safeSQLIdentificatorNaming(foundTbl, True) + foundTbl = safeSQLIdentificatorNaming(foundTbl, True) if foundTbl is None: continue @@ -339,7 +341,7 @@ class Enumeration(GenericEnumeration): tbl = inject.getValue(query, inband=False, error=False) kb.hintValue = tbl - tbl = self.__safeSQLIdentificatorNaming(tbl, True) + tbl = safeSQLIdentificatorNaming(tbl, True) if tbl not in dbs[db]: dbs[db][tbl] = {} diff --git a/plugins/dbms/oracle/enumeration.py b/plugins/dbms/oracle/enumeration.py index bf3da8418..853e63e21 100644 --- a/plugins/dbms/oracle/enumeration.py +++ b/plugins/dbms/oracle/enumeration.py @@ -12,6 +12,8 @@ from lib.core.common import Backend from lib.core.common import getRange from lib.core.common import isNumPosStrValue from lib.core.common import isTechniqueAvailable +from lib.core.common import safeSQLIdentificatorNaming +from lib.core.common import unsafeSQLIdentificatorNaming from lib.core.data import conf from lib.core.data import kb from lib.core.data import logger @@ -181,21 +183,21 @@ class Enumeration(GenericEnumeration): colConsider, colCondParam = self.likeOrExact("column") for column in colList: - column = self.__safeSQLIdentificatorNaming(column) + column = safeSQLIdentificatorNaming(column) infoMsg = "searching column" if colConsider == "1": infoMsg += "s like" - infoMsg += " '%s'" % self.__unsafeSQLIdentificatorNaming(column) + infoMsg += " '%s'" % unsafeSQLIdentificatorNaming(column) logger.info(infoMsg) foundCols[column] = {} colQuery = "%s%s" % (colCond, colCondParam) - colQuery = colQuery % self.__unsafeSQLIdentificatorNaming(column) + colQuery = colQuery % unsafeSQLIdentificatorNaming(column) for db in dbs.keys(): - db = self.__safeSQLIdentificatorNaming(db) + db = safeSQLIdentificatorNaming(db) if isTechniqueAvailable(PAYLOAD.TECHNIQUE.UNION) or isTechniqueAvailable(PAYLOAD.TECHNIQUE.ERROR) or conf.direct: query = rootQuery.inband.query @@ -207,7 +209,7 @@ class Enumeration(GenericEnumeration): values = [ values ] for foundTbl in values: - foundTbl = self.__safeSQLIdentificatorNaming(foundTbl, True) + foundTbl = safeSQLIdentificatorNaming(foundTbl, True) if foundTbl is None: continue @@ -263,7 +265,7 @@ class Enumeration(GenericEnumeration): tbl = inject.getValue(query, inband=False, error=False) kb.hintValue = tbl - tbl = self.__safeSQLIdentificatorNaming(tbl, True) + tbl = safeSQLIdentificatorNaming(tbl, True) if tbl not in dbs[db]: dbs[db][tbl] = {} diff --git a/plugins/generic/enumeration.py b/plugins/generic/enumeration.py index fa160719b..a36036baa 100644 --- a/plugins/generic/enumeration.py +++ b/plugins/generic/enumeration.py @@ -29,8 +29,10 @@ from lib.core.common import pushValue from lib.core.common import randomStr from lib.core.common import readInput from lib.core.common import safeStringFormat +from lib.core.common import safeSQLIdentificatorNaming from lib.core.common import strToHex from lib.core.common import unArrayizeValue +from lib.core.common import unsafeSQLIdentificatorNaming from lib.core.convert import utf8decode from lib.core.data import conf from lib.core.data import kb @@ -750,7 +752,7 @@ class Enumeration: else: return tables - conf.db = self.