sqlmapproject/sqlmap
1
1
Fork 0
mirror of https://github.com/sqlmapproject/sqlmap.git synced 2025-02-03 05:04:11 +03:00
Code Issues Packages Projects Releases Wiki Activity

refactoring, cleanup and improvement

Browse Source
This commit is contained in:
Miroslav Stampar 2011-03-29 21:54:15 +00:00
parent adfbfef8c1
commit b6af80bab3
7 changed files with 135 additions and 134 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

34
lib/core/common.py
View File

@ -2444,3 +2444,37 @@ def normalizeUnicode(value):
if isinstance(value, unicode):
retVal = unicodedata.normalize('NFKD', value).encode('ascii','ignore')
return retVal
def safeSQLIdentificatorNaming(name, isTable=False):
"""
Returns a safe representation of SQL identificator name
"""
retVal = name
if isinstance(name, basestring):
if isTable and Backend.getIdentifiedDbms() in (DBMS.MSSQL, DBMS.SYBASE) and '.' not in name:
name = "%s.%s" % (DEFAULT_MSSQL_SCHEMA, name)
parts = name.split('.')
for i in range(len(parts)):
if not re.match(r"\A[A-Za-z0-9_]+\Z", parts[i]):
if Backend.getIdentifiedDbms() in (DBMS.MYSQL, DBMS.ACCESS):
parts[i] = "`%s`" % parts[i].strip("`")
elif Backend.getIdentifiedDbms() in (DBMS.MSSQL, DBMS.ORACLE, DBMS.PGSQL):
parts[i] = "\"%s\"" % parts[i].strip("\"")
retVal = ".".join(parts)
return retVal
def unsafeSQLIdentificatorNaming(name):
"""
Extracts identificator's name from it's safe SQL representation
"""
retVal = name
if isinstance(name, basestring):
if Backend.getIdentifiedDbms() in (DBMS.MYSQL, DBMS.ACCESS):
retVal = name.replace("`", "")
elif Backend.getIdentifiedDbms() in (DBMS.MSSQL, DBMS.ORACLE, DBMS.PGSQL):
retVal = name.replace("\"", "")
if Backend.getIdentifiedDbms() in (DBMS.MSSQL, DBMS.SYBASE):
retVal = retVal.lstrip("%s." % DEFAULT_MSSQL_SCHEMA)
return retVal

1
lib/core/option.py
View File

@ -1307,6 +1307,7 @@ def __useWizardInterface():
map(lambda x: conf.__setitem__(x, True), ['getBanner', 'getCurrentUser', 'getCurrentDb', 'isDba'])
conf.batch = True
conf.threads = 4
print
def __saveCmdline():

6
lib/techniques/brute/use.py
View File

@ -22,6 +22,7 @@ from lib.core.common import pushValue
from lib.core.common import randomInt
from lib.core.common import readInput
from lib.core.common import safeStringFormat
from lib.core.common import safeSQLIdentificatorNaming
from lib.core.data import conf
from lib.core.data import kb
from lib.core.data import logger
@ -60,7 +61,7 @@ def tableExists(tableFile, regex=None):
def tableExistsThread():
while count[0] < length and kb.threadContinue:
tbllock.acquire()
table = tables[count[0]]
table = safeSQLIdentificatorNaming(tables[count[0]])
count[0] += 1
tbllock.release()
@ -165,6 +166,7 @@ def columnExists(columnFile, regex=None):
table = "%s%s%s" % (conf.db, '..' if Backend.getIdentifiedDbms() in (DBMS.MSSQL, DBMS.SYBASE) else '.', conf.tbl)
else:
table = conf.tbl
table = safeSQLIdentificatorNaming(table)
retVal = []
infoMsg = "checking column existence using items from '%s'" % columnFile
@ -180,7 +182,7 @@ def columnExists(columnFile, regex=None):
def columnExistsThread():
while count[0] < length and kb.threadContinue:
collock.acquire()
column = columns[count[0]]
column = safeSQLIdentificatorNaming(columns[count[0]])
count[0] += 1
collock.release()

