sqlmapproject/sqlmap
1
1
Fork 0
mirror of https://github.com/sqlmapproject/sqlmap.git synced 2025-01-24 16:24:25 +03:00
Code Issues Packages Projects Releases Wiki Activity

some more Sybase updates

Browse Source
This commit is contained in:
Miroslav Stampar 2011-02-19 18:04:27 +00:00
parent cec7694aac
commit b71bb321dd
4 changed files with 87 additions and 33 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
lib/core/agent.py
View File

@ -639,7 +639,7 @@ class Agent:
limitedQuery = limitedQuery % fromFrom limitedQuery = limitedQuery % fromFrom
limitedQuery += "=%d" % (num + 1) limitedQuery += "=%d" % (num + 1)
elif Backend.getIdentifiedDbms() in (DBMS.MSSQL, DBMS.SYBASE): elif Backend.getIdentifiedDbms() == DBMS.MSSQL:
forgeNotIn = True forgeNotIn = True
if " ORDER BY " in limitedQuery: if " ORDER BY " in limitedQuery:

77
plugins/dbms/sybase/enumeration.py
View File

@ -7,9 +7,86 @@ Copyright (c) 2006-2010 sqlmap developers (http://sqlmap.sourceforge.net/)
See the file 'doc/COPYING' for copying permission See the file 'doc/COPYING' for copying permission
""" """
from lib.core.common import Backend
from lib.core.common import isTechniqueAvailable
from lib.core.common import randomStr
from lib.core.data import conf
from lib.core.data import kb
from lib.core.data import logger
from lib.core.data import queries
from lib.core.dicts import sybaseTypes
from lib.core.enums import PAYLOAD
from lib.core.exception import sqlmapUnsupportedFeatureException from lib.core.exception import sqlmapUnsupportedFeatureException
from plugins.generic.enumeration import Enumeration as GenericEnumeration from plugins.generic.enumeration import Enumeration as GenericEnumeration
class Enumeration(GenericEnumeration): class Enumeration(GenericEnumeration):
def __init__(self): def __init__(self):
GenericEnumeration.__init__(self) GenericEnumeration.__init__(self)
def getUsers(self):
infoMsg = "fetching database users"
logger.info(infoMsg)
rootQuery = queries[Backend.getIdentifiedDbms()].users
randStr = randomStr()
query = rootQuery.inband.query
if isTechniqueAvailable(PAYLOAD.TECHNIQUE.UNION) or isTechniqueAvailable(PAYLOAD.TECHNIQUE.ERROR) or conf.direct:
blinds = [False, True]
else:
blinds = [True]
for blind in blinds:
retVal = self.__pivotDumpTable("(%s) AS %s" % (query, randStr), ['%s.name' % randStr], blind=blind)
if retVal:
kb.data.cachedUsers = retVal[0].values()[0]
break
return kb.data.cachedUsers
def getColumns(self, onlyColNames=False):
if "." in conf.tbl:
conf.db, conf.tbl = conf.tbl.split(".")
self.forceDbmsEnum()
if not conf.db:
warnMsg = "missing database parameter, sqlmap is going to "
warnMsg += "use the current database to enumerate table "
warnMsg += "'%s' columns" % conf.tbl
logger.warn(warnMsg)
conf.db = self.getCurrentDb()
rootQuery = queries[Backend.getIdentifiedDbms()].columns
condition = rootQuery.blind.condition if 'condition' in rootQuery.blind else None
infoMsg = "fetching columns "
infoMsg += "for table '%s' " % conf.tbl
infoMsg += "on database '%s'" % conf.db
logger.info(infoMsg)
if isTechniqueAvailable(PAYLOAD.TECHNIQUE.UNION) or isTechniqueAvailable(PAYLOAD.TECHNIQUE.ERROR) or conf.direct:
blinds = [False, True]
else:
blinds = [True]
for blind in blinds:
randStr = randomStr()
query = rootQuery.inband.query % (conf.db, conf.db, conf.db, conf.db, conf.db, conf.db, conf.db, conf.tbl)
retVal = self.__pivotDumpTable("(%s) AS %s" % (query, randStr), ['%s.name' % randStr,'%s.usertype' % randStr], blind=blind)
if retVal:
table = {}
columns = {}
for name, type_ in zip(retVal[0]["%s.name" % randStr], retVal[0]["%s.usertype" % randStr]):
columns[name] = sybaseTypes[type_] if type_ else None
table[conf.tbl] = columns
kb.data.cachedColumns[conf.db] = table
break
return kb.data.cachedColumns

