diff --git a/lib/core/option.py b/lib/core/option.py index 5bd750987..d033ffdeb 100644 --- a/lib/core/option.py +++ b/lib/core/option.py @@ -1713,6 +1713,7 @@ def _setKnowledgeBaseAttributes(flushAll=True): kb.absFilePaths = set() kb.adjustTimeDelay = None kb.alerted = False + kb.aliasName = randomStr() kb.alwaysRefresh = None kb.arch = None kb.authHeader = None diff --git a/lib/core/settings.py b/lib/core/settings.py index c54d66879..5b589fd7e 100644 --- a/lib/core/settings.py +++ b/lib/core/settings.py @@ -19,7 +19,7 @@ from lib.core.enums import DBMS_DIRECTORY_NAME from lib.core.enums import OS # sqlmap version (...) -VERSION = "1.2.9.34" +VERSION = "1.2.9.35" TYPE = "dev" if VERSION.count('.') > 2 and VERSION.split('.')[-1] != '0' else "stable" TYPE_COLORS = {"dev": 33, "stable": 90, "pip": 34} VERSION_STRING = "sqlmap/%s#%s" % ('.'.join(VERSION.split('.')[:-1]) if VERSION.count('.') > 2 and VERSION.split('.')[-1] == '0' else VERSION, TYPE) diff --git a/lib/core/target.py b/lib/core/target.py index 4653cb6b0..cb3f755a6 100644 --- a/lib/core/target.py +++ b/lib/core/target.py @@ -692,6 +692,13 @@ def _createTargetDirs(): _createFilesDir() _configureDumper() +def _setAuxOptions(): + """ + Setup auxiliary (host-dependent) options + """ + + kb.aliasName = randomStr(seed=hash(conf.hostname or "")) + def _restoreMergedOptions(): """ Restore merged options (command line, configuration file and default values) @@ -745,3 +752,4 @@ def setupTargetEnv(): _resumeHashDBValues() _setResultsFile() _setAuthCred() + _setAuxOptions() \ No newline at end of file diff --git a/lib/utils/pivotdumptable.py b/lib/utils/pivotdumptable.py index 0ced0b62c..03e2226a8 100644 --- a/lib/utils/pivotdumptable.py +++ b/lib/utils/pivotdumptable.py @@ -32,7 +32,7 @@ from lib.core.settings import NULL from lib.core.unescaper import unescaper from lib.request import inject -def pivotDumpTable(table, colList, count=None, blind=True): +def pivotDumpTable(table, colList, count=None, blind=True, alias=None): lengths = {} entries = {} @@ -89,7 +89,7 @@ def pivotDumpTable(table, colList, count=None, blind=True): if not validPivotValue: for column in colList: infoMsg = "fetching number of distinct " - infoMsg += "values for column '%s'" % column + infoMsg += "values for column '%s'" % column.replace(("%s." % alias) if alias else "", "") logger.info(infoMsg) query = dumpNode.count2 % (column, table) @@ -100,7 +100,7 @@ def pivotDumpTable(table, colList, count=None, blind=True): validColumnList = True if value == count: - infoMsg = "using column '%s' as a pivot " % column + infoMsg = "using column '%s' as a pivot " % column.replace(("%s." % alias) if alias else "", "") infoMsg += "for retrieving row data" logger.info(infoMsg) diff --git a/plugins/dbms/maxdb/enumeration.py b/plugins/dbms/maxdb/enumeration.py index c0442f7be..16f3e1068 100644 --- a/plugins/dbms/maxdb/enumeration.py +++ b/plugins/dbms/maxdb/enumeration.py @@ -43,9 +43,8 @@ class Enumeration(GenericEnumeration): logger.info(infoMsg) rootQuery = queries[DBMS.MAXDB].dbs - randStr = randomStr() query = rootQuery.inband.query - retVal = pivotDumpTable("(%s) AS %s" % (query, randStr), ['%s.schemaname' % randStr], blind=True) + retVal = pivotDumpTable("(%s) AS %s" % (query, kb.aliasName), ['%s.schemaname' % kb.aliasName], blind=True) if