__safeSQLIdentificatorNaming(conf.db) + conf.db = safeSQLIdentificatorNaming(conf.db) if bruteForce: resumeAvailable = False @@ -807,12 +809,12 @@ class Enumeration: if "," in conf.db: dbs = conf.db.split(",") query += " WHERE " - query += " OR ".join("%s = '%s'" % (condition, self.__unsafeSQLIdentificatorNaming(db)) for db in dbs) + query += " OR ".join("%s = '%s'" % (condition, unsafeSQLIdentificatorNaming(db)) for db in dbs) else: - query += " WHERE %s='%s'" % (condition, self.__unsafeSQLIdentificatorNaming(conf.db)) + query += " WHERE %s='%s'" % (condition, unsafeSQLIdentificatorNaming(conf.db)) elif conf.excludeSysDbs: query += " WHERE " - query += " AND ".join("%s != '%s'" % (condition, self.__unsafeSQLIdentificatorNaming(db)) for db in self.excludeDbsList) + query += " AND ".join("%s != '%s'" % (condition, unsafeSQLIdentificatorNaming(db)) for db in self.excludeDbsList) infoMsg = "skipping system databases '%s'" % ", ".join(db for db in self.excludeDbsList) logger.info(infoMsg) @@ -835,8 +837,8 @@ class Enumeration: value = newValue for db, table in value: - db = self.__safeSQLIdentificatorNaming(db) - table = self.__safeSQLIdentificatorNaming(table, True) + db = safeSQLIdentificatorNaming(db) + table = safeSQLIdentificatorNaming(table, True) if not kb.data.cachedTables.has_key(db): kb.data.cachedTables[db] = [table] else: @@ -857,7 +859,7 @@ class Enumeration: if Backend.getIdentifiedDbms() in (DBMS.SQLITE, DBMS.FIREBIRD, DBMS.MAXDB, DBMS.ACCESS): query = rootQuery.blind.count else: - query = rootQuery.blind.count % self.__unsafeSQLIdentificatorNaming(db) + query = rootQuery.blind.count % unsafeSQLIdentificatorNaming(db) count = inject.getValue(query, inband=False, error=False, expected=EXPECTED.INT, charsetType=2) if not isNumPosStrValue(count): @@ -882,10 +884,10 @@ class Enumeration: elif Backend.getIdentifiedDbms() in (DBMS.SQLITE, DBMS.FIREBIRD): query = rootQuery.blind.query % index else: - query = rootQuery.blind.query % (self.__unsafeSQLIdentificatorNaming(db), index) + query = rootQuery.blind.query % (unsafeSQLIdentificatorNaming(db), index) table = inject.getValue(query, inband=False, error=False) kb.hintValue = table - table = self.__safeSQLIdentificatorNaming(table, True) + table = safeSQLIdentificatorNaming(table, True) tables.append(table) if tables: @@ -934,8 +936,8 @@ class Enumeration: logger.error(errMsg) bruteForce = True - conf.tbl = self.__safeSQLIdentificatorNaming(conf.tbl, True) - conf.db = self.__safeSQLIdentificatorNaming(conf.db) + conf.tbl = safeSQLIdentificatorNaming(conf.tbl, True) + conf.db = safeSQLIdentificatorNaming(conf.db) if bruteForce: resumeAvailable = False @@ -974,8 +976,8 @@ class Enumeration: if Backend.getIdentifiedDbms() == DBMS.ORACLE: conf.col = conf.col.upper() colList = conf.col.split(",") - condQuery = " AND (" + " OR ".join("%s LIKE '%s'" % (condition, "%" + self.__unsafeSQLIdentificatorNaming(col) + "%") for col in colList) + ")" - infoMsg += "like '%s' " % ", ".join(self.__unsafeSQLIdentificatorNaming(col) for col in colList) + condQuery = " AND (" + " OR ".join("%s LIKE '%s'" % (condition, "%" + unsafeSQLIdentificatorNaming(col) + "%") for col in colList) + ")" + infoMsg += "like '%s' " % ", ".join(unsafeSQLIdentificatorNaming(col) for col in colList) else: condQuery = "" @@ -985,16 +987,16 @@ class Enumeration: if isTechniqueAvailable(PAYLOAD.TECHNIQUE.UNION) or isTechniqueAvailable(PAYLOAD.TECHNIQUE.ERROR) or conf.direct: if Backend.getIdentifiedDbms() in ( DBMS.MYSQL, DBMS.PGSQL ): - query = rootQuery.inband.query % (self.