36
plugins/dbms/mssqlserver/enumeration.py
View File

@ -13,6 +13,8 @@ from lib.core.common import Backend
from lib.core.common import getRange
from lib.core.common import isNumPosStrValue
from lib.core.common import isTechniqueAvailable
from lib.core.common import safeSQLIdentificatorNaming
from lib.core.common import unsafeSQLIdentificatorNaming
from lib.core.data import conf
from lib.core.data import kb
from lib.core.data import logger
@ -78,7 +80,7 @@ class Enumeration(GenericEnumeration):
if isTechniqueAvailable(PAYLOAD.TECHNIQUE.UNION) or isTechniqueAvailable(PAYLOAD.TECHNIQUE.ERROR) or conf.direct:
for db in dbs:
db = self.__safeSQLIdentificatorNaming(db)
db = safeSQLIdentificatorNaming(db)
if conf.excludeSysDbs and db in self.excludeDbsList:
infoMsg = "skipping system database '%s'" % db
@ -94,7 +96,7 @@ class Enumeration(GenericEnumeration):
if not kb.data.cachedTables and not conf.direct:
for db in dbs:
db = self.__safeSQLIdentificatorNaming(db)
db = safeSQLIdentificatorNaming(db)
if conf.excludeSysDbs and db in self.excludeDbsList:
infoMsg = "skipping system database '%s'" % db
@ -154,23 +156,23 @@ class Enumeration(GenericEnumeration):
if isinstance(db, list):
db = db[0]
db = self.__safeSQLIdentificatorNaming(db)
db = safeSQLIdentificatorNaming(db)
foundTbls[db] = []
for tbl in tblList:
tbl = self.__safeSQLIdentificatorNaming(tbl, True)
tbl = safeSQLIdentificatorNaming(tbl, True)
infoMsg = "searching table"
if tblConsider == "1":
infoMsg += "s like"
infoMsg += " '%s'" % self.__unsafeSQLIdentificatorNaming(tbl)
infoMsg += " '%s'" % unsafeSQLIdentificatorNaming(tbl)
logger.info(infoMsg)
tblQuery = "%s%s" % (tblCond, tblCondParam)
tblQuery = tblQuery % self.__unsafeSQLIdentificatorNaming(tbl)
tblQuery = tblQuery % unsafeSQLIdentificatorNaming(tbl)
for db in foundTbls.keys():
db = self.__safeSQLIdentificatorNaming(db)
db = safeSQLIdentificatorNaming(db)
if conf.excludeSysDbs and db in self.excludeDbsList:
infoMsg = "skipping system database '%s'" % db
@ -196,7 +198,7 @@ class Enumeration(GenericEnumeration):
infoMsg = "fetching number of table"
if tblConsider == "1":
infoMsg += "s like"
infoMsg += " '%s' in database '%s'" % (self.__unsafeSQLIdentificatorNaming(tbl), self.__unsafeSQLIdentificatorNaming(db))
infoMsg += " '%s' in database '%s'" % (unsafeSQLIdentificatorNaming(tbl), unsafeSQLIdentificatorNaming(db))
logger.info(infoMsg)
query = rootQuery.blind.count2
@ -208,8 +210,8 @@ class Enumeration(GenericEnumeration):
warnMsg = "no table"
if tblConsider == "1":
warnMsg += "s like"
warnMsg += " '%s' " % self.__unsafeSQLIdentificatorNaming(tbl)
warnMsg += "in database '%s'" % self.__unsafeSQLIdentificatorNaming(db)
warnMsg += " '%s' " % unsafeSQLIdentificatorNaming(tbl)
warnMsg += "in database '%s'" % unsafeSQLIdentificatorNaming(db)
logger.warn(warnMsg)
continue
@ -245,25 +247,25 @@ class Enumeration(GenericEnumeration):
enumDbs = kb.data.cachedDbs
for db in enumDbs:
db = self.__safeSQLIdentificatorNaming(db)
db = safeSQLIdentificatorNaming(db)
dbs[db] = {}
for column in colList:
column = self.__safeSQLIdentificatorNaming(column)
column = safeSQLIdentificatorNaming(column)
infoMsg = "searching column"
if colConsider == "1":
infoMsg += "s like"
infoMsg += " '%s'" % self.__unsafeSQLIdentificatorNaming(column)
infoMsg += " '%s'" % unsafeSQLIdentificatorNaming(column)
logger.info(infoMsg)
foundCols[column] = {}
colQuery = "%s%s" % (colCond, colCondParam)
colQuery = colQuery % self.__unsafeSQLIdentificatorNaming(column)
colQuery = colQuery % unsafeSQLIdentificatorNaming(column)
for db in dbs.keys():
db = self.__safeSQLIdentificatorNaming(db)
db = safeSQLIdentificatorNaming(db)
if conf.excludeSysDbs and db in self.excludeDbsList:
infoMsg = "skipping system database '%s'" % db
@ -281,7 +283,7 @@ class Enumeration(GenericEnumeration):
values = [ values ]
for foundTbl in values:
foundTbl = self.__safeSQLIdentificatorNaming(foundTbl, True)
foundTbl = safeSQLIdentificatorNaming(foundTbl, True)
if foundTbl is None:
continue
@ -339,7 +341,7 @@ class Enumeration(GenericEnumeration):
tbl = inject.getValue(query, inband=False, error=False)
kb.hintValue = tbl
tbl = self.__safeSQLIdentificatorNaming(tbl, True)
tbl = safeSQLIdentificatorNaming(tbl, True)
if tbl not in dbs[db]:
dbs[db][tbl] = {}

