sqlmapproject/sqlmap
1
1
Fork 0
mirror of https://github.com/sqlmapproject/sqlmap.git synced 2025-01-24 00:04:23 +03:00
Code Issues Packages Projects Releases Wiki Activity

implemented --banner for MaxDB and some minor fixes

Browse Source
This commit is contained in:
Miroslav Stampar 2010-11-02 20:51:55 +00:00
parent 49bf34ffd9
commit cd0d4135ac
7 changed files with 17 additions and 59 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

3
extra/xmlobject/xmlobject.py
View File

@ -479,6 +479,9 @@ class XMLNode:
else:
raise IndexError(idx)
def __contains__(self, k):
return self._has_key(k)
def _addNode(self, child):
"""
Tries to append a child node to the tree, and returns it

2
lib/core/dump.py
View File

@ -148,7 +148,7 @@ class Dump:
dbTables.sort(key=lambda x: x.lower())
self.__write("Brute-forced databases:")
self.__write("Brute-forced tables:")
if len(dbTables) == 1:
self.__write("[1 table]")

10
lib/techniques/blind/inference.py
View File

@ -31,6 +31,7 @@ from lib.core.exception import sqlmapValueException
from lib.core.exception import sqlmapThreadException
from lib.core.exception import unhandledException
from lib.core.progress import ProgressBar
from lib.core.settings import DBMS
from lib.core.unescaper import unescaper
from lib.request.connect import Connect as Request
@ -114,7 +115,7 @@ def bisection(payload, expression, length=None, charsetType=None, firstChar=None
hintlock.release()
if hintValue is not None and len(hintValue) >= idx:
if kb.dbms in ("SQLite", "Microsoft Access", "SAP MaxDB"):
if kb.dbms in (DBMS.SQLITE, DBMS.ACCESS, DBMS.MAXDB):
posValue = hintValue[idx-1]
else:
posValue = ord(hintValue[idx-1])
@ -166,7 +167,7 @@ def bisection(payload, expression, length=None, charsetType=None, firstChar=None
position = (len(charTbl) >> 1)
posValue = charTbl[position]
if kb.dbms in ("SQLite", "Microsoft Access", "SAP MaxDB"):
if kb.dbms in (DBMS.SQLITE, DBMS.ACCESS, DBMS.MAXDB):
pushValue(posValue)
posValue = chr(posValue) if posValue < 128 else unichr(posValue)
@ -175,7 +176,7 @@ def bisection(payload, expression, length=None, charsetType=None, firstChar=None
queriesCount[0] += 1
result = Request.queryPage(forgedPayload)
if kb.dbms in ("SQLite", "Microsoft Access", "SAP MaxDB"):
if kb.dbms in (DBMS.SQLITE, DBMS.ACCESS, DBMS.MAXDB):
posValue = popValue()
if result:
@ -491,6 +492,9 @@ def bisection(payload, expression, length=None, charsetType=None, firstChar=None
if val is None or ( lastChar > 0 and index > lastChar ):
break
if kb.data.processChar:
val = kb.data.processChar(val)
finalValue += val
dataToSessionFile(replaceNewlineTabs(val))

9
plugins/dbms/maxdb/enumeration.py
View File

@ -7,6 +7,7 @@ Copyright (c) 2006-2010 sqlmap developers (http://sqlmap.sourceforge.net/)
See the file 'doc/COPYING' for copying permission
"""
from lib.core.data import kb
from lib.core.data import logger
from lib.core.settings import DBMS
@ -15,6 +16,8 @@ from plugins.generic.enumeration import Enumeration as GenericEnumeration
class Enumeration(GenericEnumeration):
def __init__(self):
GenericEnumeration.__init__(self, DBMS.MAXDB)
kb.data.processChar = lambda x: x.replace('_', ' ') if x else x
def getDbs(self):
warnMsg = "on SAP MaxDB it is not possible to enumerate databases"
@ -22,12 +25,6 @@ class Enumeration(GenericEnumeration):
return []
def getBanner(self):
warnMsg = "on SAP MaxDB it is not possible to get a banner"
logger.warn(warnMsg)
return None
def getPasswordHashes(self):
warnMsg = "on SAP MaxDB it is not possible to enumerate the user password hashes"
logger.warn(warnMsg)

47
plugins/dbms/maxdb/syntax.py
View File

@ -16,55 +16,8 @@ class Syntax(GenericSyntax):
@staticmethod
def unescape(expression, quote=True):
if quote:
while True:
index = expression.find("'")
if index == -1:
break
firstIndex = index + 1
index = expression[firstIndex:].find("'")
if index == -1:
raise sqlmapSyntaxException, "Unenclosed ' in '%s'" % expression
lastIndex = firstIndex + index
old = "'%s'" % expression[firstIndex:lastIndex]
#unescaped = "("
unescaped = ""
for i in range(firstIndex, lastIndex):
unescaped += "CHR(%d)" % (ord(expression[i]))
if i < lastIndex - 1:
unescaped += "||"
#unescaped += ")"
expression = expression.replace(old, unescaped)
else:
expression = "||".join("CHR(%d)" % ord(c) for c in expression)
return expression
@staticmethod
def escape(expression):
while True:
index = expression.find("CHR(")
if index == -1:
break
firstIndex = index
index = expression[firstIndex:].find("))")
if index == -1:
raise sqlmapSyntaxException, "Unenclosed ) in '%s'" % expression
lastIndex = firstIndex + index + 1
old = expression[firstIndex:lastIndex]
oldUpper = old.upper()
oldUpper = oldUpper.replace("CHR(", "").replace(")", "")
oldUpper = oldUpper.split("||")
escaped = "'%s'" % "".join([chr(int(char)) for char in oldUpper])
expression = expression.replace(old, escaped)
return expression

1
plugins/generic/enumeration.py
View File

@ -63,6 +63,7 @@ class Enumeration:
kb.data.cachedTables = {}
kb.data.cachedColumns = {}
kb.data.dumpedTable = {}
kb.data.processChar = None
kb.misc.testedDbms = dbms
def getBanner(self):

4
xml/queries.xml
View File

@ -420,13 +420,13 @@
<!-- SAP MaxDB -->
<dbms value="SAP MaxDB">
<length query="LENGTH(%s)"/>
<inference/>
<timedelay/>
<banner query="SELECT ID FROM SYSINFO.VERSION"/>
<isnull query="VALUE(%s,' ')" query2="IFNULL(%s, ' ')"/>
<comment query="--" query2="#"/>
<count query="COUNT(%s)"/>
<cast query="CHR(%s)"/>
<!-- No real cast on SAP MaxDB -->
<cast query="REPLACE(%s, ' ', '_')"/>
<current_user query="SELECT USER() FROM DUAL"/>
<current_db query="SELECT DATABASE() FROM DUAL"/>
<order query="ORDER BY %s ASC"/>