Fixes (old) Informix escaping

2025-01-23 15:54:24 +03:00 · 2017-12-11 10:44:47 +01:00 · 2017-12-11 10:44:47 +01:00 · dde1178100
commit dde1178100
parent 638dbf255a
5 changed files with 22 additions and 13 deletions
--- a/lib/core/common.py
+++ b/lib/core/common.py
@ -9,6 +9,7 @@ import codecs
 import contextlib
 import cookielib
 import copy
+import distutils
 import getpass
 import hashlib
 import httplib
@ -2908,7 +2909,7 @@ def isDBMSVersionAtLeast(version):
            elif value.startswith(">"):
                value = float(value.replace("<", "")) - 0.01

-        retVal = getUnicode(value) >= getUnicode(version)
+        retVal = distutils.version.LooseVersion(getUnicode(value)) < distutils.version.LooseVersion(getUnicode(version))

    return retVal

--- a/lib/core/settings.py
+++ b/lib/core/settings.py
@ -19,7 +19,7 @@ from lib.core.enums import DBMS_DIRECTORY_NAME
 from lib.core.enums import OS

 # sqlmap version (<major>.<minor>.<month>.<monthly commit>)
-VERSION = "1.1.12.7"
+VERSION = "1.1.12.8"
 TYPE = "dev" if VERSION.count('.') > 2 and VERSION.split('.')[-1] != '0' else "stable"
 TYPE_COLORS = {"dev": 33, "stable": 90, "pip": 34}
 VERSION_STRING = "sqlmap/%s#%s" % ('.'.join(VERSION.split('.')[:-1]) if VERSION.count('.') > 2 and VERSION.split('.')[-1] == '0' else VERSION, TYPE)
--- a/plugins/dbms/informix/fingerprint.py
+++ b/plugins/dbms/informix/fingerprint.py
@ -80,6 +80,10 @@ class Fingerprint(GenericFingerprint):

                return False

+            # Determine if it is Informix >= 11.70
+            if inject.checkBooleanExpression("CHR(32)=' '"):
+                Backend.setVersion(">= 11.70")
+
            setDbms(DBMS.INFORMIX)

            self.getBanner()
--- a/plugins/dbms/informix/syntax.py
+++ b/plugins/dbms/informix/syntax.py
@ -7,6 +7,7 @@ See the file 'LICENSE' for copying permission

 import re

+from lib.core.common import isDBMSVersionAtLeast
 from lib.core.common import randomStr
 from plugins.generic.syntax import Syntax as GenericSyntax

@ -24,14 +25,17 @@ class Syntax(GenericSyntax):
        def escaper(value):
            return "||".join("CHR(%d)" % ord(_) for _ in value)

-        excluded = {}
-        for _ in re.findall(r"DBINFO\([^)]+\)", expression):
-            excluded[_] = randomStr()
-            expression = expression.replace(_, excluded[_])
+        retVal = expression

-        retVal = Syntax._escape(expression, quote, escaper)
+        if isDBMSVersionAtLeast("11.70"):
+            excluded = {}
+            for _ in re.findall(r"DBINFO\([^)]+\)", expression):
+                excluded[_] = randomStr()
+                expression = expression.replace(_, excluded[_])

-        for _ in excluded.items():
-            retVal = retVal.replace(_[1], _[0])
+            retVal = Syntax._escape(expression, quote, escaper)
+
+            for _ in excluded.items():
+                retVal = retVal.replace(_[1], _[0])

        return retVal
--- a/txt/checksum.md5
+++ b/txt/checksum.md5
@ -27,7 +27,7 @@ d2cdb9e832e18a81e936ca3348144b16  lib/controller/handler.py
 5fb9aaf874daa47ea2b672a22740e56b  lib/controller/__init__.py
 f8a7165253874a9ce0c6e0d089e5fb8c  lib/core/agent.py
 8d9d771f7e67582c56a96a8d0ccbe4fc  lib/core/bigarray.py
-b17569e569c6ca695e6a5c063875b322  lib/core/common.py
+e623cc771c75bcf6afdf4e54d935114e  lib/core/common.py
 54326d3a690f8b26fe5a5da1a589b369  lib/core/convert.py
 90b1b08368ac8a859300e6fa6a8c796e  lib/core/data.py
 1c14bdbf47b8dba31f73da9ad731a54a  lib/core/datatype.py
@ -46,7 +46,7 @@ f872699e948d0692ce11b54781da814c  lib/core/log.py
 760d9df2a27ded29109b390ab202e72d  lib/core/replication.py
 a2466b62e67f8b31736bac4dac590e51  lib/core/revision.py
 02d4762140a72fd44668d3dab5eabda9  lib/core/session.py
-337545ac8dad16abc298b71b1d1c4364  lib/core/settings.py
+d111e43fa67fa4eeb8db57aa291eee47  lib/core/settings.py
 35bffbad762eb9e03db9e93b1c991103  lib/core/shell.py
 a59ec28371ae067a6fdd8f810edbee3d  lib/core/subprocessng.py
 d93501771b41315f9fb949305b6ed257  lib/core/target.py
@ -147,9 +147,9 @@ ce832d87eadbe42fc03248e254c2a7aa  plugins/dbms/hsqldb/syntax.py
 d8b4a18a79528b01ff6cda31ad3ad057  plugins/dbms/informix/connector.py
 066af83abb12298abb289353e5c00831  plugins/dbms/informix/enumeration.py
 6fe7d6928c98e66571e2ba674363ca9e  plugins/dbms/informix/filesystem.py
-581194b06baef15726fcc18d53f74131  plugins/dbms/informix/fingerprint.py
+14705fe9c3b253ab5232582af182da53  plugins/dbms/informix/fingerprint.py
 9351f8d93ddb7d18902a78792138eba7  plugins/dbms/informix/__init__.py
-de5b094e9094c20ea185516f680c2e11  plugins/dbms/informix/syntax.py
+6fe5ff4a3678d1cf2bee5695cb4b335a  plugins/dbms/informix/syntax.py
 ad8a1007d23c2f63950d820297a40131  plugins/dbms/informix/takeover.py
 5fb9aaf874daa47ea2b672a22740e56b  plugins/dbms/__init__.py
 5ad8280cdfb7f09b008f3ed79ae5b4bf  plugins/dbms/maxdb/connector.py