14
plugins/dbms/oracle/enumeration.py
View File

@ -12,6 +12,8 @@ from lib.core.common import Backend
from lib.core.common import getRange
from lib.core.common import isNumPosStrValue
from lib.core.common import isTechniqueAvailable
from lib.core.common import safeSQLIdentificatorNaming
from lib.core.common import unsafeSQLIdentificatorNaming
from lib.core.data import conf
from lib.core.data import kb
from lib.core.data import logger
@ -181,21 +183,21 @@ class Enumeration(GenericEnumeration):
colConsider, colCondParam = self.likeOrExact("column")
for column in colList:
column = self.__safeSQLIdentificatorNaming(column)
column = safeSQLIdentificatorNaming(column)
infoMsg = "searching column"
if colConsider == "1":
infoMsg += "s like"
infoMsg += " '%s'" % self.__unsafeSQLIdentificatorNaming(column)
infoMsg += " '%s'" % unsafeSQLIdentificatorNaming(column)
logger.info(infoMsg)
foundCols[column] = {}
colQuery = "%s%s" % (colCond, colCondParam)
colQuery = colQuery % self.__unsafeSQLIdentificatorNaming(column)
colQuery = colQuery % unsafeSQLIdentificatorNaming(column)
for db in dbs.keys():
db = self.__safeSQLIdentificatorNaming(db)
db = safeSQLIdentificatorNaming(db)
if isTechniqueAvailable(PAYLOAD.TECHNIQUE.UNION) or isTechniqueAvailable(PAYLOAD.TECHNIQUE.ERROR) or conf.direct:
query = rootQuery.inband.query
@ -207,7 +209,7 @@ class Enumeration(GenericEnumeration):
values = [ values ]
for foundTbl in values:
foundTbl = self.__safeSQLIdentificatorNaming(foundTbl, True)
foundTbl = safeSQLIdentificatorNaming(foundTbl, True)
if foundTbl is None:
continue
@ -263,7 +265,7 @@ class Enumeration(GenericEnumeration):
tbl = inject.getValue(query, inband=False, error=False)
kb.hintValue = tbl
tbl = self.__safeSQLIdentificatorNaming(tbl, True)
tbl = safeSQLIdentificatorNaming(tbl, True)
if tbl not in dbs[db]:
dbs[db][tbl] = {}

