mirror of
https://github.com/sqlmapproject/sqlmap.git
synced 2024-11-25 19:13:48 +03:00
Fixing non-resumal of MsSQL/Sybase/MaxDB enumeration queries
This commit is contained in:
parent
721046831b
commit
e697354765
|
@ -1713,6 +1713,7 @@ def _setKnowledgeBaseAttributes(flushAll=True):
|
|||
kb.absFilePaths = set()
|
||||
kb.adjustTimeDelay = None
|
||||
kb.alerted = False
|
||||
kb.aliasName = randomStr()
|
||||
kb.alwaysRefresh = None
|
||||
kb.arch = None
|
||||
kb.authHeader = None
|
||||
|
|
|
@ -19,7 +19,7 @@ from lib.core.enums import DBMS_DIRECTORY_NAME
|
|||
from lib.core.enums import OS
|
||||
|
||||
# sqlmap version (<major>.<minor>.<month>.<monthly commit>)
|
||||
VERSION = "1.2.9.34"
|
||||
VERSION = "1.2.9.35"
|
||||
TYPE = "dev" if VERSION.count('.') > 2 and VERSION.split('.')[-1] != '0' else "stable"
|
||||
TYPE_COLORS = {"dev": 33, "stable": 90, "pip": 34}
|
||||
VERSION_STRING = "sqlmap/%s#%s" % ('.'.join(VERSION.split('.')[:-1]) if VERSION.count('.') > 2 and VERSION.split('.')[-1] == '0' else VERSION, TYPE)
|
||||
|
|
|
@ -692,6 +692,13 @@ def _createTargetDirs():
|
|||
_createFilesDir()
|
||||
_configureDumper()
|
||||
|
||||
def _setAuxOptions():
|
||||
"""
|
||||
Setup auxiliary (host-dependent) options
|
||||
"""
|
||||
|
||||
kb.aliasName = randomStr(seed=hash(conf.hostname or ""))
|
||||
|
||||
def _restoreMergedOptions():
|
||||
"""
|
||||
Restore merged options (command line, configuration file and default values)
|
||||
|
@ -745,3 +752,4 @@ def setupTargetEnv():
|
|||
_resumeHashDBValues()
|
||||
_setResultsFile()
|
||||
_setAuthCred()
|
||||
_setAuxOptions()
|
|
@ -32,7 +32,7 @@ from lib.core.settings import NULL
|
|||
from lib.core.unescaper import unescaper
|
||||
from lib.request import inject
|
||||
|
||||
def pivotDumpTable(table, colList, count=None, blind=True):
|
||||
def pivotDumpTable(table, colList, count=None, blind=True, alias=None):
|
||||
lengths = {}
|
||||
entries = {}
|
||||
|
||||
|
@ -89,7 +89,7 @@ def pivotDumpTable(table, colList, count=None, blind=True):
|
|||
if not validPivotValue:
|
||||
for column in colList:
|
||||
infoMsg = "fetching number of distinct "
|
||||
infoMsg += "values for column '%s'" % column
|
||||
infoMsg += "values for column '%s'" % column.replace(("%s." % alias) if alias else "", "")
|
||||
logger.info(infoMsg)
|
||||
|
||||
query = dumpNode.count2 % (column, table)
|
||||
|
@ -100,7 +100,7 @@ def pivotDumpTable(table, colList, count=None, blind=True):
|
|||
validColumnList = True
|
||||
|
||||
if value == count:
|
||||
infoMsg = "using column '%s' as a pivot " % column
|
||||
infoMsg = "using column '%s' as a pivot " % column.replace(("%s." % alias) if alias else "", "")
|
||||
infoMsg += "for retrieving row data"
|
||||
logger.info(infoMsg)
|
||||
|
||||
|
|
|
@ -43,9 +43,8 @@ class Enumeration(GenericEnumeration):
|
|||
logger.info(infoMsg)
|
||||
|
||||
rootQuery = queries[DBMS.MAXDB].dbs
|
||||
randStr = randomStr()
|
||||
query = rootQuery.inband.query
|
||||
retVal = pivotDumpTable("(%s) AS %s" % (query, randStr), ['%s.schemaname' % randStr], blind=True)
|
||||
retVal = pivotDumpTable("(%s) AS %s" % (query, kb.aliasName), ['%s.schemaname' % kb.aliasName], blind=True)
|
||||
|
||||
if retVal:
|
||||
kb.data.cachedDbs = retVal[0].values()[0]
|
||||
|
@ -79,9 +78,8 @@ class Enumeration(GenericEnumeration):
|
|||
rootQuery = queries[DBMS.MAXDB].tables
|
||||
|
||||
for db in dbs:
|
||||
randStr = randomStr()
|
||||