__unsafeSQLIdentificatorNaming(conf.tbl), self.__unsafeSQLIdentificatorNaming(conf.db)) + query = rootQuery.inband.query % (unsafeSQLIdentificatorNaming(conf.tbl), unsafeSQLIdentificatorNaming(conf.db)) query += condQuery elif Backend.getIdentifiedDbms() == DBMS.ORACLE: - query = rootQuery.inband.query % self.__unsafeSQLIdentificatorNaming(conf.tbl.upper()) + query = rootQuery.inband.query % unsafeSQLIdentificatorNaming(conf.tbl.upper()) query += condQuery elif Backend.getIdentifiedDbms() == DBMS.MSSQL: query = rootQuery.inband.query % (conf.db, conf.db, conf.db, conf.db, conf.db, conf.db, - conf.db, self.__unsafeSQLIdentificatorNaming(conf.tbl)) + conf.db, unsafeSQLIdentificatorNaming(conf.tbl)) query += condQuery.replace("[DB]", conf.db) elif Backend.getIdentifiedDbms() == DBMS.SQLITE: query = rootQuery.inband.query % conf.tbl @@ -1008,7 +1010,7 @@ class Enumeration: columns = {} for columnData in value: - name = self.__safeSQLIdentificatorNaming(columnData[0]) + name = safeSQLIdentificatorNaming(columnData[0]) if len(columnData) == 1: columns[name] = "" @@ -1025,16 +1027,16 @@ class Enumeration: logger.info(infoMsg) if Backend.getIdentifiedDbms() in ( DBMS.MYSQL, DBMS.PGSQL ): - query = rootQuery.blind.count % (self.__unsafeSQLIdentificatorNaming(conf.tbl), self.__unsafeSQLIdentificatorNaming(conf.db)) + query = rootQuery.blind.count % (unsafeSQLIdentificatorNaming(conf.tbl), unsafeSQLIdentificatorNaming(conf.db)) query += condQuery elif Backend.getIdentifiedDbms() == DBMS.ORACLE: - query = rootQuery.blind.count % self.__unsafeSQLIdentificatorNaming(conf.tbl.upper()) + query = rootQuery.blind.count % unsafeSQLIdentificatorNaming(conf.tbl.upper()) query += condQuery elif Backend.getIdentifiedDbms() in DBMS.MSSQL: query = rootQuery.blind.count % (conf.db, conf.db, \ - self.__unsafeSQLIdentificatorNaming(conf.tbl)) + unsafeSQLIdentificatorNaming(conf.tbl)) query += condQuery.replace("[DB]", conf.db) elif Backend.getIdentifiedDbms() == DBMS.FIREBIRD: @@ -1062,18 +1064,18 @@ class Enumeration: for index in indexRange: if Backend.getIdentifiedDbms() in ( DBMS.MYSQL, DBMS.PGSQL ): - query = rootQuery.blind.query % (self.__unsafeSQLIdentificatorNaming(conf.tbl), self.__unsafeSQLIdentificatorNaming(conf.db)) + query = rootQuery.blind.query % (unsafeSQLIdentificatorNaming(conf.tbl), unsafeSQLIdentificatorNaming(conf.db)) query += condQuery field = None elif Backend.getIdentifiedDbms() == DBMS.ORACLE: - query = rootQuery.blind.query % self.__unsafeSQLIdentificatorNaming(conf.tbl.upper()) + query = rootQuery.blind.query % unsafeSQLIdentificatorNaming(conf.tbl.upper()) query += condQuery field = None elif Backend.getIdentifiedDbms() in (DBMS.MSSQL, DBMS.SYBASE): query = rootQuery.blind.query % (conf.db, conf.db, conf.db, conf.db, conf.db, conf.db, - self.