158
plugins/generic/enumeration.py
View File

@ -29,8 +29,10 @@ from lib.core.common import pushValue
from lib.core.common import randomStr
from lib.core.common import readInput
from lib.core.common import safeStringFormat
from lib.core.common import safeSQLIdentificatorNaming
from lib.core.common import strToHex
from lib.core.common import unArrayizeValue
from lib.core.common import unsafeSQLIdentificatorNaming
from lib.core.convert import utf8decode
from lib.core.data import conf
from lib.core.data import kb
@ -750,7 +752,7 @@ class Enumeration:
else:
return tables
conf.db = self.__safeSQLIdentificatorNaming(conf.db)
conf.db = safeSQLIdentificatorNaming(conf.db)
if bruteForce:
resumeAvailable = False
@ -807,12 +809,12 @@ class Enumeration:
if "," in conf.db:
dbs = conf.db.split(",")
query += " WHERE "
query += " OR ".join("%s = '%s'" % (condition, self.__unsafeSQLIdentificatorNaming(db)) for db in dbs)
query += " OR ".join("%s = '%s'" % (condition, unsafeSQLIdentificatorNaming(db)) for db in dbs)
else:
query += " WHERE %s='%s'" % (condition, self.__unsafeSQLIdentificatorNaming(conf.db))
query += " WHERE %s='%s'" % (condition, unsafeSQLIdentificatorNaming(conf.db))
elif conf.excludeSysDbs:
query += " WHERE "
query += " AND ".join("%s != '%s'" % (condition, self.__unsafeSQLIdentificatorNaming(db)) for db in self.excludeDbsList)
query += " AND ".join("%s != '%s'" % (condition, unsafeSQLIdentificatorNaming(db)) for db in self.excludeDbsList)
infoMsg = "skipping system databases '%s'" % ", ".join(db for db in self.excludeDbsList)
logger.info(infoMsg)
@ -835,8 +837,8 @@ class Enumeration:
value = newValue
for db, table in value:
db = self.__safeSQLIdentificatorNaming(db)
table = self.__safeSQLIdentificatorNaming(table, True)
db = safeSQLIdentificatorNaming(db)
table = safeSQLIdentificatorNaming(table, True)
if not kb.data.cachedTables.has_key(db):
kb.data.cachedTables[db] = [table]
else:
@ -857,7 +859,7 @@ class Enumeration:
if Backend.getIdentifiedDbms() in (DBMS.SQLITE, DBMS.FIREBIRD, DBMS.MAXDB, DBMS.ACCESS):
query = rootQuery.blind.count
else:
query = rootQuery.blind.count % self.__unsafeSQLIdentificatorNaming(db)
query = rootQuery.blind.count % unsafeSQLIdentificatorNaming(db)
count = inject.getValue(query, inband=False, error=False, expected=EXPECTED.INT, charsetType=2)
if not isNumPosStrValue(count):
@ -882,10 +884,10 @@ class Enumeration:
elif Backend.getIdentifiedDbms() in (DBMS.SQLITE, DBMS.FIREBIRD):
query = rootQuery.blind.query % index
else:
query = rootQuery.blind.query % (self.__unsafeSQLIdentificatorNaming(db), index)
query = rootQuery.blind.query % (unsafeSQLIdentificatorNaming(db), index)
table = inject.getValue(query, inband=False, error=False)
kb.hintValue = table
table = self.__safeSQLIdentificatorNaming(table, True)
table = safeSQLIdentificatorNaming(table, True)
tables.append(table)
if tables:
@ -934,8 +936,8 @@ class Enumeration:
logger.error(errMsg)
bruteForce = True
conf.tbl = self.__safeSQLIdentificatorNaming(conf.tbl, True)
conf.db = self.__safeSQLIdentificatorNaming(conf.db)
conf.tbl = safeSQLIdentificatorNaming(conf.tbl, True)
conf.db = safeSQLIdentificatorNaming(conf.db)
if bruteForce:
resumeAvailable = False
@ -974,8 +976,8 @@ class Enumeration:
if Backend.getIdentifiedDbms() == DBMS.ORACLE:
conf.col = conf.col.upper()
colList = conf.col.split(",")
condQuery = " AND (" + " OR ".join("%s LIKE '%s'" % (condition, "%" + self.__unsafeSQLIdentificatorNaming(col) + "%") for col in colList) + ")"
infoMsg += "like '%s' " % ", ".join(self.__unsafeSQLIdentificatorNaming(col) for col in colList)
condQuery = " AND (" + " OR ".join("%s LIKE '%s'" % (condition, "%" + unsafeSQLIdentificatorNaming(col) + "%") for col in colList) + ")"
infoMsg += "like '%s' " % ", ".join(unsafeSQLIdentificatorNaming(col) for col in colList)
else:
condQuery = ""
@ -985,16 +987,16 @@ class Enumeration:
if isTechniqueAvailable(PAYLOAD.TECHNIQUE.UNION) or isTechniqueAvailable(PAYLOAD.TECHNIQUE.ERROR) or conf.direct:
if Backend.getIdentifiedDbms() in ( DBMS.MYSQL, DBMS.PGSQL ):
query = rootQuery.inband.query % (self.__unsafeSQLIdentificatorNaming(conf.tbl), self.__unsafeSQLIdentificatorNaming(conf.db))
query = rootQuery.inband.query % (unsafeSQLIdentificatorNaming(conf.tbl), unsafeSQLIdentificatorNaming(conf.db))
query += condQuery
elif Backend.getIdentifiedDbms() == DBMS.ORACLE:
query = rootQuery.inband.query % self.__unsafeSQLIdentificatorNaming(conf.tbl.upper())
query = rootQuery.inband.query % unsafeSQLIdentificatorNaming(conf.tbl.upper())
query += condQuery
