sqlmapproject/sqlmap
1
1
Fork 0
mirror of https://github.com/sqlmapproject/sqlmap.git synced 2025-02-03 13:14:13 +03:00
Code Issues Packages Projects Releases Wiki Activity

some progress regarding SYBASE

Browse Source
This commit is contained in:
Miroslav Stampar 2011-02-19 14:56:58 +00:00
parent e0efe453ab
commit cec7694aac
2 changed files with 61 additions and 32 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

56
lib/core/dicts.py
View File

@ -25,32 +25,32 @@ firebirdTypes = {
} }
sybaseTypes = { sybaseTypes = {
"14","floatn" "14":"floatn",
"8","float" "8":"float",
"15","datetimn" "15":"datetimn",
"12","datetime" "12":"datetime",
"23","real" "23":"real",
"28","numericn" "28":"numericn",
"10","numeric" "10":"numeric",
"27","decimaln" "27":"decimaln",
"26","decimal" "26":"decimal",
"17","moneyn" "17":"moneyn",
"11","money" "11":"money",
"21","smallmoney" "21":"smallmoney",
"22","smalldatetime" "22":"smalldatetime",
"13","intn" "13":"intn",
"7","int" "7":"int",
"6","smallint" "6":"smallint",
"5","tinyint" "5":"tinyint",
"16","bit" "16":"bit",
"2","varchar" "2":"varchar",
"18","sysname" "18":"sysname",
"25","nvarchar" "25":"nvarchar",
"1","char" "1":"char",
"24","nchar" "24":"nchar",
"4","varbinary" "4":"varbinary",
"80","timestamp" "80":"timestamp",
"3","binary" "3":"binary",
"19","text" "19":"text",
"20","image" "20":"image",
} }

37
plugins/generic/enumeration.py
View File

@ -1021,20 +1021,39 @@ class Enumeration:
if Backend.getIdentifiedDbms() in ( DBMS.MYSQL, DBMS.PGSQL ): if Backend.getIdentifiedDbms() in ( DBMS.MYSQL, DBMS.PGSQL ):
query = rootQuery.blind.count % (conf.tbl, conf.db) query = rootQuery.blind.count % (conf.tbl, conf.db)
query += condQuery query += condQuery
elif Backend.getIdentifiedDbms() == DBMS.ORACLE: elif Backend.getIdentifiedDbms() == DBMS.ORACLE:
query = rootQuery.blind.count % conf.tbl.upper() query = rootQuery.blind.count % conf.tbl.upper()
query += condQuery query += condQuery
elif Backend.getIdentifiedDbms() in (DBMS.MSSQL, DBMS.SYBASE):
elif Backend.getIdentifiedDbms() in DBMS.MSSQL:
query = rootQuery.blind.count % (conf.db, conf.db, conf.tbl) query = rootQuery.blind.count % (conf.db, conf.db, conf.tbl)
query += condQuery.replace("[DB]", conf.db) query += condQuery.replace("[DB]", conf.db)
elif Backend.getIdentifiedDbms() == DBMS.FIREBIRD: elif Backend.getIdentifiedDbms() == DBMS.FIREBIRD:
query = rootQuery.blind.count % (conf.tbl) query = rootQuery.blind.count % (conf.tbl)
query += condQuery query += condQuery
elif Backend.getIdentifiedDbms() == DBMS.SQLITE: elif Backend.getIdentifiedDbms() == DBMS.SQLITE:
query = rootQuery.blind.query % conf.tbl query = rootQuery.blind.query % conf.tbl
value = inject.getValue(query, inband=False, error=False) value = inject.getValue(query, inband=False, error=False)
parseSqliteTableSchema(value) parseSqliteTableSchema(value)
return kb.data.cachedColumns
elif Backend.getIdentifiedDbms() == DBMS.SYBASE:
randStr = randomStr()
query = rootQuery.inband.query % (conf.db, conf.db, conf.db, conf.db, conf.db, conf.db, conf.db, conf.tbl)
retVal = self.__pivotDumpTable("(%s) AS %s" % (query, randStr), ['%s.name' % randStr,'%s.usertype' % randStr], blind=True)
if retVal:
table = {}
columns = {}
for name, type_ in zip(retVal[0]["%s.name" % randStr], retVal[0]["%s.usertype" % randStr]):
columns[name] = sybaseTypes[type_] if type_ else None
table[conf.tbl] = columns
kb.data.cachedColumns[conf.db] = table
return kb.data.cachedColumns return kb.data.cachedColumns
@ -1108,19 +1127,29 @@ class Enumeration:
return kb.data.cachedColumns return kb.data.cachedColumns
def __pivotDumpTable(self, dumpNode, table, colList, count, blind=True): def __pivotDumpTable(self, table, colList, count=None, blind=True):
lengths = {} lengths = {}
entries = {} entries = {}
dumpNode = queries[Backend.getIdentifiedDbms()].dump_table.blind
validColumnList = False validColumnList = False
validPivotValue = False validPivotValue = False
if not count:
query = dumpNode.count % table
if blind:
count = inject.getValue(query, inband=False, error=False)
else:
count = inject.getValue(query, blind=False)
for column in colList: for column in colList:
infoMsg = "fetching number of distinct " infoMsg = "fetching number of distinct "
infoMsg += "values for column '%s'" % column infoMsg += "values for column '%s'" % column
logger.info(infoMsg) logger.info(infoMsg)
query = dumpNode.count2 % (column, table) query = dumpNode.count2 % (column, table)
if blind: if blind:
value = inject.getValue(query, inband=False, error=False) value = inject.getValue(query, inband=False, error=False)
else: else:
@ -1360,7 +1389,7 @@ class Enumeration:
elif DBMS.SYBASE: elif DBMS.SYBASE:
table = "%s..%s" % (conf.db, conf.tbl) table = "%s..%s" % (conf.db, conf.tbl)
entries, lengths = self.__pivotDumpTable(rootQuery.blind, table, colList, count, blind=True) entries, lengths = self.__pivotDumpTable(table, colList, count, blind=True)
else: else:
if Backend.getIdentifiedDbms() in (DBMS.ORACLE, DBMS.MSSQL, DBMS.SYBASE): if Backend.getIdentifiedDbms() in (DBMS.ORACLE, DBMS.MSSQL, DBMS.SYBASE):