__unsafeSQLIdentificatorNaming(conf.tbl)) + unsafeSQLIdentificatorNaming(conf.tbl)) query += condQuery.replace("[DB]", conf.db) field = condition.replace("[DB]", conf.db) elif Backend.getIdentifiedDbms() == DBMS.FIREBIRD: @@ -1086,13 +1088,13 @@ class Enumeration: if not onlyColNames: if Backend.getIdentifiedDbms() in ( DBMS.MYSQL, DBMS.PGSQL ): - query = rootQuery.blind.query2 % (self.__unsafeSQLIdentificatorNaming(conf.tbl), column, self.__unsafeSQLIdentificatorNaming(conf.db)) + query = rootQuery.blind.query2 % (unsafeSQLIdentificatorNaming(conf.tbl), column, unsafeSQLIdentificatorNaming(conf.db)) elif Backend.getIdentifiedDbms() == DBMS.ORACLE: - query = rootQuery.blind.query2 % (self.__unsafeSQLIdentificatorNaming(conf.tbl.upper()), column) + query = rootQuery.blind.query2 % (unsafeSQLIdentificatorNaming(conf.tbl.upper()), column) elif Backend.getIdentifiedDbms() == DBMS.MSSQL: query = rootQuery.blind.query2 % (conf.db, conf.db, conf.db, conf.db, column, conf.db, - conf.db, conf.db, self.__unsafeSQLIdentificatorNaming(conf.tbl)) + conf.db, conf.db, unsafeSQLIdentificatorNaming(conf.tbl)) elif Backend.getIdentifiedDbms() == DBMS.FIREBIRD: query = rootQuery.blind.query2 % (conf.tbl, column) @@ -1101,10 +1103,10 @@ class Enumeration: if Backend.getIdentifiedDbms() == DBMS.FIREBIRD: colType = firebirdTypes[colType] if colType in firebirdTypes else colType - column = self.__safeSQLIdentificatorNaming(column) + column = safeSQLIdentificatorNaming(column) columns[column] = colType else: - column = self.__safeSQLIdentificatorNaming(column) + column = safeSQLIdentificatorNaming(column) columns[column] = None if columns: @@ -1209,40 +1211,6 @@ class Enumeration: return entries, lengths - def __safeSQLIdentificatorNaming(self, value, isTable=False): - """ - Returns a safe representation of SQL identificator name - """ - retVal = value - if isinstance(value, basestring): - if isTable and Backend.getIdentifiedDbms() in (DBMS.MSSQL, DBMS.SYBASE) and '.' not in value: - value = "%s.%s" % (DEFAULT_MSSQL_SCHEMA, value) - - parts = value.split('.') - for i in range(len(parts)): - if not re.match(r"\A[A-Za-z0-9_]+\Z", parts[i]): - if Backend.getIdentifiedDbms() in (DBMS.MYSQL, DBMS.ACCESS): - parts[i] = "`%s`" % parts[i].strip("`") - elif Backend.getIdentifiedDbms() in (DBMS.MSSQL, DBMS.ORACLE, DBMS.PGSQL): - parts[i] = "\"%s\"" % parts[i].strip("\"") - retVal = ".".join(parts) - - return retVal - - def __unsafeSQLIdentificatorNaming(self, value): - """ - Extracts identificator's name from it's safe SQL representation - """ - retVal = value - if isinstance(value, basestring): - if Backend.getIdentifiedDbms() in (DBMS.MYSQL, DBMS.ACCESS): - retVal = value.replace("`", "") - elif Backend.getIdentifiedDbms() in (DBMS.MSSQL, DBMS.ORACLE, DBMS.PGSQL): - retVal = value.replace("\"", "") - if Backend.getIdentifiedDbms() in (DBMS.MSSQL, DBMS.SYBASE): - retVal = retVal.lstrip("%s." % DEFAULT_MSSQL_SCHEMA) - return retVal - def dumpTable(self): if not conf.tbl and not conf.col: errMsg = "missing table parameter" @@ -1273,8 +1241,8 @@ class Enumeration: rootQuery = queries[Backend.getIdentifiedDbms()].dump_table - conf.tbl = self.__safeSQLIdentificatorNaming(conf.tbl, True) - conf.db = self.__safeSQLIdentificatorNaming(conf.db) + conf.tbl = safeSQLIdentificatorNaming(conf.tbl, True) + conf.db = safeSQLIdentificatorNaming(conf.db) if conf.col: colList = conf.col.split(",") @@ -1605,23 +1573,23 @@ class Enumeration: dbConsider, dbCondParam = self.likeOrExact("database") for db in dbList: - db = self.