elif Backend.getIdentifiedDbms() == DBMS.MSSQL:
query = rootQuery.inband.query % (conf.db, conf.db,
conf.db, conf.db,
conf.db, conf.db,
conf.db, self.__unsafeSQLIdentificatorNaming(conf.tbl))
conf.db, unsafeSQLIdentificatorNaming(conf.tbl))
query += condQuery.replace("[DB]", conf.db)
elif Backend.getIdentifiedDbms() == DBMS.SQLITE:
query = rootQuery.inband.query % conf.tbl
@ -1008,7 +1010,7 @@ class Enumeration:
columns = {}
for columnData in value:
name = self.__safeSQLIdentificatorNaming(columnData[0])
name = safeSQLIdentificatorNaming(columnData[0])
if len(columnData) == 1:
columns[name] = ""
@ -1025,16 +1027,16 @@ class Enumeration:
logger.info(infoMsg)
if Backend.getIdentifiedDbms() in ( DBMS.MYSQL, DBMS.PGSQL ):
query = rootQuery.blind.count % (self.__unsafeSQLIdentificatorNaming(conf.tbl), self.__unsafeSQLIdentificatorNaming(conf.db))
query = rootQuery.blind.count % (unsafeSQLIdentificatorNaming(conf.tbl), unsafeSQLIdentificatorNaming(conf.db))
query += condQuery
elif Backend.getIdentifiedDbms() == DBMS.ORACLE:
query = rootQuery.blind.count % self.__unsafeSQLIdentificatorNaming(conf.tbl.upper())
query = rootQuery.blind.count % unsafeSQLIdentificatorNaming(conf.tbl.upper())
query += condQuery
elif Backend.getIdentifiedDbms() in DBMS.MSSQL:
query = rootQuery.blind.count % (conf.db, conf.db, \
self.__unsafeSQLIdentificatorNaming(conf.tbl))
unsafeSQLIdentificatorNaming(conf.tbl))
query += condQuery.replace("[DB]", conf.db)
elif Backend.getIdentifiedDbms() == DBMS.FIREBIRD:
@ -1062,18 +1064,18 @@ class Enumeration:
for index in indexRange:
if Backend.getIdentifiedDbms() in ( DBMS.MYSQL, DBMS.PGSQL ):
query = rootQuery.blind.query % (self.__unsafeSQLIdentificatorNaming(conf.tbl), self.__unsafeSQLIdentificatorNaming(conf.db))
query = rootQuery.blind.query % (unsafeSQLIdentificatorNaming(conf.tbl), unsafeSQLIdentificatorNaming(conf.db))
query += condQuery
field = None
elif Backend.getIdentifiedDbms() == DBMS.ORACLE:
query = rootQuery.blind.query % self.__unsafeSQLIdentificatorNaming(conf.tbl.upper())
query = rootQuery.blind.query % unsafeSQLIdentificatorNaming(conf.tbl.upper())
query += condQuery
field = None
elif Backend.getIdentifiedDbms() in (DBMS.MSSQL, DBMS.SYBASE):
query = rootQuery.blind.query % (conf.db, conf.db,
conf.db, conf.db,
conf.db, conf.db,
self.__unsafeSQLIdentificatorNaming(conf.tbl))
unsafeSQLIdentificatorNaming(conf.tbl))
query += condQuery.replace("[DB]", conf.db)
field = condition.replace("[DB]", conf.db)
elif Backend.getIdentifiedDbms() == DBMS.FIREBIRD:
@ -1086,13 +1088,13 @@ class Enumeration:
if not onlyColNames:
if Backend.getIdentifiedDbms() in ( DBMS.MYSQL, DBMS.PGSQL ):
query = rootQuery.blind.query2 % (self.__unsafeSQLIdentificatorNaming(conf.tbl), column, self.__unsafeSQLIdentificatorNaming(conf.db))
query = rootQuery.blind.query2 % (unsafeSQLIdentificatorNaming(conf.tbl), column, unsafeSQLIdentificatorNaming(conf.db))
elif Backend.getIdentifiedDbms() == DBMS.ORACLE:
query = rootQuery.blind.query2 % (self.__unsafeSQLIdentificatorNaming(conf.tbl.upper()), column)
query = rootQuery.blind.query2 % (unsafeSQLIdentificatorNaming(conf.tbl.upper()), column)
elif Backend.getIdentifiedDbms() == DBMS.MSSQL:
query = rootQuery.blind.query2 % (conf.db, conf.db, conf.db,
conf.db, column, conf.db,
conf.db, conf.db, self.__unsafeSQLIdentificatorNaming(conf.tbl))
conf.db, conf.db, unsafeSQLIdentificatorNaming(conf.tbl))
elif Backend.getIdentifiedDbms() == DBMS.FIREBIRD:
query = rootQuery.blind.query2 % (conf.tbl, column)
@ -1101,10 +1103,10 @@ class Enumeration:
if Backend.getIdentifiedDbms() == DBMS.FIREBIRD:
colType = firebirdTypes[colType] if colType in firebirdTypes else colType
column = self.__safeSQLIdentificatorNaming(column)
column = safeSQLIdentificatorNaming(column)
columns[column] = colType
else:
column = self.__safeSQLIdentificatorNaming(column)
column = safeSQLIdentificatorNaming(column)
columns[column] = None
if columns:
@ -1209,40 +1211,6 @@ class Enumeration:
return entries, lengths
def __safeSQLIdentificatorNaming(self, value, isTable=False):
"""
Returns a safe representation of SQL identificator name
"""
retVal = value
if isinstance(value, basestring):
if isTable and Backend.getIdentifiedDbms() in (DBMS.MSSQL, DBMS.SYBASE) and '.' not in value:
value = "%s.%s" % (DEFAULT_MSSQL_SCHEMA, value)
parts = value.split('.')
for i in range(len(parts)):
if not re.match(r"\A[A-Za-z0-9_]+\Z", parts[i]):
if Backend.getIdentifiedDbms() in (DBMS.MYSQL, DBMS.ACCESS):
parts[i] = "`%s`" % parts[i].strip("`")
