From cd0d4135ace3b9d287b8441dc7cb4b8b4790db18 Mon Sep 17 00:00:00 2001 From: Miroslav Stampar Date: Tue, 2 Nov 2010 20:51:55 +0000 Subject: [PATCH] implemented --banner for MaxDB and some minor fixes --- extra/xmlobject/xmlobject.py | 3 ++ lib/core/dump.py | 2 +- lib/techniques/blind/inference.py | 10 +++++-- plugins/dbms/maxdb/enumeration.py | 9 ++---- plugins/dbms/maxdb/syntax.py | 47 ------------------------------- plugins/generic/enumeration.py | 1 + xml/queries.xml | 4 +-- 7 files changed, 17 insertions(+), 59 deletions(-) diff --git a/extra/xmlobject/xmlobject.py b/extra/xmlobject/xmlobject.py index 26584d283..2768912b6 100644 --- a/extra/xmlobject/xmlobject.py +++ b/extra/xmlobject/xmlobject.py @@ -479,6 +479,9 @@ class XMLNode: else: raise IndexError(idx) + def __contains__(self, k): + return self._has_key(k) + def _addNode(self, child): """ Tries to append a child node to the tree, and returns it diff --git a/lib/core/dump.py b/lib/core/dump.py index 74409278c..ea59465ee 100644 --- a/lib/core/dump.py +++ b/lib/core/dump.py @@ -148,7 +148,7 @@ class Dump: dbTables.sort(key=lambda x: x.lower()) - self.__write("Brute-forced databases:") + self.__write("Brute-forced tables:") if len(dbTables) == 1: self.__write("[1 table]") diff --git a/lib/techniques/blind/inference.py b/lib/techniques/blind/inference.py index baf2b68ec..b382b5c3b 100644 --- a/lib/techniques/blind/inference.py +++ b/lib/techniques/blind/inference.py @@ -31,6 +31,7 @@ from lib.core.exception import sqlmapValueException from lib.core.exception import sqlmapThreadException from lib.core.exception import unhandledException from lib.core.progress import ProgressBar +from lib.core.settings import DBMS from lib.core.unescaper import unescaper from lib.request.connect import Connect as Request @@ -114,7 +115,7 @@ def bisection(payload, expression, length=None, charsetType=None, firstChar=None hintlock.release() if hintValue is not None and len(hintValue) >= idx: - if kb.dbms in ("SQLite", "Microsoft Access", "SAP MaxDB"): + if kb.dbms in (DBMS.SQLITE, DBMS.ACCESS, DBMS.MAXDB): posValue = hintValue[idx-1] else: posValue = ord(hintValue[idx-1]) @@ -166,7 +167,7 @@ def bisection(payload, expression, length=None, charsetType=None, firstChar=None position = (len(charTbl) >> 1) posValue = charTbl[position] - if kb.dbms in ("SQLite", "Microsoft Access", "SAP MaxDB"): + if kb.dbms in (DBMS.SQLITE, DBMS.ACCESS, DBMS.MAXDB): pushValue(posValue) posValue = chr(posValue) if posValue < 128 else unichr(posValue) @@ -175,7 +176,7 @@ def bisection(payload, expression, length=None, charsetType=None, firstChar=None queriesCount[0] += 1 result = Request.queryPage(forgedPayload) - if kb.dbms in ("SQLite", "Microsoft Access", "SAP MaxDB"): + if kb.dbms in (DBMS.SQLITE, DBMS.ACCESS, DBMS.MAXDB): posValue = popValue() if result: @@ -491,6 +492,9 @@ def bisection(payload, expression, length=None, charsetType=None, firstChar=None if val is None or ( lastChar > 0 and index > lastChar ): break + if kb.data.processChar: + val = kb.data.processChar(val) + finalValue += val dataToSessionFile(replaceNewlineTabs(val)) diff --git a/plugins/dbms/maxdb/enumeration.py b/plugins/dbms/maxdb/enumeration.py index ba42084bd..b32277a17 100644 --- a/plugins/dbms/maxdb/enumeration.py +++ b/plugins/dbms/maxdb/enumeration.py @@ -7,6 +7,7 @@ Copyright (c) 2006-2010 sqlmap developers (http://sqlmap.sourceforge.net/) See the file 'doc/COPYING' for copying permission """ +from lib.core.data import kb from lib.core.data import logger from lib.core.settings import DBMS @@ -15,6 +16,8 @@ from plugins.generic.enumeration import Enumeration as GenericEnumeration class Enumeration(GenericEnumeration): def __init__(self): GenericEnumeration.__init__(self, DBMS.MAXDB) + + kb.data.processChar = lambda x: x.replace('_', ' ') if x else x def getDbs(self): warnMsg = "on SAP MaxDB it is not possible to enumerate databases" @@ -22,12 +25,6 @@ class Enumeration(GenericEnumeration): return [] - def getBanner(self): - warnMsg = "on SAP MaxDB it is not possible to get a banner" - logger.warn(warnMsg) - - return None - def getPasswordHashes(self): warnMsg = "on SAP MaxDB it is not possible to enumerate the user password hashes" logger.warn(warnMsg) diff --git a/plugins/dbms/maxdb/syntax.py b/plugins/dbms/maxdb/syntax.py index 141beeefd..e749d3448 100644 --- a/plugins/dbms/maxdb/syntax.py +++ b/plugins/dbms/maxdb/syntax.py @@ -16,55 +16,8 @@ class Syntax(GenericSyntax): @staticmethod def unescape(expression, quote=True): - if quote: - while True: - index = expression.find("'") - if index == -1: - break - - firstIndex = index + 1 - index = expression[firstIndex:].find("'") - - if index == -1: - raise sqlmapSyntaxException, "Unenclosed ' in '%s'" % expression - - lastIndex = firstIndex + index - old = "'%s'" % expression[firstIndex:lastIndex] - #unescaped = "(" - unescaped = "" - - for i in range(firstIndex, lastIndex): - unescaped += "CHR(%d)" % (ord(expression[i])) - if i < lastIndex - 1: - unescaped += "||" - - #unescaped += ")" - expression = expression.replace(old, unescaped) - else: - expression = "||".join("CHR(%d)" % ord(c) for c in expression) - return expression @staticmethod def escape(expression): - while True: - index = expression.find("CHR(") - if index == -1: - break - - firstIndex = index - index = expression[firstIndex:].find("))") - - if index == -1: - raise sqlmapSyntaxException, "Unenclosed ) in '%s'" % expression - - lastIndex = firstIndex + index + 1 - old = expression[firstIndex:lastIndex] - oldUpper = old.upper() - oldUpper = oldUpper.replace("CHR(", "").replace(")", "") - oldUpper = oldUpper.split("||") - - escaped = "'%s'" % "".join([chr(int(char)) for char in oldUpper]) - expression = expression.replace(old, escaped) - return expression diff --git a/plugins/generic/enumeration.py b/plugins/generic/enumeration.py index a8ddf9313..4755b039d 100644 --- a/plugins/generic/enumeration.py +++ b/plugins/generic/enumeration.py @@ -63,6 +63,7 @@ class Enumeration: kb.data.cachedTables = {} kb.data.cachedColumns = {} kb.data.dumpedTable = {} + kb.data.processChar = None kb.misc.testedDbms = dbms def getBanner(self): diff --git a/xml/queries.xml b/xml/queries.xml index 8b74ca22f..3b0d4b6bc 100644 --- a/xml/queries.xml +++ b/xml/queries.xml @@ -420,13 +420,13 @@ - - + +