__safeSQLIdentificatorNaming(db) + db = safeSQLIdentificatorNaming(db) infoMsg = "searching database" if dbConsider == "1": infoMsg += "s like" - infoMsg += " '%s'" % self.__unsafeSQLIdentificatorNaming(db) + infoMsg += " '%s'" % unsafeSQLIdentificatorNaming(db) logger.info(infoMsg) if conf.excludeSysDbs: - exclDbsQuery = "".join(" AND '%s' != %s" % (self.__unsafeSQLIdentificatorNaming(db), dbCond) for db in self.excludeDbsList) + exclDbsQuery = "".join(" AND '%s' != %s" % (unsafeSQLIdentificatorNaming(db), dbCond) for db in self.excludeDbsList) infoMsg = "skipping system databases '%s'" % ", ".join(db for db in self.excludeDbsList) logger.info(infoMsg) else: exclDbsQuery = "" dbQuery = "%s%s" % (dbCond, dbCondParam) - dbQuery = dbQuery % self.__unsafeSQLIdentificatorNaming(db) + dbQuery = dbQuery % unsafeSQLIdentificatorNaming(db) if isTechniqueAvailable(PAYLOAD.TECHNIQUE.UNION) or isTechniqueAvailable(PAYLOAD.TECHNIQUE.ERROR) or conf.direct: if Backend.getIdentifiedDbms() == DBMS.MYSQL and not kb.data.has_information_schema: @@ -1637,13 +1605,13 @@ class Enumeration: values = [ values ] for value in values: - value = self.__safeSQLIdentificatorNaming(value) + value = safeSQLIdentificatorNaming(value) foundDbs.append(value) else: infoMsg = "fetching number of databases" if dbConsider == "1": infoMsg += "s like" - infoMsg += " '%s'" % self.__unsafeSQLIdentificatorNaming(db) + infoMsg += " '%s'" % unsafeSQLIdentificatorNaming(db) logger.info(infoMsg) if Backend.getIdentifiedDbms() == DBMS.MYSQL and not kb.data.has_information_schema: @@ -1658,7 +1626,7 @@ class Enumeration: warnMsg = "no database" if dbConsider == "1": warnMsg += "s like" - warnMsg += " '%s' found" % self.__unsafeSQLIdentificatorNaming(db) + warnMsg += " '%s' found" % unsafeSQLIdentificatorNaming(db) logger.warn(warnMsg) continue @@ -1675,7 +1643,7 @@ class Enumeration: query = agent.limitQuery(index, query, dbCond) value = inject.getValue(query, inband=False, error=False) - value = self.__safeSQLIdentificatorNaming(value) + value = safeSQLIdentificatorNaming(value) foundDbs.append(value) return foundDbs @@ -1715,7 +1683,7 @@ class Enumeration: tblConsider, tblCondParam = self.likeOrExact("table") for tbl in tblList: - tbl = self.__safeSQLIdentificatorNaming(tbl, True) + tbl = safeSQLIdentificatorNaming(tbl, True) if Backend.getIdentifiedDbms() == DBMS.ORACLE: tbl = tbl.upper() @@ -1723,11 +1691,11 @@ class Enumeration: infoMsg = "searching table" if tblConsider == "1": infoMsg += "s like" - infoMsg += " '%s'" % self.__unsafeSQLIdentificatorNaming(tbl) + infoMsg += " '%s'" % unsafeSQLIdentificatorNaming(tbl) logger.info(infoMsg) if conf.excludeSysDbs: - exclDbsQuery = "".join(" AND '%s' != %s" % (self.__unsafeSQLIdentificatorNaming(db), dbCond) for db in self.excludeDbsList) + exclDbsQuery = "".join(" AND '%s' != %s" % (unsafeSQLIdentificatorNaming(db), dbCond) for db in self.excludeDbsList) infoMsg = "skipping system databases '%s'" % ", ".join(db for db in self.excludeDbsList) logger.info(infoMsg) else: @@ -1747,8 +1715,8 @@ class Enumeration: values = [ values ] for foundDb, foundTbl in values: - foundDb = self.