elif Backend.getIdentifiedDbms() in (DBMS.MSSQL, DBMS.ORACLE, DBMS.PGSQL):
parts[i] = "\"%s\"" % parts[i].strip("\"")
retVal = ".".join(parts)
return retVal
def __unsafeSQLIdentificatorNaming(self, value):
"""
Extracts identificator's name from it's safe SQL representation
"""
retVal = value
if isinstance(value, basestring):
if Backend.getIdentifiedDbms() in (DBMS.MYSQL, DBMS.ACCESS):
retVal = value.replace("`", "")
elif Backend.getIdentifiedDbms() in (DBMS.MSSQL, DBMS.ORACLE, DBMS.PGSQL):
retVal = value.replace("\"", "")
if Backend.getIdentifiedDbms() in (DBMS.MSSQL, DBMS.SYBASE):
retVal = retVal.lstrip("%s." % DEFAULT_MSSQL_SCHEMA)
return retVal
def dumpTable(self):
if not conf.tbl and not conf.col:
errMsg = "missing table parameter"
@ -1273,8 +1241,8 @@ class Enumeration:
rootQuery = queries[Backend.getIdentifiedDbms()].dump_table
conf.tbl = self.__safeSQLIdentificatorNaming(conf.tbl, True)
conf.db = self.__safeSQLIdentificatorNaming(conf.db)
conf.tbl = safeSQLIdentificatorNaming(conf.tbl, True)
conf.db = safeSQLIdentificatorNaming(conf.db)
if conf.col:
colList = conf.col.split(",")
@ -1605,23 +1573,23 @@ class Enumeration:
dbConsider, dbCondParam = self.likeOrExact("database")
for db in dbList:
db = self.__safeSQLIdentificatorNaming(db)
db = safeSQLIdentificatorNaming(db)
infoMsg = "searching database"
if dbConsider == "1":
infoMsg += "s like"
infoMsg += " '%s'" % self.__unsafeSQLIdentificatorNaming(db)
infoMsg += " '%s'" % unsafeSQLIdentificatorNaming(db)
logger.info(infoMsg)
if conf.excludeSysDbs:
exclDbsQuery = "".join(" AND '%s' != %s" % (self.__unsafeSQLIdentificatorNaming(db), dbCond) for db in self.excludeDbsList)
exclDbsQuery = "".join(" AND '%s' != %s" % (unsafeSQLIdentificatorNaming(db), dbCond) for db in self.excludeDbsList)
infoMsg = "skipping system databases '%s'" % ", ".join(db for db in self.excludeDbsList)
logger.info(infoMsg)
else:
exclDbsQuery = ""
dbQuery = "%s%s" % (dbCond, dbCondParam)
dbQuery = dbQuery % self.__unsafeSQLIdentificatorNaming(db)
dbQuery = dbQuery % unsafeSQLIdentificatorNaming(db)
if isTechniqueAvailable(PAYLOAD.TECHNIQUE.UNION) or isTechniqueAvailable(PAYLOAD.TECHNIQUE.ERROR) or conf.direct:
if Backend.getIdentifiedDbms() == DBMS.MYSQL and not kb.data.has_information_schema:
@ -1637,13 +1605,13 @@ class Enumeration:
values = [ values ]
for value in values:
value = self.__safeSQLIdentificatorNaming(value)
value = safeSQLIdentificatorNaming(value)
foundDbs.append(value)
else:
infoMsg = "fetching number of databases"
if dbConsider == "1":
infoMsg += "s like"
infoMsg += " '%s'" % self.__unsafeSQLIdentificatorNaming(db)
infoMsg += " '%s'" % unsafeSQLIdentificatorNaming(db)
logger.info(infoMsg)
if Backend.getIdentifiedDbms() == DBMS.MYSQL and not kb.data.has_information_schema:
@ -1658,7 +1626,7 @@ class Enumeration:
warnMsg = "no database"
if dbConsider == "1":
warnMsg += "s like"
warnMsg += " '%s' found" % self.__unsafeSQLIdentificatorNaming(db)
warnMsg += " '%s' found" % unsafeSQLIdentificatorNaming(db)
logger.warn(warnMsg)
continue
@ -1675,7 +1643,7 @@ class Enumeration:
query = agent.limitQuery(index, query, dbCond)
value = inject.getValue(query, inband=False, error=False)
value = self.__safeSQLIdentificatorNaming(value)
value = safeSQLIdentificatorNaming(value)
foundDbs.append(value)
return foundDbs
@ -1715,7 +1683,7 @@ class Enumeration:
tblConsider, tblCondParam = self.likeOrExact("table")
for tbl in tblList:
tbl = self.__safeSQLIdentificatorNaming(tbl, True)
tbl = safeSQLIdentificatorNaming(tbl, True)
if Backend.getIdentifiedDbms() == DBMS.ORACLE:
tbl = tbl.upper()
@ -1723,11 +1691,11 @@ class Enumeration:
infoMsg = "searching table"
if tblConsider == "1":
infoMsg += "s like"
infoMsg += " '%s'" % self.__unsafeSQLIdentificatorNaming(tbl)
infoMsg += " '%s'" % unsafeSQLIdentificatorNaming(tbl)
logger.info(infoMsg)
if conf.excludeSysDbs:
exclDbsQuery = "".join(" AND '%s' != %s" % (self.__unsafeSQLIdentificatorNaming(db), dbCond) for db in self.excludeDbsList)
exclDbsQuery = "".join(" AND '%s' != %s" % (unsafeSQLIdentificatorNaming(db), dbCond) for db in self.excludeDbsList)
infoMsg = "skipping system databases '%s'" % ", ".join(db for db in self.excludeDbsList)
logger.info(infoMsg)
else:
@ -1747,8 +1715,8 @@ class Enumeration:
values = [ values ]
for foundDb, foundTbl in values:
foundDb = self.__safeSQLIdentificatorNaming(foundDb)
foundTbl = self.__safeSQLIdentificatorNaming(foundTbl, True)
foundDb = safeSQLIdentificatorNaming(foundDb)
foundTbl = safeSQLIdentificatorNaming(foundTbl, True)
if foundDb is None or foundTbl is None:
continue