retVal: kb.data.cachedDbs = retVal[0].values()[0] @@ -79,9 +78,8 @@ class Enumeration(GenericEnumeration): rootQuery = queries[DBMS.MAXDB].tables for db in dbs: - randStr = randomStr() query = rootQuery.inband.query % (("'%s'" % db) if db != "USER" else 'USER') - retVal = pivotDumpTable("(%s) AS %s" % (query, randStr), ['%s.tablename' % randStr], blind=True) + retVal = pivotDumpTable("(%s) AS %s" % (query, kb.aliasName), ['%s.tablename' % kb.aliasName], blind=True) if retVal: for table in retVal[0].values()[0]: @@ -202,15 +200,14 @@ class Enumeration(GenericEnumeration): infoMsg += "on database '%s'" % unsafeSQLIdentificatorNaming(conf.db) logger.info(infoMsg) - randStr = randomStr() query = rootQuery.inband.query % (unsafeSQLIdentificatorNaming(tbl), ("'%s'" % unsafeSQLIdentificatorNaming(conf.db)) if unsafeSQLIdentificatorNaming(conf.db) != "USER" else 'USER') - retVal = pivotDumpTable("(%s) AS %s" % (query, randStr), ['%s.columnname' % randStr, '%s.datatype' % randStr, '%s.len' % randStr], blind=True) + retVal = pivotDumpTable("(%s) AS %s" % (query, kb.aliasName), ['%s.columnname' % kb.aliasName, '%s.datatype' % kb.aliasName, '%s.len' % kb.aliasName], blind=True) if retVal: table = {} columns = {} - for columnname, datatype, length in zip(retVal[0]["%s.columnname" % randStr], retVal[0]["%s.datatype" % randStr], retVal[0]["%s.len" % randStr]): + for columnname, datatype, length in zip(retVal[0]["%s.columnname" % kb.aliasName], retVal[0]["%s.datatype" % kb.aliasName], retVal[0]["%s.len" % kb.aliasName]): columns[safeSQLIdentificatorNaming(columnname)] = "%s(%s)" % (datatype, length) table[tbl] = columns diff --git a/plugins/dbms/sybase/enumeration.py b/plugins/dbms/sybase/enumeration.py index 2432598b7..a1febb716 100644 --- a/plugins/dbms/sybase/enumeration.py +++ b/plugins/dbms/sybase/enumeration.py @@ -38,7 +38,6 @@ class Enumeration(GenericEnumeration): rootQuery = queries[DBMS.SYBASE].users - randStr = randomStr() query = rootQuery.inband.query if any(isTechniqueAvailable(_) for _ in (PAYLOAD.TECHNIQUE.UNION, PAYLOAD.TECHNIQUE.ERROR, PAYLOAD.TECHNIQUE.QUERY)) or conf.direct: @@ -47,7 +46,7 @@ class Enumeration(GenericEnumeration): blinds = (True,) for blind in blinds: - retVal = pivotDumpTable("(%s) AS %s" % (query, randStr), ['%s.name' % randStr], blind=blind) + retVal = pivotDumpTable("(%s) AS %s" % (query, kb.aliasName), ['%s.name' % kb.aliasName], blind=blind, alias=kb.aliasName) if retVal: kb.data.cachedUsers = retVal[0].values()[0] @@ -94,7 +93,6 @@ class Enumeration(GenericEnumeration): logger.info(infoMsg) rootQuery = queries[DBMS.SYBASE].dbs - randStr = randomStr() query = rootQuery.inband.query if any(isTechniqueAvailable(_) for _ in (PAYLOAD.TECHNIQUE.UNION, PAYLOAD.TECHNIQUE.ERROR, PAYLOAD.TECHNIQUE.QUERY)) or conf.direct: @@ -103,7 +101,7 @@ class Enumeration(GenericEnumeration): blinds = [True] for blind in blinds: - retVal = pivotDumpTable("(%s) AS %s" % (query, randStr), ['%s.name' % randStr], blind=blind) + retVal = pivotDumpTable("(%s) AS %s" % (query, kb.aliasName), ['%s.name' % kb.aliasName], blind=blind, alias=kb.aliasName) if retVal: kb.data.cachedDbs = retVal[0].values()[0] @@ -146,9 +144,8 @@ class Enumeration(GenericEnumeration): for db in dbs: for blind in blinds: - randStr = randomStr() query = rootQuery.inband.query % db - retVal = pivotDumpTable("(%s) AS %s" % (query, randStr), ['%s.name' % randStr], blind=blind) + retVal = pivotDumpTable("(%s) AS %s" % (query, kb.aliasName), ['%s.name' % kb.aliasName], blind=blind, alias=kb.aliasName) if retVal: for table in retVal[0].values()[0]: @@ -278,15 +275,14 @@ class Enumeration(GenericEnumeration): logger.info(infoMsg) for blind in blinds: - randStr = randomStr() query = rootQuery.inband.query % (conf.db, conf.db, conf.db, conf.db, conf.db, conf.db, conf.db, unsafeSQLIdentificatorNaming(tbl)) - retVal = pivotDumpTable("(%s) AS %s" % (query, randStr), ['%s.name' % randStr, '%s.usertype' % randStr], blind=blind) + retVal = pivotDumpTable("(%s) AS %s" % (query, kb.aliasName), ['%s.name' % kb.aliasName, '%s.usertype' % kb.aliasName], blind=blind, alias=kb.aliasName) if retVal: table = {} columns = {} - for name, type_ in filterPairValues(zip(retVal[0]["%s.name" % randStr], retVal[0]["%s.usertype" % randStr])): + for name, type_ in filterPairValues(zip(retVal[0]["%s.name" % kb.aliasName], retVal[0]["%s.usertype" % kb.aliasName])): columns[name] = SYBASE_TYPES.get(int(type_) if isinstance(type_, basestring) and type_.isdigit() else type_, type_) table[safeSQLIdentificatorNaming(tbl)] = columns diff --git a/plugins/generic/users.py b/plugins/generic/users.py index 45ac34575..9ff861908 100644 --- a/plugins/generic/users.py +++ b/plugins/generic/users.py @@ -187,13 +187,12 @@ class Users: query += " OR ".join("%s = '%s'" % (condition, user) for user in sorted(users)) if Backend.isDbms(DBMS.SYBASE): - randStr = randomStr() getCurrentThreadData().disableStdOut = True - retVal = pivotDumpTable("(%s) AS %s" % (query, randStr), ['%s.name' % randStr, '%s.password' % randStr], blind=False) + retVal = pivotDumpTable("(%s) AS %s" % (query, kb.aliasName), ['%s.name' % kb.aliasName, '%s.password' % kb.aliasName], blind=False) if retVal: - for user, password in filterPairValues(zip(retVal[0]["%s.name" % randStr], retVal[0]["%s.password" % randStr])): + for user, password in filterPairValues(zip(retVal[0]["%s.name" % kb.aliasName], retVal[0]["%s.password" % kb.aliasName])): if user not in kb.data.cachedUsersPasswords: kb.data.cachedUsersPasswords[user] = [password] else: @@ -228,13 +227,12 @@ class Users: if Backend.isDbms(DBMS.SYBASE): getCurrentThreadData().disableStdOut = True - randStr = randomStr() query = rootQuery.inband.query - retVal = pivotDumpTable("(%s) AS %s" % (query, randStr), ['%s.name' % randStr, '%s.password' % randStr], blind=True) + retVal = pivotDumpTable("(%s) AS %s" % (query, kb.aliasName), ['%s.name' % kb.aliasName, '%s.password' % kb.aliasName], blind=True) if retVal: - for user, password in filterPairValues(zip(retVal[0]["%s.name" % randStr], retVal[0]["%s.password" % randStr])): + for user, password in filterPairValues(zip(retVal[0]["%s.name" % kb.aliasName], retVal[0]["%s.password" % kb.aliasName])): password = "0x%s" % hexencode(password, conf.encoding).upper() if user not in kb.data.cachedUsersPasswords: diff --git a/txt/checksum.md5 b/txt/checksum.md5 index 6cb89c704..ac59b80db 100644 --- a/txt/checksum.md5 +++ b/txt/checksum.md5 @@ -43,17 +43,17 @@ cada93357a7321655927fc9625b3bfec lib/core/exception.py 1e5532ede194ac9c083891c2f02bca93 lib/core/__init__.py 458a194764805cd8312c14ecd4be4d1e