sqlmapproject/sqlmap
1
1
Fork 0
mirror of https://github.com/sqlmapproject/sqlmap.git synced 2024-11-28 20:43:49 +03:00
Code Issues Packages Projects Releases Wiki Activity

added support for search for tables on Firebird (issue #365)

Browse Source
This commit is contained in:
Bernardo Damele 2013-01-22 09:53:05 +00:00
parent d2ff9bccbb
commit e23340f002
3 changed files with 21 additions and 20 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

10
plugins/dbms/firebird/enumeration.py
View File

@ -30,22 +30,12 @@ class Enumeration(GenericEnumeration):
return [] return []
def searchTable(self):
warnMsg = "on Firebird searching of tables is not implemented"
logger.warn(warnMsg)
return []
def searchColumn(self): def searchColumn(self):
warnMsg = "on Firebird searching of columns is not implemented" warnMsg = "on Firebird searching of columns is not implemented"
logger.warn(warnMsg) logger.warn(warnMsg)
return [] return []
def search(self):
warnMsg = "on Firebird search option is not available"
logger.warn(warnMsg)
def getHostname(self): def getHostname(self):
warnMsg = "on Firebird it is not possible to enumerate the hostname" warnMsg = "on Firebird it is not possible to enumerate the hostname"
logger.warn(warnMsg) logger.warn(warnMsg)

23
plugins/generic/search.py
View File

@ -194,13 +194,14 @@ class Search:
query += whereDbsQuery query += whereDbsQuery
values = inject.getValue(query, blind=False, time=False) values = inject.getValue(query, blind=False, time=False)
if Backend.isDbms(DBMS.SQLITE): if Backend.getIdentifiedDbms() in (DBMS.SQLITE, DBMS.FIREBIRD):
newValues = [] newValues = []
if isinstance(values, basestring): if isinstance(values, basestring):
values = [values] values = [values]
for value in values: for value in values:
newValues.append(["SQLite%s" % METADB_SUFFIX, value]) dbName = "SQLite" if Backend.isDbms(DBMS.SQLITE) else "Firebird"
newValues.append(["%s%s" % (dbName, METADB_SUFFIX), value])
values = newValues values = newValues
@ -216,7 +217,7 @@ class Search:
else: else:
foundTbls[foundDb] = [foundTbl] foundTbls[foundDb] = [foundTbl]
else: else:
if not Backend.isDbms(DBMS.SQLITE): if Backend.getIdentifiedDbms() not in (DBMS.SQLITE, DBMS.FIREBIRD):
infoMsg = "fetching number of databases with table" infoMsg = "fetching number of databases with table"
if tblConsider == "1": if tblConsider == "1":
infoMsg += "s like" infoMsg += "s like"
@ -259,7 +260,8 @@ class Search:
if tblConsider == "2": if tblConsider == "2":
continue continue
else: else:
foundTbls["SQLite%s" % METADB_SUFFIX] = [] dbName = "SQLite" if Backend.isDbms(DBMS.SQLITE) else "Firebird"
foundTbls["%s%s" % (dbName, METADB_SUFFIX)] = []
for db in foundTbls.keys(): for db in foundTbls.keys():
db = safeSQLIdentificatorNaming(db) db = safeSQLIdentificatorNaming(db)
@ -271,7 +273,7 @@ class Search:
logger.info(infoMsg) logger.info(infoMsg)
query = rootQuery.blind.count2 query = rootQuery.blind.count2
if not Backend.isDbms(DBMS.SQLITE): if Backend.getIdentifiedDbms() not in (DBMS.SQLITE, DBMS.FIREBIRD):
query = query % unsafeSQLIdentificatorNaming(db) query = query % unsafeSQLIdentificatorNaming(db)
query += " AND %s" % tblQuery query += " AND %s" % tblQuery
count = inject.getValue(query, union=False, error=False, expected=EXPECTED.INT, charsetType=CHARSET_TYPE.DIGITS) count = inject.getValue(query, union=False, error=False, expected=EXPECTED.INT, charsetType=CHARSET_TYPE.DIGITS)
@ -290,10 +292,17 @@ class Search:
for index in indexRange: for index in indexRange:
query = rootQuery.blind.query2 query = rootQuery.blind.query2
if not Backend.isDbms(DBMS.SQLITE):
if Backend.isDbms(DBMS.FIREBIRD):
query = query % index
if Backend.getIdentifiedDbms() not in (DBMS.SQLITE, DBMS.FIREBIRD):
query = query % unsafeSQLIdentificatorNaming(db) query = query % unsafeSQLIdentificatorNaming(db)
query += " AND %s" % tblQuery query += " AND %s" % tblQuery
query = agent.limitQuery(index, query)
if not Backend.isDbms(DBMS.FIREBIRD):
query = agent.limitQuery(index, query)
foundTbl = unArrayizeValue(inject.getValue(query, union=False, error=False)) foundTbl = unArrayizeValue(inject.getValue(query, union=False, error=False))
kb.hintValue = foundTbl kb.hintValue = foundTbl