@ -1761,7 +1729,7 @@ class Enumeration:
infoMsg = "fetching number of databases with table"
if tblConsider == "1":
infoMsg += "s like"
infoMsg += " '%s'" % self.__unsafeSQLIdentificatorNaming(tbl)
infoMsg += " '%s'" % unsafeSQLIdentificatorNaming(tbl)
logger.info(infoMsg)
query = rootQuery.blind.count
@ -1773,7 +1741,7 @@ class Enumeration:
warnMsg = "no databases have table"
if tblConsider == "1":
warnMsg += "s like"
warnMsg += " '%s'" % self.__unsafeSQLIdentificatorNaming(tbl)
warnMsg += " '%s'" % unsafeSQLIdentificatorNaming(tbl)
logger.warn(warnMsg)
continue
@ -1786,7 +1754,7 @@ class Enumeration:
query += exclDbsQuery
query = agent.limitQuery(index, query)
foundDb = inject.getValue(query, inband=False, error=False)
foundDb = self.__safeSQLIdentificatorNaming(foundDb)
foundDb = safeSQLIdentificatorNaming(foundDb)
if foundDb not in foundTbls:
foundTbls[foundDb] = []
@ -1798,16 +1766,16 @@ class Enumeration:
continue
for db in foundTbls.keys():
db = self.__safeSQLIdentificatorNaming(db)
db = safeSQLIdentificatorNaming(db)
infoMsg = "fetching number of table"
if tblConsider == "1":
infoMsg += "s like"
infoMsg += " '%s' in database '%s'" % (self.__unsafeSQLIdentificatorNaming(tbl), db)
infoMsg += " '%s' in database '%s'" % (unsafeSQLIdentificatorNaming(tbl), db)
logger.info(infoMsg)
query = rootQuery.blind.count2
query = query % self.__unsafeSQLIdentificatorNaming(db)
query = query % unsafeSQLIdentificatorNaming(db)
query += " AND %s" % tblQuery
count = inject.getValue(query, inband=False, error=False, expected=EXPECTED.INT, charsetType=2)
@ -1815,7 +1783,7 @@ class Enumeration:
warnMsg = "no table"
if tblConsider == "1":
warnMsg += "s like"
warnMsg += " '%s' " % self.__unsafeSQLIdentificatorNaming(tbl)
warnMsg += " '%s' " % unsafeSQLIdentificatorNaming(tbl)
warnMsg += "in database '%s'" % db
logger.warn(warnMsg)
@ -1825,12 +1793,12 @@ class Enumeration:
for index in indexRange:
query = rootQuery.blind.query2
query = query % self.__unsafeSQLIdentificatorNaming(db)
query = query % unsafeSQLIdentificatorNaming(db)
query += " AND %s" % tblQuery
query = agent.limitQuery(index, query)
foundTbl = inject.getValue(query, inband=False, error=False)
kb.hintValue = foundTbl
foundTbl = self.__safeSQLIdentificatorNaming(foundTbl, True)
foundTbl = safeSQLIdentificatorNaming(foundTbl, True)
foundTbls[db].append(foundTbl)
return foundTbls
@ -1879,12 +1847,12 @@ class Enumeration:
colConsider, colCondParam = self.likeOrExact("column")
for column in colList:
column = self.__safeSQLIdentificatorNaming(column)
column = safeSQLIdentificatorNaming(column)
infoMsg = "searching column"
if colConsider == "1":
infoMsg += "s like"
infoMsg += " '%s'" % self.__unsafeSQLIdentificatorNaming(column)
infoMsg += " '%s'" % unsafeSQLIdentificatorNaming(column)
logger.info(infoMsg)
foundCols[column] = {}
@ -1897,7 +1865,7 @@ class Enumeration:
exclDbsQuery = ""
colQuery = "%s%s" % (colCond, colCondParam)
colQuery = colQuery % self.__unsafeSQLIdentificatorNaming(column)
colQuery = colQuery % unsafeSQLIdentificatorNaming(column)
if isTechniqueAvailable(PAYLOAD.TECHNIQUE.UNION) or isTechniqueAvailable(PAYLOAD.TECHNIQUE.ERROR) or conf.direct:
query = rootQuery.inband.query
@ -1910,8 +1878,8 @@ class Enumeration:
values = [ values ]
for foundDb, foundTbl in values:
foundDb = self.__safeSQLIdentificatorNaming(foundDb)
foundTbl = self.__safeSQLIdentificatorNaming(foundTbl, True)
foundDb = safeSQLIdentificatorNaming(foundDb)
foundTbl = safeSQLIdentificatorNaming(foundTbl, True)
if foundDb is None or foundTbl is None:
continue
@ -1967,7 +1935,7 @@ class Enumeration:
query += exclDbsQuery
query = agent.limitQuery(index, query)
db = inject.getValue(query, inband=False, error=False)
db = self.__safeSQLIdentificatorNaming(db)
db = safeSQLIdentificatorNaming(db)
if db not in dbs:
dbs[db] = {}
@ -1980,12 +1948,12 @@ class Enumeration:
colQuery = colQuery % column
for db in dbData:
db = self.__safeSQLIdentificatorNaming(db)
db = safeSQLIdentificatorNaming(db)
infoMsg = "fetching number of tables containing column"
if colConsider == "1":
infoMsg += "s like"
infoMsg += " '%s' in database '%s'" % (self.__unsafeSQLIdentificatorNaming(column), db)
infoMsg += " '%s' in database '%s'" % (unsafeSQLIdentificatorNaming(column), db)
logger.info(infoMsg)
query = rootQuery.blind.count2
@ -2013,7 +1981,7 @@ class Enumeration:
tbl = inject.getValue(query, inband=False, error=False)
kb.hintValue = tbl
tbl = self.__safeSQLIdentificatorNaming(tbl, True)
tbl = safeSQLIdentificatorNaming(tbl, True)
if tbl not in dbs[db]:
dbs[db][tbl] = {}

