diff --git a/lib/core/common.py b/lib/core/common.py index 2aff1af7d..154a87a78 100644 --- a/lib/core/common.py +++ b/lib/core/common.py @@ -1684,10 +1684,12 @@ def isNumPosStrValue(value): def aliasToDbmsEnum(value): retVal = None + for key, item in dbmsDict.items(): if value in item[0]: retVal = key break + return retVal def removeDynamicContent(page): @@ -1702,3 +1704,15 @@ def removeDynamicContent(page): page = getCompiledRegex('(?s)%s.+%s' % (prefix, suffix)).sub('%s%s' % (prefix, suffix), page) return page + + +def isDBMSVersionAtLeast(version): + retVal = None + + if version: + if not isinstance(version, basestring): + version = str(version) + if kb.dbmsVersion and kb.dbmsVersion[0] != "Unknown" and kb.dbmsVersion[0] != None: + retVal = kb.dbmsVersion[0] >= version + + return retVal diff --git a/plugins/dbms/firebird/fingerprint.py b/plugins/dbms/firebird/fingerprint.py index d46446a45..ff1a7bb7e 100644 --- a/plugins/dbms/firebird/fingerprint.py +++ b/plugins/dbms/firebird/fingerprint.py @@ -130,13 +130,10 @@ class Fingerprint(GenericFingerprint): setDbms(DBMS.FIREBIRD) - self.getBanner() - - if not conf.extensiveFp: - return True - kb.dbmsVersion = [self.__sysTablesCheck()] + self.getBanner() + return True else: warnMsg = "the back-end DBMS is not Firebird" diff --git a/plugins/dbms/firebird/syntax.py b/plugins/dbms/firebird/syntax.py index eccabf456..ca4c01bdd 100644 --- a/plugins/dbms/firebird/syntax.py +++ b/plugins/dbms/firebird/syntax.py @@ -7,6 +7,8 @@ Copyright (c) 2006-2010 sqlmap developers (http://sqlmap.sourceforge.net/) See the file 'doc/COPYING' for copying permission """ +from lib.core.data import kb +from lib.core.common import isDBMSVersionAtLeast from lib.core.exception import sqlmapSyntaxException from plugins.generic.syntax import Syntax as GenericSyntax @@ -21,57 +23,58 @@ class Syntax(GenericSyntax): @staticmethod def unescape(expression, quote=True): - #if quote: - #while True: - #index = expression.find("'") - #if index == -1: - #break + if isDBMSVersionAtLeast('2.1'): + if quote: + while True: + index = expression.find("'") + if index == -1: + break - #firstIndex = index + 1 - #index = expression[firstIndex:].find("'") + firstIndex = index + 1 + index = expression[firstIndex:].find("'") - #if index == -1: - #raise sqlmapSyntaxException, "Unenclosed ' in '%s'" % expression + if index == -1: + raise sqlmapSyntaxException, "Unenclosed ' in '%s'" % expression - #lastIndex = firstIndex + index - #old = "'%s'" % expression[firstIndex:lastIndex] - #unescaped = "" + lastIndex = firstIndex + index + old = "'%s'" % expression[firstIndex:lastIndex] + unescaped = "" - #for i in range(firstIndex, lastIndex): - #unescaped += "ASCII_CHAR(%d)" % (ord(expression[i])) - #if i < lastIndex - 1: - #unescaped += "||" + for i in range(firstIndex, lastIndex): + unescaped += "ASCII_CHAR(%d)" % (ord(expression[i])) + if i < lastIndex - 1: + unescaped += "||" - #expression = expression.replace(old, unescaped) - #else: - #unescaped = "".join("ASCII_CHAR(%d)||" % ord(c) for c in expression) - #if unescaped[-1] == "||": - #unescaped = unescaped[:-1] + expression = expression.replace(old, unescaped) + else: + unescaped = "".join("ASCII_CHAR(%d)||" % ord(c) for c in expression) + if unescaped[-1] == "||": + unescaped = unescaped[:-1] - #expression = unescaped + expression = unescaped return expression @staticmethod def escape(expression): - #while True: - #index = expression.find("ASCII_CHAR(") - #if index == -1: - #break + while True: + index = expression.find("ASCII_CHAR(") + if index == -1: + break - #firstIndex = index - #index = expression[firstIndex:].find(")") + firstIndex = index + index = expression[firstIndex:].find(")") - #if index == -1: - #raise sqlmapSyntaxException, "Unenclosed ) in '%s'" % expression + if index == -1: + raise sqlmapSyntaxException, "Unenclosed ) in '%s'" % expression - #lastIndex = firstIndex + index + 1 - #old = expression[firstIndex:lastIndex] - #oldUpper = old.upper() - #oldUpper = oldUpper.lstrip("ASCII_CHAR(").rstrip(")") - #oldUpper = oldUpper.split("||") + lastIndex = firstIndex + index + 1 + old = expression[firstIndex:lastIndex] + oldUpper = old.upper() + oldUpper = oldUpper.lstrip("ASCII_CHAR(").rstrip(")") + oldUpper = oldUpper.split("||") - #escaped = "'%s'" % "".join([chr(int(char)) for char in oldUpper]) - #expression = expression.replace(old, escaped).replace("'||'", "") + escaped = "'%s'" % "".join([chr(int(char)) for char in oldUpper]) + expression = expression.replace(old, escaped).replace("'||'", "") return expression diff --git a/plugins/dbms/sqlite/fingerprint.py b/plugins/dbms/sqlite/fingerprint.py index 567793620..3a8f6f301 100644 --- a/plugins/dbms/sqlite/fingerprint.py +++ b/plugins/dbms/sqlite/fingerprint.py @@ -93,17 +93,14 @@ class Fingerprint(GenericFingerprint): logger.warn(warnMsg) return False + else: + result = inject.checkBooleanExpression("RANDOMBLOB(-1)>0") + kb.dbmsVersion = [ '3' if result else '2' ] setDbms(DBMS.SQLITE) self.getBanner() - if not conf.extensiveFp: - return True - - version = inject.getValue("SELECT SUBSTR((SQLITE_VERSION()), 1, 1)", unpack=False, charsetType=2, suppressOutput=True) - kb.dbmsVersion = [ version ] - return True else: warnMsg = "the back-end DBMS is not SQLite"