__safeSQLIdentificatorNaming(foundDb) - foundTbl = self.__safeSQLIdentificatorNaming(foundTbl, True) + foundDb = safeSQLIdentificatorNaming(foundDb) + foundTbl = safeSQLIdentificatorNaming(foundTbl, True) if foundDb is None or foundTbl is None: continue @@ -1761,7 +1729,7 @@ class Enumeration: infoMsg = "fetching number of databases with table" if tblConsider == "1": infoMsg += "s like" - infoMsg += " '%s'" % self.__unsafeSQLIdentificatorNaming(tbl) + infoMsg += " '%s'" % unsafeSQLIdentificatorNaming(tbl) logger.info(infoMsg) query = rootQuery.blind.count @@ -1773,7 +1741,7 @@ class Enumeration: warnMsg = "no databases have table" if tblConsider == "1": warnMsg += "s like" - warnMsg += " '%s'" % self.__unsafeSQLIdentificatorNaming(tbl) + warnMsg += " '%s'" % unsafeSQLIdentificatorNaming(tbl) logger.warn(warnMsg) continue @@ -1786,7 +1754,7 @@ class Enumeration: query += exclDbsQuery query = agent.limitQuery(index, query) foundDb = inject.getValue(query, inband=False, error=False) - foundDb = self.__safeSQLIdentificatorNaming(foundDb) + foundDb = safeSQLIdentificatorNaming(foundDb) if foundDb not in foundTbls: foundTbls[foundDb] = [] @@ -1798,16 +1766,16 @@ class Enumeration: continue for db in foundTbls.keys(): - db = self.__safeSQLIdentificatorNaming(db) + db = safeSQLIdentificatorNaming(db) infoMsg = "fetching number of table" if tblConsider == "1": infoMsg += "s like" - infoMsg += " '%s' in database '%s'" % (self.__unsafeSQLIdentificatorNaming(tbl), db) + infoMsg += " '%s' in database '%s'" % (unsafeSQLIdentificatorNaming(tbl), db) logger.info(infoMsg) query = rootQuery.blind.count2 - query = query % self.__unsafeSQLIdentificatorNaming(db) + query = query % unsafeSQLIdentificatorNaming(db) query += " AND %s" % tblQuery count = inject.getValue(query, inband=False, error=False, expected=EXPECTED.INT, charsetType=2) @@ -1815,7 +1783,7 @@ class Enumeration: warnMsg = "no table" if tblConsider == "1": warnMsg += "s like" - warnMsg += " '%s' " % self.__unsafeSQLIdentificatorNaming(tbl) + warnMsg += " '%s' " % unsafeSQLIdentificatorNaming(tbl) warnMsg += "in database '%s'" % db logger.warn(warnMsg) @@ -1825,12 +1793,12 @@ class Enumeration: for index in indexRange: query = rootQuery.blind.query2 - query = query % self.__unsafeSQLIdentificatorNaming(db) + query = query % unsafeSQLIdentificatorNaming(db) query += " AND %s" % tblQuery query = agent.limitQuery(index, query) foundTbl = inject.getValue(query, inband=False, error=False) kb.hintValue = foundTbl - foundTbl = self.__safeSQLIdentificatorNaming(foundTbl, True) + foundTbl = safeSQLIdentificatorNaming(foundTbl, True) foundTbls[db].append(foundTbl) return foundTbls @@ -1879,12 +1847,12 @@ class Enumeration: colConsider, colCondParam = self.likeOrExact("column") for column in colList: - column = self.__safeSQLIdentificatorNaming(column) + column = safeSQLIdentificatorNaming(column) infoMsg = "searching column" if colConsider == "1": infoMsg += "s like" - infoMsg += " '%s'" % self.__unsafeSQLIdentificatorNaming(column) + infoMsg += " '%s'" % unsafeSQLIdentificatorNaming(column) logger.info(infoMsg) foundCols[column] = {} @@ -1897,7 +1865,7 @@ class Enumeration: exclDbsQuery = "" colQuery = "%s%s" % (colCond, colCondParam) - colQuery = colQuery % self.