lib/core/log.py 7d6edc552e08c30f4f4d49fa93b746f1 lib/core/optiondict.py -c59c0bfccf3e906564d82adf1fcd17de lib/core/option.py +2f2b2286f82028cf36ace9be3af06bf9 lib/core/option.py c8c386d644d57c659d74542f5f57f632 lib/core/patch.py 6783160150b4711d02c56ee2beadffdb lib/core/profiling.py 6f654e1715571eff68a0f8af3d62dcf8 lib/core/readlineng.py 0c3eef46bdbf87e29a3f95f90240d192 lib/core/replication.py a7db43859b61569b601b97f187dd31c5 lib/core/revision.py fcb74fcc9577523524659ec49e2e964b lib/core/session.py -de9fa04f019f5d14db8589e1a61b3064 lib/core/settings.py +279a9ae0ba5b11e48fa3e3c7fc0f6173 lib/core/settings.py dd68a9d02fccb4fa1428b20e15b0db5d lib/core/shell.py a7edc9250d13af36ac0108f259859c19 lib/core/subprocessng.py -248bd121e0565318e1efaff54aa427bc lib/core/target.py +62bc180e3e828949ffb342a8f756c183 lib/core/target.py 72d499ca8d792e90a1ebfb2ad2341a51 lib/core/testing.py e896992e4db26605ab1e73615b1f9434 lib/core/threads.py c40758411bb0bd68764d78e0bb72bd0f lib/core/unescaper.py @@ -112,7 +112,7 @@ f7af65aa47329d021e2b2cc8521b42a4 lib/utils/getch.py d0f4d56c5d6a09a4635035e233d4a782 lib/utils/hash.py 011d2dbf589e0faa0deca61a651239cc lib/utils/htmlentities.py 1e5532ede194ac9c083891c2f02bca93 lib/utils/__init__.py -b0105f091c2e919c3cdb549cb29fd194 lib/utils/pivotdumptable.py +527409077a094b63c88f3291138b1c81 lib/utils/pivotdumptable.py 683c3bd05b6164f56a57ed495c162684 lib/utils/progress.py 0ec5cec9d93d5ffd1eaeda6e942ecadf lib/utils/purge.py 2c5a655c8e94cbe2664ee497752ac1f2 lib/utils/search.py @@ -157,7 +157,7 @@ aa77fec4fe6b2d7ca4a91aebd9ff4e21 plugins/dbms/informix/syntax.py 25f0fb28e9defcab48a2e946fbb7550a plugins/dbms/informix/takeover.py 1e5532ede194ac9c083891c2f02bca93 plugins/dbms/__init__.py 6917f9b045f6188b89e816dea9b46a3f plugins/dbms/maxdb/connector.py -f33efaab1695dc9885ebae3f6072fffa plugins/dbms/maxdb/enumeration.py +c5728157a49a4a3a98d414f453bb347e plugins/dbms/maxdb/enumeration.py ffd26f64142226d0b1ed1d70f7f294c0 plugins/dbms/maxdb/filesystem.py 9f9f1c4c4c3150545c4b61d1cffc76a8 plugins/dbms/maxdb/fingerprint.py 4321d7018f5121343460ebfd83bb69be plugins/dbms/maxdb/__init__.py @@ -199,7 +199,7 @@ f639120d42b33b6ca67930bddbf2ac1f plugins/dbms/sqlite/__init__.py 964e59d2eba619b068b0a15cea28efe0 plugins/dbms/sqlite/syntax.py 3364b2938d7040c507cd622c323557dc plugins/dbms/sqlite/takeover.py 9e64e67291a4c369bad8b8cf2cfa722a plugins/dbms/sybase/connector.py -426698152f63504061e5875e64957691 plugins/dbms/sybase/enumeration.py +6a675a1eb50121a3290e77f0e83a78b3 plugins/dbms/sybase/enumeration.py 74de450dd6d6d006aa9c7eed56e6b09a plugins/dbms/sybase/filesystem.py 0329ab09187614bea02398def59695ec plugins/dbms/sybase/fingerprint.py a3db8618eed5bb2807b6f77605cba9cc plugins/dbms/sybase/__init__.py @@ -217,7 +217,7 @@ f7874230e5661910d5fd21544c7d1022 plugins/generic/misc.py b1d2a7f3170f9b69e71335aa47f9b08b plugins/generic/search.py a70cc0ada4b0cc9e7df23cb6d48a4a0c plugins/generic/syntax.py a37c21cc3fa5c0c220d33d450bf503ed plugins/generic/takeover.py -4419b13a4b78d7e9e4a2632302344a1a plugins/generic/users.py +4db140069923afbae38fd93e37c00248 plugins/generic/users.py 1e5532ede194ac9c083891c2f02bca93 plugins/__init__.py 5dc693e22f5d020c5c568d7325bd4226 shell/backdoors/backdoor.asp_ 158bfa168128393dde8d6ed11fe9a1b8 shell/backdoors/backdoor.aspx_