sqlmapproject/sqlmap
1
1
Fork 0
mirror of https://github.com/sqlmapproject/sqlmap.git synced 2025-01-24 00:04:23 +03:00
Code Issues Packages Projects Releases Wiki Activity

implemented --banner for MaxDB and some minor fixes

Browse Source
This commit is contained in:
Miroslav Stampar 2010-11-02 20:51:55 +00:00
parent 49bf34ffd9
commit cd0d4135ac
7 changed files with 17 additions and 59 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

3
extra/xmlobject/xmlobject.py
View File

@ -479,6 +479,9 @@ class XMLNode:
else: else:
raise IndexError(idx) raise IndexError(idx)
def __contains__(self, k):
return self._has_key(k)
def _addNode(self, child): def _addNode(self, child):
""" """
Tries to append a child node to the tree, and returns it Tries to append a child node to the tree, and returns it

2
lib/core/dump.py
View File

@ -148,7 +148,7 @@ class Dump:
dbTables.sort(key=lambda x: x.lower()) dbTables.sort(key=lambda x: x.lower())
self.__write("Brute-forced databases:") self.__write("Brute-forced tables:")
if len(dbTables) == 1: if len(dbTables) == 1:
self.__write("[1 table]") self.__write("[1 table]")

10
lib/techniques/blind/inference.py
View File

@ -31,6 +31,7 @@ from lib.core.exception import sqlmapValueException
from lib.core.exception import sqlmapThreadException from lib.core.exception import sqlmapThreadException
from lib.core.exception import unhandledException from lib.core.exception import unhandledException
from lib.core.progress import ProgressBar from lib.core.progress import ProgressBar
from lib.core.settings import DBMS
from lib.core.unescaper import unescaper from lib.core.unescaper import unescaper
from lib.request.connect import Connect as Request from lib.request.connect import Connect as Request
@ -114,7 +115,7 @@ def bisection(payload, expression, length=None, charsetType=None, firstChar=None
hintlock.release() hintlock.release()
if hintValue is not None and len(hintValue) >= idx: if hintValue is not None and len(hintValue) >= idx:
if kb.dbms in ("SQLite", "Microsoft Access", "SAP MaxDB"): if kb.dbms in (DBMS.SQLITE, DBMS.ACCESS, DBMS.MAXDB):
posValue = hintValue[idx-1] posValue = hintValue[idx-1]
else: else:
posValue = ord(hintValue[idx-1]) posValue = ord(hintValue[idx-1])
@ -166,7 +167,7 @@ def bisection(payload, expression, length=None, charsetType=None, firstChar=None
position = (len(charTbl) >> 1) position = (len(charTbl) >> 1)
posValue = charTbl[position] posValue = charTbl[position]
if kb.dbms in ("SQLite", "Microsoft Access", "SAP MaxDB"): if kb.dbms in (DBMS.SQLITE, DBMS.ACCESS, DBMS.MAXDB):
pushValue(posValue) pushValue(posValue)
posValue = chr(posValue) if posValue < 128 else unichr(posValue) posValue = chr(posValue) if posValue < 128 else unichr(posValue)
@ -175,7 +176,7 @@ def bisection(payload, expression, length=None, charsetType=None, firstChar=None
queriesCount[0] += 1 queriesCount[0] += 1
result = Request.queryPage(forgedPayload) result = Request.queryPage(forgedPayload)
if kb.dbms in ("SQLite", "Microsoft Access", "SAP MaxDB"): if kb.dbms in (DBMS.SQLITE, DBMS.ACCESS, DBMS.MAXDB):
posValue = popValue() posValue = popValue()
if result: if result:
@ -491,6 +492,9 @@ def bisection(payload, expression, length=None, charsetType=None, firstChar=None
if val is None or ( lastChar > 0 and index > lastChar ): if val is None or ( lastChar > 0 and index > lastChar ):
break break
if kb.data.processChar:
val = kb.data.processChar(val)
finalValue += val finalValue += val
dataToSessionFile(replaceNewlineTabs(val)) dataToSessionFile(replaceNewlineTabs(val))