__unsafeSQLIdentificatorNaming(column) + colQuery = colQuery % unsafeSQLIdentificatorNaming(column) if isTechniqueAvailable(PAYLOAD.TECHNIQUE.UNION) or isTechniqueAvailable(PAYLOAD.TECHNIQUE.ERROR) or conf.direct: query = rootQuery.inband.query @@ -1910,8 +1878,8 @@ class Enumeration: values = [ values ] for foundDb, foundTbl in values: - foundDb = self.__safeSQLIdentificatorNaming(foundDb) - foundTbl = self.__safeSQLIdentificatorNaming(foundTbl, True) + foundDb = safeSQLIdentificatorNaming(foundDb) + foundTbl = safeSQLIdentificatorNaming(foundTbl, True) if foundDb is None or foundTbl is None: continue @@ -1967,7 +1935,7 @@ class Enumeration: query += exclDbsQuery query = agent.limitQuery(index, query) db = inject.getValue(query, inband=False, error=False) - db = self.__safeSQLIdentificatorNaming(db) + db = safeSQLIdentificatorNaming(db) if db not in dbs: dbs[db] = {} @@ -1980,12 +1948,12 @@ class Enumeration: colQuery = colQuery % column for db in dbData: - db = self.__safeSQLIdentificatorNaming(db) + db = safeSQLIdentificatorNaming(db) infoMsg = "fetching number of tables containing column" if colConsider == "1": infoMsg += "s like" - infoMsg += " '%s' in database '%s'" % (self.__unsafeSQLIdentificatorNaming(column), db) + infoMsg += " '%s' in database '%s'" % (unsafeSQLIdentificatorNaming(column), db) logger.info(infoMsg) query = rootQuery.blind.count2 @@ -2013,7 +1981,7 @@ class Enumeration: tbl = inject.getValue(query, inband=False, error=False) kb.hintValue = tbl - tbl = self.__safeSQLIdentificatorNaming(tbl, True) + tbl = safeSQLIdentificatorNaming(tbl, True) if tbl not in dbs[db]: dbs[db][tbl] = {} diff --git a/txt/common-tables.txt b/txt/common-tables.txt index 642244ae0..a46636880 100644 --- a/txt/common-tables.txt +++ b/txt/common-tables.txt @@ -1802,9 +1802,7 @@ dealers diary download Dragon_users -e107.e107_user e107_user -forum.ibf_members fusion_user_groups fusion_users ibf_admin_sessions @@ -1815,7 +1813,6 @@ ibf_sessions icq index info -ipb.ibf_members ipb_sessions joomla_users jos_blastchatc_users @@ -1851,7 +1848,6 @@ mitglieder movie mybb_users mysql -mysql.user name names news_lostpass @@ -1873,9 +1869,7 @@ phorum_user phorum_users phpads_clients phpads_config -phpBB2.forum_users -phpBB2.phpbb_users -phpmyadmin.pma_table_info +forum_users poll_user punbb_users pwd @@ -1885,8 +1879,7 @@ reg_users registered reguser regusers -shop.cards -shop.orders +cards site_login site_logins sitelogin @@ -2258,7 +2251,6 @@ pwd1 jhu webapps ASP -ASP.NET Microsoft sing singup @@ -3177,7 +3169,7 @@ cdb_banned cdb_crons cdb_access cdb_invites -dbo.sysmergeschemaarticles +sysmergeschemaarticles CodeRuleType cdb_membermagics cdb_imagetypes @@ -3189,7 +3181,7 @@ cdb_adminsessions pw_adminset seen t_snap -dbo.MSmerge_altsyncpartners +MSmerge_altsyncpartners zl_deeds pw_styles pw_announce @@ -3222,7 +3214,7 @@ cdb_pluginhooks mymps_member_docutype wp1_categories cdb_magicmarket -dbo.MSmerge_errorlineage +MSmerge_errorlineage cdb_activities zl_baoming cdb_orders @@ -3257,7 +3249,7 @@ Market mymps_config mymps_mail_template mymps_advertisement -dbo.MSrepl_identity_range +MSrepl_identity_range pw_favors mymps_crons pw_config