8
xml/queries.xml
View File

@ -431,17 +431,19 @@
<blind query="SELECT FIRST 1 SKIP %d %s FROM %s" count="SELECT COUNT(*) FROM %s"/> <blind query="SELECT FIRST 1 SKIP %d %s FROM %s" count="SELECT COUNT(*) FROM %s"/>
</dump_table> </dump_table>
<search_db/> <search_db/>
<search_table/> <search_table>
<inband query="SELECT RDB$RELATION_NAME FROM RDB$RELATIONS WHERE RDB$VIEW_BLR IS NULL AND (RDB$SYSTEM_FLAG IS NULL OR RDB$SYSTEM_FLAG = 0) AND " condition="RDB$RELATION_NAME" condition2=""/>
<blind query="" query2="SELECT FIRST 1 SKIP %d RDB$RELATION_NAME FROM RDB$RELATIONS WHERE RDB$VIEW_BLR IS NULL AND (RDB$SYSTEM_FLAG IS NULL OR RDB$SYSTEM_FLAG = 0)" count="" count2="SELECT COUNT(RDB$RELATION_NAME) FROM RDB$RELATIONS WHERE RDB$VIEW_BLR IS NULL AND (RDB$SYSTEM_FLAG IS NULL OR RDB$SYSTEM_FLAG = 0)" condition="RDB$RELATION_NAME" condition2=""/>
</search_table>
<search_column/> <search_column/>
</dbms> </dbms>
<!-- SAP MaxDB -->
<!-- http://dev.mysql.com/tech-resources/articles/maxdb-php-ready-for-web.html --> <!-- http://dev.mysql.com/tech-resources/articles/maxdb-php-ready-for-web.html -->
<!-- http://dev.mysql.com/doc/refman/5.0/es/maxdb-reserved-words.html --> <!-- http://dev.mysql.com/doc/refman/5.0/es/maxdb-reserved-words.html -->
<!-- http://maxdb.sap.com/doc/7_6/default.htm --> <!-- http://maxdb.sap.com/doc/7_6/default.htm -->
<!-- http://www.sapdb.org/7.4/htmhelp/35/f8823cb7e5d42be10000000a114027/content.htm --> <!-- http://www.sapdb.org/7.4/htmhelp/35/f8823cb7e5d42be10000000a114027/content.htm -->
<!-- http://www.ximido.de/research/PenTestingMaxDB.pdf --> <!-- http://www.ximido.de/research/PenTestingMaxDB.pdf -->
<!-- SAP MaxDB -->
<dbms value="SAP MaxDB"> <dbms value="SAP MaxDB">
<length query="LENGTH(%s)"/> <length query="LENGTH(%s)"/>
<isnull query="VALUE(%s,' ')" query2="IFNULL(%s,' ')"/> <isnull query="VALUE(%s,' ')" query2="IFNULL(%s,' ')"/>