sqlmapproject/sqlmap
1
1
Fork 0
mirror of https://github.com/sqlmapproject/sqlmap.git synced 2024-11-22 09:36:35 +03:00
Code Issues Packages Projects Releases Wiki Activity

Fixing non-resumal of MsSQL/Sybase/MaxDB enumeration queries

Browse Source
This commit is contained in:
Miroslav Stampar 2018-09-21 23:06:45 +02:00
parent 721046831b
commit e697354765
8 changed files with 33 additions and 33 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

1
lib/core/option.py
View File

@ -1713,6 +1713,7 @@ def _setKnowledgeBaseAttributes(flushAll=True):
kb.absFilePaths = set()
kb.adjustTimeDelay = None
kb.alerted = False
kb.aliasName = randomStr()
kb.alwaysRefresh = None
kb.arch = None
kb.authHeader = None

2
lib/core/settings.py
View File

@ -19,7 +19,7 @@ from lib.core.enums import DBMS_DIRECTORY_NAME
from lib.core.enums import OS
# sqlmap version (<major>.<minor>.<month>.<monthly commit>)
VERSION = "1.2.9.34"
VERSION = "1.2.9.35"
TYPE = "dev" if VERSION.count('.') > 2 and VERSION.split('.')[-1] != '0' else "stable"
TYPE_COLORS = {"dev": 33, "stable": 90, "pip": 34}
VERSION_STRING = "sqlmap/%s#%s" % ('.'.join(VERSION.split('.')[:-1]) if VERSION.count('.') > 2 and VERSION.split('.')[-1] == '0' else VERSION, TYPE)

8
lib/core/target.py
View File

@ -692,6 +692,13 @@ def _createTargetDirs():
_createFilesDir()
_configureDumper()
def _setAuxOptions():
"""
Setup auxiliary (host-dependent) options
"""
kb.aliasName = randomStr(seed=hash(conf.hostname or ""))
def _restoreMergedOptions():
"""
Restore merged options (command line, configuration file and default values)
@ -745,3 +752,4 @@ def setupTargetEnv():
_resumeHashDBValues()
_setResultsFile()
_setAuthCred()
_setAuxOptions()

6
lib/utils/pivotdumptable.py
View File

@ -32,7 +32,7 @@ from lib.core.settings import NULL
from lib.core.unescaper import unescaper
from lib.request import inject
def pivotDumpTable(table, colList, count=None, blind=True):
def pivotDumpTable(table, colList, count=None, blind=True, alias=None):
lengths = {}
entries = {}
@ -89,7 +89,7 @@ def pivotDumpTable(table, colList, count=None, blind=True):
if not validPivotValue:
for column in colList:
infoMsg = "fetching number of distinct "
infoMsg += "values for column '%s'" % column
infoMsg += "values for column '%s'" % column.replace(("%s." % alias) if alias else "", "")
logger.info(infoMsg)
query = dumpNode.count2 % (column, table)
@ -100,7 +100,7 @@ def pivotDumpTable(table, colList, count=None, blind=True):
validColumnList = True
if value == count:
infoMsg = "using column '%s' as a pivot " % column
infoMsg = "using column '%s' as a pivot " % column.replace(("%s." % alias) if alias else "", "")
infoMsg += "for retrieving row data"
logger.info(infoMsg)

