mirror of
https://github.com/sqlmapproject/sqlmap.git
synced 2024-11-29 04:53:48 +03:00
Update regarding #3418 (fallback for MsSQL's --passwords)
This commit is contained in:
parent
ddee027afb
commit
de0df99d8e
|
@ -19,7 +19,7 @@ from lib.core.enums import DBMS_DIRECTORY_NAME
|
||||||
from lib.core.enums import OS
|
from lib.core.enums import OS
|
||||||
|
|
||||||
# sqlmap version (<major>.<minor>.<month>.<monthly commit>)
|
# sqlmap version (<major>.<minor>.<month>.<monthly commit>)
|
||||||
VERSION = "1.2.12.40"
|
VERSION = "1.2.12.41"
|
||||||
TYPE = "dev" if VERSION.count('.') > 2 and VERSION.split('.')[-1] != '0' else "stable"
|
TYPE = "dev" if VERSION.count('.') > 2 and VERSION.split('.')[-1] != '0' else "stable"
|
||||||
TYPE_COLORS = {"dev": 33, "stable": 90, "pip": 34}
|
TYPE_COLORS = {"dev": 33, "stable": 90, "pip": 34}
|
||||||
VERSION_STRING = "sqlmap/%s#%s" % ('.'.join(VERSION.split('.')[:-1]) if VERSION.count('.') > 2 and VERSION.split('.')[-1] == '0' else VERSION, TYPE)
|
VERSION_STRING = "sqlmap/%s#%s" % ('.'.join(VERSION.split('.')[:-1]) if VERSION.count('.') > 2 and VERSION.split('.')[-1] == '0' else VERSION, TYPE)
|
||||||
|
|
|
@ -201,6 +201,9 @@ class Users:
|
||||||
else:
|
else:
|
||||||
values = inject.getValue(query, blind=False, time=False)
|
values = inject.getValue(query, blind=False, time=False)
|
||||||
|
|
||||||
|
if isNoneValue(values) and Backend.isDbms(DBMS.MSSQL):
|
||||||
|
values = inject.getValue(query.replace("master.dbo.fn_varbintohexstr", "sys.fn_sqlvarbasetostr"), blind=False, time=False)
|
||||||
|
|
||||||
for user, password in filterPairValues(values):
|
for user, password in filterPairValues(values):
|
||||||
if not user or user == " ":
|
if not user or user == " ":
|
||||||
continue
|
continue
|
||||||
|
@ -213,6 +216,8 @@ class Users:
|
||||||
kb.data.cachedUsersPasswords[user].append(password)
|
kb.data.cachedUsersPasswords[user].append(password)
|
||||||
|
|
||||||
if not kb.data.cachedUsersPasswords and isInferenceAvailable() and not conf.direct:
|
if not kb.data.cachedUsersPasswords and isInferenceAvailable() and not conf.direct:
|
||||||
|
fallback = False
|
||||||
|
|
||||||
if not len(users):
|
if not len(users):
|
||||||
users = self.getUsers()
|
users = self.getUsers()
|
||||||
|
|
||||||
|
@ -263,6 +268,10 @@ class Users:
|
||||||
|
|
||||||
count = inject.getValue(query, union=False, error=False, expected=EXPECTED.INT, charsetType=CHARSET_TYPE.DIGITS)
|
count = inject.getValue(query, union=False, error=False, expected=EXPECTED.INT, charsetType=CHARSET_TYPE.DIGITS)
|
||||||
|
|
||||||
|
if not isNumPosStrValue(count) and Backend.isDbms(DBMS.MSSQL):
|
||||||
|
fallback = True
|
||||||
|
count = inject.getValue(query.replace("master.dbo.fn_varbintohexstr", "sys.fn_sqlvarbasetostr"), union=False, error=False, expected=EXPECTED.INT, charsetType=CHARSET_TYPE.DIGITS)
|
||||||
|
|
||||||
if not isNumPosStrValue(count):
|
if not isNumPosStrValue(count):
|
||||||
warnMsg = "unable to retrieve the number of password "
|