25
plugins/generic/enumeration.py
View File

@ -37,7 +37,6 @@ from lib.core.data import logger
from lib.core.data import paths from lib.core.data import paths
from lib.core.data import queries from lib.core.data import queries
from lib.core.dicts import firebirdTypes from lib.core.dicts import firebirdTypes
from lib.core.dicts import sybaseTypes
from lib.core.enums import DBMS from lib.core.enums import DBMS
from lib.core.enums import EXPECTED from lib.core.enums import EXPECTED
from lib.core.enums import PAYLOAD from lib.core.enums import PAYLOAD
@ -1040,23 +1039,6 @@ class Enumeration:
parseSqliteTableSchema(value) parseSqliteTableSchema(value)
return kb.data.cachedColumns return kb.data.cachedColumns
elif Backend.getIdentifiedDbms() == DBMS.SYBASE:
randStr = randomStr()
query = rootQuery.inband.query % (conf.db, conf.db, conf.db, conf.db, conf.db, conf.db, conf.db, conf.tbl)
retVal = self.__pivotDumpTable("(%s) AS %s" % (query, randStr), ['%s.name' % randStr,'%s.usertype' % randStr], blind=True)
if retVal:
table = {}
columns = {}
for name, type_ in zip(retVal[0]["%s.name" % randStr], retVal[0]["%s.usertype" % randStr]):
columns[name] = sybaseTypes[type_] if type_ else None
table[conf.tbl] = columns
kb.data.cachedColumns[conf.db] = table
return kb.data.cachedColumns
count = inject.getValue(query, inband=False, error=False, expected=EXPECTED.INT, charsetType=2) count = inject.getValue(query, inband=False, error=False, expected=EXPECTED.INT, charsetType=2)
if not isNumPosStrValue(count): if not isNumPosStrValue(count):
@ -1149,7 +1131,6 @@ class Enumeration:
logger.info(infoMsg) logger.info(infoMsg)
query = dumpNode.count2 % (column, table) query = dumpNode.count2 % (column, table)
if blind: if blind:
value = inject.getValue(query, inband=False, error=False) value = inject.getValue(query, inband=False, error=False)
else: else:
@ -1312,7 +1293,7 @@ class Enumeration:
else: else:
query = rootQuery.inband.query % (colString, conf.db, conf.tbl) query = rootQuery.inband.query % (colString, conf.db, conf.tbl)
if not (Backend.getIdentifiedDbms() == DBMS.MYSQL and entries): if not entries:
entries = inject.getValue(query, blind=False, dump=True) entries = inject.getValue(query, blind=False, dump=True)
if entries: if entries:
@ -1381,14 +1362,10 @@ class Enumeration:
try: try:
if Backend.getIdentifiedDbms() in (DBMS.ACCESS, DBMS.SYBASE): if Backend.getIdentifiedDbms() in (DBMS.ACCESS, DBMS.SYBASE):
validColumnList = False
validPivotValue = False
if DBMS.ACCESS: if DBMS.ACCESS:
table = conf.tbl table = conf.tbl
elif DBMS.SYBASE: elif DBMS.SYBASE:
table = "%s..%s" % (conf.db, conf.tbl) table = "%s..%s" % (conf.db, conf.tbl)
entries, lengths = self.__pivotDumpTable(table, colList, count, blind=True) entries, lengths = self.__pivotDumpTable(table, colList, count, blind=True)
else: else:

16
xml/queries.xml
View File

@ -489,22 +489,22 @@
<current_db query="SELECT DB_NAME()"/> <current_db query="SELECT DB_NAME()"/>
<is_dba query="PATINDEX('%sa_role%', SHOW_ROLE())>0"/> <is_dba query="PATINDEX('%sa_role%', SHOW_ROLE())>0"/>
<users> <users>
<inband query="SELECT name FROM master..syslogins ORDER BY 1"/> <inband query="SELECT name FROM master..syslogins"/>
<blind query="SELECT MIN(name) FROM master..syslogins WHERE name > '%s'" count="SELECT LTRIM(STR(COUNT(name))) FROM master..syslogins"/> <blind/>
</users> </users>
<passwords> <passwords>
<inband query="SELECT name, password FROM master..syslogins" condition="name"/> <inband query="SELECT name, password FROM master..syslogins" condition="name"/>
<blind query="SELECT MIN(password) FROM master..syslogins WHERE name='%s'" count="SELECT LTRIM(STR(COUNT(password))) FROM master..syslogins WHERE name='%s'"/> <blind/>
</passwords> </passwords>
<privileges/> <privileges/>
<roles/> <roles/>
<dbs> <dbs>
<inband query="SELECT name FROM master..sysdatabases ORDER BY 1"/> <inband query="SELECT name FROM master..sysdatabases ORDER BY 1"/>
<blind query="SELECT MIN(name) FROM master..sysdatabases WHERE name > '%s'" count="SELECT LTRIM(STR(COUNT(name))) FROM master..sysdatabases"/> <blind/>
</dbs> </dbs>
<tables> <tables>
<inband query="SELECT name FROM %s..sysobjects WHERE type IN ('U') ORDER BY 1"/> <inband query="SELECT name FROM %s..sysobjects WHERE type IN ('U') ORDER BY 1"/>
<blind query="SELECT MIN(name) FROM %s..sysobjects WHERE type IN ('U') AND name > '%s'" count="SELECT LTRIM(STR(COUNT(name))) FROM %s..sysobjects WHERE type IN ('U')"/> <blind/>
</tables> </tables>
<columns> <columns>
<inband query="SELECT %s..syscolumns.name,%s..syscolumns.usertype FROM %s..syscolumns, %s..sysobjects WHERE %s..syscolumns.id=%s..sysobjects.id AND %s..sysobjects.name='%s'" condition="[DB]..syscolumns.name"/> <inband query="SELECT %s..syscolumns.name,%s..syscolumns.usertype FROM %s..syscolumns, %s..sysobjects WHERE %s..syscolumns.id=%s..sysobjects.id AND %s..sysobjects.name='%s'" condition="[DB]..syscolumns.name"/>
@ -516,15 +516,15 @@
</dump_table> </dump_table>
<search_db> <search_db>
<inband query="SELECT name FROM master..sysdatabases WHERE " condition="name"/> <inband query="SELECT name FROM master..sysdatabases WHERE " condition="name"/>
<blind query="SELECT name FROM master..sysdatabases WHERE " count="SELECT LTRIM(STR(COUNT(name))) FROM master..sysdatabases WHERE " condition="name"/> <blind/>
</search_db> </search_db>
<search_table> <search_table>
<inband query="SELECT name FROM %s..sysobjects WHERE type IN ('U') AND " condition="name" condition2="name"/> <inband query="SELECT name FROM %s..sysobjects WHERE type IN ('U') AND " condition="name" condition2="name"/>
<blind query="" query2="SELECT name FROM %s..sysobjects WHERE type IN ('U') " count="" count2="SELECT LTRIM(STR(COUNT(name))) FROM %s..sysobjects WHERE type IN ('U')" condition="name" condition2="name"/> <blind/>
</search_table> </search_table>
<search_column> <search_column>
<inband query="SELECT %s..sysobjects.name FROM %s..syscolumns, %s..sysobjects WHERE %s..syscolumns.id=%s..sysobjects.id" condition="[DB]..syscolumns.name"/> <inband query="SELECT %s..sysobjects.name FROM %s..syscolumns, %s..sysobjects WHERE %s..syscolumns.id=%s..sysobjects.id" condition="[DB]..syscolumns.name"/>
<blind query="" query2="SELECT %s..sysobjects.name FROM %s..syscolumns, %s..sysobjects WHERE %s..syscolumns.id=%s..sysobjects.id" count="" count2="SELECT COUNT(%s..sysobjects.name) FROM %s..syscolumns, %s..sysobjects WHERE %s..syscolumns.id=%s..sysobjects.id" condition="[DB]..syscolumns.name"/> <blind/>
</search_column> </search_column>
</dbms> </dbms>
</root> </root>