11
plugins/dbms/maxdb/enumeration.py
View File

@ -43,9 +43,8 @@ class Enumeration(GenericEnumeration):
logger.info(infoMsg)
rootQuery = queries[DBMS.MAXDB].dbs
randStr = randomStr()
query = rootQuery.inband.query
retVal = pivotDumpTable("(%s) AS %s" % (query, randStr), ['%s.schemaname' % randStr], blind=True)
retVal = pivotDumpTable("(%s) AS %s" % (query, kb.aliasName), ['%s.schemaname' % kb.aliasName], blind=True)
if retVal:
kb.data.cachedDbs = retVal[0].values()[0]
@ -79,9 +78,8 @@ class Enumeration(GenericEnumeration):
rootQuery = queries[DBMS.MAXDB].tables
for db in dbs:
randStr = randomStr()
query = rootQuery.inband.query % (("'%s'" % db) if db != "USER" else 'USER')
retVal = pivotDumpTable("(%s) AS %s" % (query, randStr), ['%s.tablename' % randStr], blind=True)
retVal = pivotDumpTable("(%s) AS %s" % (query, kb.aliasName), ['%s.tablename' % kb.aliasName], blind=True)
if retVal:
for table in retVal[0].values()[0]:
@ -202,15 +200,14 @@ class Enumeration(GenericEnumeration):
infoMsg += "on database '%s'" % unsafeSQLIdentificatorNaming(conf.db)
logger.info(infoMsg)
randStr = randomStr()
query = rootQuery.inband.query % (unsafeSQLIdentificatorNaming(tbl), ("'%s'" % unsafeSQLIdentificatorNaming(conf.db)) if unsafeSQLIdentificatorNaming(conf.db) != "USER" else 'USER')
retVal = pivotDumpTable("(%s) AS %s" % (query, randStr), ['%s.columnname' % randStr, '%s.datatype' % randStr, '%s.len' % randStr], blind=True)
retVal = pivotDumpTable("(%s) AS %s" % (query, kb.aliasName), ['%s.columnname' % kb.aliasName, '%s.datatype' % kb.aliasName, '%s.len' % kb.aliasName], blind=True)
if retVal:
table = {}
columns = {}
for columnname, datatype, length in zip(retVal[0]["%s.columnname" % randStr], retVal[0]["%s.datatype" % randStr], retVal[0]["%s.len" % randStr]):
for columnname, datatype, length in zip(retVal[0]["%s.columnname" % kb.aliasName], retVal[0]["%s.datatype" % kb.aliasName], retVal[0]["%s.len" % kb.aliasName]):
columns[safeSQLIdentificatorNaming(columnname)] = "%s(%s)" % (datatype, length)
table[tbl] = columns

14
plugins/dbms/sybase/enumeration.py
View File

@ -38,7 +38,6 @@ class Enumeration(GenericEnumeration):
rootQuery = queries[DBMS.SYBASE].users
randStr = randomStr()
query = rootQuery.inband.query
if any(isTechniqueAvailable(_) for _ in (PAYLOAD.TECHNIQUE.UNION, PAYLOAD.TECHNIQUE.ERROR, PAYLOAD.TECHNIQUE.QUERY)) or conf.direct:
@ -47,7 +46,7 @@ class Enumeration(GenericEnumeration):
blinds = (True,)
for blind in blinds:
retVal = pivotDumpTable("(%s) AS %s" % (query, randStr), ['%s.name' % randStr], blind=blind)
retVal = pivotDumpTable("(%s) AS %s" % (query, kb.aliasName), ['%s.name' % kb.aliasName], blind=blind, alias=kb.aliasName)
if retVal:
kb.data.cachedUsers = retVal[0].values()[0]
@ -94,7 +93,6 @@ class Enumeration(GenericEnumeration):
logger.info(infoMsg)
rootQuery = queries[DBMS.SYBASE].dbs
randStr = randomStr()
query = rootQuery.inband.query
if any(isTechniqueAvailable(_) for _ in (PAYLOAD.TECHNIQUE.UNION, PAYLOAD.TECHNIQUE.ERROR, PAYLOAD.TECHNIQUE.QUERY)) or conf.direct:
@ -103,7 +101,7 @@ class Enumeration(GenericEnumeration):
blinds = [True]
for blind in blinds:
retVal = pivotDumpTable("(%s) AS %s" % (query, randStr), ['%s.name' % randStr], blind=blind)
retVal = pivotDumpTable("(%s) AS %s" % (query, kb.aliasName), ['%s.name' % kb.aliasName], blind=blind, alias=kb.aliasName)
if retVal:
kb.data.cachedDbs = retVal[0].values()[0]
@ -146,9 +144,8 @@ class Enumeration(GenericEnumeration):
for db in dbs:
for blind in blinds:
randStr = randomStr()
query = rootQuery.inband.query % db
retVal = pivotDumpTable("(%s) AS %s" % (query, randStr), ['%s.name' % randStr], blind=blind)
retVal = pivotDumpTable("(%s) AS %s" % (query, kb.aliasName), ['%s.name' % kb.aliasName], blind=blind, alias=kb.aliasName)
if retVal:
for table in retVal[0].values()[0]:
@ -278,15 +275,14 @@ class Enumeration(GenericEnumeration):
logger.info(infoMsg)
for blind in blinds:
randStr = randomStr()
query = rootQuery.inband.query % (conf.db, conf.db, conf.db, conf.db, conf.db, conf.db, conf.db, unsafeSQLIdentificatorNaming(tbl))
retVal = pivotDumpTable("(%s) AS %s" % (query, randStr), ['%s.name' % randStr, '%s.usertype' % randStr], blind=blind)
retVal = pivotDumpTable("(%s) AS %s" % (query, kb.aliasName), ['%s.name' % kb.aliasName, '%s.usertype' % kb.aliasName], blind=blind, alias=kb.aliasName)
if retVal:
table = {}
columns = {}
for name, type_ in filterPairValues(zip(retVal[0]["%s.name" % randStr], retVal[0]["%s.usertype" % randStr])):
for name, type_ in filterPairValues(zip(retVal[0]["%s.name" % kb.aliasName], retVal[0]["%s.usertype" % kb.aliasName])):
columns[name] = SYBASE_TYPES.get(int(type_) if isinstance(type_, basestring) and type_.isdigit() else type_, type_)
table[safeSQLIdentificatorNaming(tbl)] = columns