warnMsg = "unable to retrieve the number of password "
|
||||||
warnMsg += "hashes for user '%s'" % user
|
warnMsg += "hashes for user '%s'" % user
|
||||||
|
@ -283,10 +292,16 @@ class Users:
|
||||||
query = rootQuery.blind.query2 % (user, index, user)
|
query = rootQuery.blind.query2 % (user, index, user)
|
||||||
else:
|
else:
|
||||||
query = rootQuery.blind.query % (user, index, user)
|
query = rootQuery.blind.query % (user, index, user)
|
||||||
|
|
||||||
|
if fallback:
|
||||||
|
query = query.replace("master.dbo.fn_varbintohexstr", "sys.fn_sqlvarbasetostr")
|
||||||
|
|
||||||
elif Backend.isDbms(DBMS.INFORMIX):
|
elif Backend.isDbms(DBMS.INFORMIX):
|
||||||
query = rootQuery.blind.query % (user,)
|
query = rootQuery.blind.query % (user,)
|
||||||
|
|
||||||
elif Backend.isDbms(DBMS.HSQLDB):
|
elif Backend.isDbms(DBMS.HSQLDB):
|
||||||
query = rootQuery.blind.query % (index, user)
|
query = rootQuery.blind.query % (index, user)
|
||||||
|
|
||||||
else:
|
else:
|
||||||
query = rootQuery.blind.query % (user, index)
|
query = rootQuery.blind.query % (user, index)
|
||||||
|
|
||||||
|
|
|
@ -49,7 +49,7 @@ c8c386d644d57c659d74542f5f57f632 lib/core/patch.py
|
||||||
0c3eef46bdbf87e29a3f95f90240d192 lib/core/replication.py
|
0c3eef46bdbf87e29a3f95f90240d192 lib/core/replication.py
|
||||||
a7db43859b61569b601b97f187dd31c5 lib/core/revision.py
|
a7db43859b61569b601b97f187dd31c5 lib/core/revision.py
|
||||||
fcb74fcc9577523524659ec49e2e964b lib/core/session.py
|
fcb74fcc9577523524659ec49e2e964b lib/core/session.py
|
||||||
03f706e4caefe69887515d9e7cb56748 lib/core/settings.py
|
eb8b62b1dc94be51a6c3d44d47af8f4a lib/core/settings.py
|
||||||
a971ce157d04de96ba6e710d3d38a9a8 lib/core/shell.py
|
a971ce157d04de96ba6e710d3d38a9a8 lib/core/shell.py
|
||||||
a7edc9250d13af36ac0108f259859c19 lib/core/subprocessng.py
|
a7edc9250d13af36ac0108f259859c19 lib/core/subprocessng.py
|
||||||
1581be48127a3a7a9fd703359b6e7567 lib/core/target.py
|
1581be48127a3a7a9fd703359b6e7567 lib/core/target.py
|
||||||
|
@ -223,7 +223,7 @@ f7874230e5661910d5fd21544c7d1022 plugins/generic/misc.py
|
||||||
30b421f06dc98998ddc1923a9048b7fc plugins/generic/search.py
|
30b421f06dc98998ddc1923a9048b7fc plugins/generic/search.py
|
||||||
a70cc0ada4b0cc9e7df23cb6d48a4a0c plugins/generic/syntax.py
|
a70cc0ada4b0cc9e7df23cb6d48a4a0c plugins/generic/syntax.py
|
||||||
f990d799e578dfbc3cde5728655a7854 plugins/generic/takeover.py
|
f990d799e578dfbc3cde5728655a7854 plugins/generic/takeover.py
|
||||||
1265241e309da72bb82c3863a4c1b4bd plugins/generic/users.py
|
8ab0b84fda105459913715b98e1b8a4a plugins/generic/users.py
|
||||||
1e5532ede194ac9c083891c2f02bca93 plugins/__init__.py
|
1e5532ede194ac9c083891c2f02bca93 plugins/__init__.py
|
||||||
5dc693e22f5d020c5c568d7325bd4226 shell/backdoors/backdoor.asp_
|
5dc693e22f5d020c5c568d7325bd4226 shell/backdoors/backdoor.asp_
|
||||||
158bfa168128393dde8d6ed11fe9a1b8 shell/backdoors/backdoor.aspx_
|
158bfa168128393dde8d6ed11fe9a1b8 shell/backdoors/backdoor.aspx_
|
||||||
|
|
Loading…
Reference in New Issue
Block a user