9
plugins/dbms/maxdb/enumeration.py
View File

@ -7,6 +7,7 @@ Copyright (c) 2006-2010 sqlmap developers (http://sqlmap.sourceforge.net/)
See the file 'doc/COPYING' for copying permission See the file 'doc/COPYING' for copying permission
""" """
from lib.core.data import kb
from lib.core.data import logger from lib.core.data import logger
from lib.core.settings import DBMS from lib.core.settings import DBMS
@ -15,6 +16,8 @@ from plugins.generic.enumeration import Enumeration as GenericEnumeration
class Enumeration(GenericEnumeration): class Enumeration(GenericEnumeration):
def __init__(self): def __init__(self):
GenericEnumeration.__init__(self, DBMS.MAXDB) GenericEnumeration.__init__(self, DBMS.MAXDB)
kb.data.processChar = lambda x: x.replace('_', ' ') if x else x
def getDbs(self): def getDbs(self):
warnMsg = "on SAP MaxDB it is not possible to enumerate databases" warnMsg = "on SAP MaxDB it is not possible to enumerate databases"
@ -22,12 +25,6 @@ class Enumeration(GenericEnumeration):
return [] return []
def getBanner(self):
warnMsg = "on SAP MaxDB it is not possible to get a banner"
logger.warn(warnMsg)
return None
def getPasswordHashes(self): def getPasswordHashes(self):
warnMsg = "on SAP MaxDB it is not possible to enumerate the user password hashes" warnMsg = "on SAP MaxDB it is not possible to enumerate the user password hashes"
logger.warn(warnMsg) logger.warn(warnMsg)

47
plugins/dbms/maxdb/syntax.py
View File

@ -16,55 +16,8 @@ class Syntax(GenericSyntax):
@staticmethod @staticmethod
def unescape(expression, quote=True): def unescape(expression, quote=True):
if quote:
while True:
index = expression.find("'")
if index == -1:
break
firstIndex = index + 1
index = expression[firstIndex:].find("'")
if index == -1:
raise sqlmapSyntaxException, "Unenclosed ' in '%s'" % expression
lastIndex = firstIndex + index
old = "'%s'" % expression[firstIndex:lastIndex]
#unescaped = "("
unescaped = ""
for i in range(firstIndex, lastIndex):
unescaped += "CHR(%d)" % (ord(expression[i]))
if i < lastIndex - 1:
unescaped += "||"
#unescaped += ")"
expression = expression.replace(old, unescaped)
else:
expression = "||".join("CHR(%d)" % ord(c) for c in expression)
return expression return expression
@staticmethod @staticmethod
def escape(expression): def escape(expression):
while True:
index = expression.find("CHR(")
if index == -1:
break
firstIndex = index
index = expression[firstIndex:].find("))")
if index == -1:
raise sqlmapSyntaxException, "Unenclosed ) in '%s'" % expression
lastIndex = firstIndex + index + 1
old = expression[firstIndex:lastIndex]
oldUpper = old.upper()
oldUpper = oldUpper.replace("CHR(", "").replace(")", "")
oldUpper = oldUpper.split("||")
escaped = "'%s'" % "".join([chr(int(char)) for char in oldUpper])
expression = expression.replace(old, escaped)
return expression return expression

1
plugins/generic/enumeration.py
View File

@ -63,6 +63,7 @@ class Enumeration:
kb.data.cachedTables = {} kb.data.cachedTables = {}
kb.data.cachedColumns = {} kb.data.cachedColumns = {}
kb.data.dumpedTable = {} kb.data.dumpedTable = {}
kb.data.processChar = None
kb.misc.testedDbms = dbms kb.misc.testedDbms = dbms
def getBanner(self): def getBanner(self):

4
xml/queries.xml
View File

@ -420,13 +420,13 @@
<!-- SAP MaxDB --> <!-- SAP MaxDB -->
<dbms value="SAP MaxDB"> <dbms value="SAP MaxDB">
<length query="LENGTH(%s)"/> <length query="LENGTH(%s)"/>
<inference/>
<timedelay/> <timedelay/>
<banner query="SELECT ID FROM SYSINFO.VERSION"/> <banner query="SELECT ID FROM SYSINFO.VERSION"/>
<isnull query="VALUE(%s,' ')" query2="IFNULL(%s, ' ')"/> <isnull query="VALUE(%s,' ')" query2="IFNULL(%s, ' ')"/>
<comment query="--" query2="#"/> <comment query="--" query2="#"/>
<count query="COUNT(%s)"/> <count query="COUNT(%s)"/>
<cast query="CHR(%s)"/> <!-- No real cast on SAP MaxDB -->
<cast query="REPLACE(%s, ' ', '_')"/>
<current_user query="SELECT USER() FROM DUAL"/> <current_user query="SELECT USER() FROM DUAL"/>
<current_db query="SELECT DATABASE() FROM DUAL"/> <current_db query="SELECT DATABASE() FROM DUAL"/>
<order query="ORDER BY %s ASC"/> <order query="ORDER BY %s ASC"/>