10
plugins/generic/users.py
View File

@ -187,13 +187,12 @@ class Users:
query += " OR ".join("%s = '%s'" % (condition, user) for user in sorted(users))
if Backend.isDbms(DBMS.SYBASE):
randStr = randomStr()
getCurrentThreadData().disableStdOut = True
retVal = pivotDumpTable("(%s) AS %s" % (query, randStr), ['%s.name' % randStr, '%s.password' % randStr], blind=False)
retVal = pivotDumpTable("(%s) AS %s" % (query, kb.aliasName), ['%s.name' % kb.aliasName, '%s.password' % kb.aliasName], blind=False)
if retVal:
for user, password in filterPairValues(zip(retVal[0]["%s.name" % randStr], retVal[0]["%s.password" % randStr])):
for user, password in filterPairValues(zip(retVal[0]["%s.name" % kb.aliasName], retVal[0]["%s.password" % kb.aliasName])):
if user not in kb.data.cachedUsersPasswords:
kb.data.cachedUsersPasswords[user] = [password]
else:
@ -228,13 +227,12 @@ class Users:
if Backend.isDbms(DBMS.SYBASE):
getCurrentThreadData().disableStdOut = True
randStr = randomStr()
query = rootQuery.inband.query
retVal = pivotDumpTable("(%s) AS %s" % (query, randStr), ['%s.name' % randStr, '%s.password' % randStr], blind=True)
retVal = pivotDumpTable("(%s) AS %s" % (query, kb.aliasName), ['%s.name' % kb.aliasName, '%s.password' % kb.aliasName], blind=True)
if retVal:
for user, password in filterPairValues(zip(retVal[0]["%s.name" % randStr], retVal[0]["%s.password" % randStr])):
for user, password in filterPairValues(zip(retVal[0]["%s.name" % kb.aliasName], retVal[0]["%s.password" % kb.aliasName])):
password = "0x%s" % hexencode(password, conf.encoding).upper()
if user not in kb.data.cachedUsersPasswords:

14
txt/checksum.md5
View File

@ -43,17 +43,17 @@ cada93357a7321655927fc9625b3bfec lib/core/exception.py
1e5532ede194ac9c083891c2f02bca93 lib/core/__init__.py
458a194764805cd8312c14ecd4be4d1e lib/core/log.py
7d6edc552e08c30f4f4d49fa93b746f1 lib/core/optiondict.py
c59c0bfccf3e906564d82adf1fcd17de lib/core/option.py
2f2b2286f82028cf36ace9be3af06bf9 lib/core/option.py
c8c386d644d57c659d74542f5f57f632 lib/core/patch.py
6783160150b4711d02c56ee2beadffdb lib/core/profiling.py
6f654e1715571eff68a0f8af3d62dcf8 lib/core/readlineng.py
0c3eef46bdbf87e29a3f95f90240d192 lib/core/replication.py
a7db43859b61569b601b97f187dd31c5 lib/core/revision.py
fcb74fcc9577523524659ec49e2e964b lib/core/session.py
de9fa04f019f5d14db8589e1a61b3064 lib/core/settings.py
279a9ae0ba5b11e48fa3e3c7fc0f6173 lib/core/settings.py
dd68a9d02fccb4fa1428b20e15b0db5d lib/core/shell.py
a7edc9250d13af36ac0108f259859c19 lib/core/subprocessng.py
248bd121e0565318e1efaff54aa427bc lib/core/target.py
62bc180e3e828949ffb342a8f756c183 lib/core/target.py
72d499ca8d792e90a1ebfb2ad2341a51 lib/core/testing.py
e896992e4db26605ab1e73615b1f9434 lib/core/threads.py
c40758411bb0bd68764d78e0bb72bd0f lib/core/unescaper.py
@ -112,7 +112,7 @@ f7af65aa47329d021e2b2cc8521b42a4 lib/utils/getch.py
d0f4d56c5d6a09a4635035e233d4a782 lib/utils/hash.py
011d2dbf589e0faa0deca61a651239cc lib/utils/htmlentities.py
1e5532ede194ac9c083891c2f02bca93 lib/utils/__init__.py
b0105f091c2e919c3cdb549cb29fd194 lib/utils/pivotdumptable.py
527409077a094b63c88f3291138b1c81 lib/utils/pivotdumptable.py
683c3bd05b6164f56a57ed495c162684 lib/utils/progress.py
0ec5cec9d93d5ffd1eaeda6e942ecadf lib/utils/purge.py
2c5a655c8e94cbe2664ee497752ac1f2 lib/utils/search.py
@ -157,7 +157,7 @@ aa77fec4fe6b2d7ca4a91aebd9ff4e21 plugins/dbms/informix/syntax.py
25f0fb28e9defcab48a2e946fbb7550a plugins/dbms/informix/takeover.py
1e5532ede194ac9c083891c2f02bca93 plugins/dbms/__init__.py
6917f9b045f6188b89e816dea9b46a3f plugins/dbms/maxdb/connector.py
f33efaab1695dc9885ebae3f6072fffa plugins/dbms/maxdb/enumeration.py
c5728157a49a4a3a98d414f453bb347e plugins/dbms/maxdb/enumeration.py
ffd26f64142226d0b1ed1d70f7f294c0 plugins/dbms/maxdb/filesystem.py
9f9f1c4c4c3150545c4b61d1cffc76a8 plugins/dbms/maxdb/fingerprint.py
4321d7018f5121343460ebfd83bb69be plugins/dbms/maxdb/__init__.py
@ -199,7 +199,7 @@ f639120d42b33b6ca67930bddbf2ac1f plugins/dbms/sqlite/__init__.py
964e59d2eba619b068b0a15cea28efe0 plugins/dbms/sqlite/syntax.py
3364b2938d7040c507cd622c323557dc plugins/dbms/sqlite/takeover.py
9e64e67291a4c369bad8b8cf2cfa722a plugins/dbms/sybase/connector.py
426698152f63504061e5875e64957691 plugins/dbms/sybase/enumeration.py
6a675a1eb50121a3290e77f0e83a78b3 plugins/dbms/sybase/enumeration.py
74de450dd6d6d006aa9c7eed56e6b09a plugins/dbms/sybase/filesystem.py
0329ab09187614bea02398def59695ec plugins/dbms/sybase/fingerprint.py
a3db8618eed5bb2807b6f77605cba9cc plugins/dbms/sybase/__init__.py
@ -217,7 +217,7 @@ f7874230e5661910d5fd21544c7d1022 plugins/generic/misc.py
b1d2a7f3170f9b69e71335aa47f9b08b plugins/generic/search.py
a70cc0ada4b0cc9e7df23cb6d48a4a0c plugins/generic/syntax.py
a37c21cc3fa5c0c220d33d450bf503ed plugins/generic/takeover.py
4419b13a4b78d7e9e4a2632302344a1a plugins/generic/users.py
4db140069923afbae38fd93e37c00248 plugins/generic/users.py
1e5532ede194ac9c083891c2f02bca93 plugins/__init__.py
5dc693e22f5d020c5c568d7325bd4226 shell/backdoors/backdoor.asp_
158bfa168128393dde8d6ed11fe9a1b8 shell/backdoors/backdoor.aspx_