20
txt/common-tables.txt
View File

@ -1802,9 +1802,7 @@ dealers
diary
download
Dragon_users
e107.e107_user
e107_user
forum.ibf_members
fusion_user_groups
fusion_users
ibf_admin_sessions
@ -1815,7 +1813,6 @@ ibf_sessions
icq
index
info
ipb.ibf_members
ipb_sessions
joomla_users
jos_blastchatc_users
@ -1851,7 +1848,6 @@ mitglieder
movie
mybb_users
mysql
mysql.user
name
names
news_lostpass
@ -1873,9 +1869,7 @@ phorum_user
phorum_users
phpads_clients
phpads_config
phpBB2.forum_users
phpBB2.phpbb_users
phpmyadmin.pma_table_info
forum_users
poll_user
punbb_users
pwd
@ -1885,8 +1879,7 @@ reg_users
registered
reguser
regusers
shop.cards
shop.orders
cards
site_login
site_logins
sitelogin
@ -2258,7 +2251,6 @@ pwd1
jhu
webapps
ASP
ASP.NET
Microsoft
sing
singup
@ -3177,7 +3169,7 @@ cdb_banned
cdb_crons
cdb_access
cdb_invites
dbo.sysmergeschemaarticles
sysmergeschemaarticles
CodeRuleType
cdb_membermagics
cdb_imagetypes
@ -3189,7 +3181,7 @@ cdb_adminsessions
pw_adminset
seen
t_snap
dbo.MSmerge_altsyncpartners
MSmerge_altsyncpartners
zl_deeds
pw_styles
pw_announce
@ -3222,7 +3214,7 @@ cdb_pluginhooks
mymps_member_docutype
wp1_categories
cdb_magicmarket
dbo.MSmerge_errorlineage
MSmerge_errorlineage
cdb_activities
zl_baoming
cdb_orders
@ -3257,7 +3249,7 @@ Market
mymps_config
mymps_mail_template
mymps_advertisement
dbo.MSrepl_identity_range
MSrepl_identity_range
pw_favors
mymps_crons
pw_config