query = rootQuery.inband.query % (("'%s'" % db) if db != "USER" else 'USER')
|
||||
retVal = pivotDumpTable("(%s) AS %s" % (query, randStr), ['%s.tablename' % randStr], blind=True)
|
||||
retVal = pivotDumpTable("(%s) AS %s" % (query, kb.aliasName), ['%s.tablename' % kb.aliasName], blind=True)
|
||||
|
||||
if retVal:
|
||||
for table in retVal[0].values()[0]:
|
||||
|
@ -202,15 +200,14 @@ class Enumeration(GenericEnumeration):
|
|||
infoMsg += "on database '%s'" % unsafeSQLIdentificatorNaming(conf.db)
|
||||
logger.info(infoMsg)
|
||||
|
||||
randStr = randomStr()
|
||||
query = rootQuery.inband.query % (unsafeSQLIdentificatorNaming(tbl), ("'%s'" % unsafeSQLIdentificatorNaming(conf.db)) if unsafeSQLIdentificatorNaming(conf.db) != "USER" else 'USER')
|
||||
retVal = pivotDumpTable("(%s) AS %s" % (query, randStr), ['%s.columnname' % randStr, '%s.datatype' % randStr, '%s.len' % randStr], blind=True)
|
||||
retVal = pivotDumpTable("(%s) AS %s" % (query, kb.aliasName), ['%s.columnname' % kb.aliasName, '%s.datatype' % kb.aliasName, '%s.len' % kb.aliasName], blind=True)
|
||||
|
||||
if retVal:
|
||||
table = {}
|
||||
columns = {}
|
||||
|
||||
for columnname, datatype, length in zip(retVal[0]["%s.columnname" % randStr], retVal[0]["%s.datatype" % randStr], retVal[0]["%s.len" % randStr]):
|
||||
for columnname, datatype, length in zip(retVal[0]["%s.columnname" % kb.aliasName], retVal[0]["%s.datatype" % kb.aliasName], retVal[0]["%s.len" % kb.aliasName]):
|
||||
columns[safeSQLIdentificatorNaming(columnname)] = "%s(%s)" % (datatype, length)
|
||||
|
||||
table[tbl] = columns
|
||||
|
|
|
@ -38,7 +38,6 @@ class Enumeration(GenericEnumeration):
|
|||
|
||||
rootQuery = queries[DBMS.SYBASE].users
|
||||
|
||||
randStr = randomStr()
|
||||
query = rootQuery.inband.query
|
||||
|
||||
if any(isTechniqueAvailable(_) for _ in (PAYLOAD.TECHNIQUE.UNION, PAYLOAD.TECHNIQUE.ERROR, PAYLOAD.TECHNIQUE.QUERY)) or conf.direct:
|
||||
|
@ -47,7 +46,7 @@ class Enumeration(GenericEnumeration):
|
|||
blinds = (True,)
|
||||
|
||||
for blind in blinds:
|
||||
retVal = pivotDumpTable("(%s) AS %s" % (query, randStr), ['%s.name' % randStr], blind=blind)
|
||||
retVal = pivotDumpTable("(%s) AS %s" % (query, kb.aliasName), ['%s.name' % kb.aliasName], blind=blind, alias=kb.aliasName)
|
||||
|
||||
if retVal:
|
||||
kb.data.cachedUsers = retVal[0].values()[0]
|
||||
|
@ -94,7 +93,6 @@ class Enumeration(GenericEnumeration):
|
|||
logger.info(infoMsg)
|
||||
|
||||
rootQuery = queries[DBMS.SYBASE].dbs
|
||||
randStr = randomStr()
|
||||
query = rootQuery.inband.query
|
||||
|
||||
if any(isTechniqueAvailable(_) for _ in (PAYLOAD.TECHNIQUE.UNION, PAYLOAD.TECHNIQUE.ERROR, PAYLOAD.TECHNIQUE.QUERY)) or conf.direct:
|
||||
|
@ -103,7 +101,7 @@ class Enumeration(GenericEnumeration):
|
|||
blinds = [True]
|
||||
|
||||
for blind in blinds:
|
||||
retVal = pivotDumpTable("(%s) AS %s" % (query, randStr), ['%s.name' % randStr], blind=blind)
|
||||
retVal = pivotDumpTable("(%s) AS %s" % (query, kb.aliasName), ['%s.name' % kb.aliasName], blind=blind, alias=kb.aliasName)
|
||||
|
||||
if retVal:
|
||||
kb.data.cachedDbs = retVal[0].values()[0]
|
||||
|
@ -146,9 +144,8 @@ class Enumeration(GenericEnumeration):
|
|||
|
||||
for db in dbs:
|
||||
for blind in blinds:
|
||||
randStr = randomStr()
|
||||
query = rootQuery.inband.query % db
|
||||
retVal = pivotDumpTable("(%s) AS %s" % (query, randStr), ['%s.name' % randStr], blind=blind)
|
||||
retVal = pivotDumpTable("(%s) AS %s" % (query, kb.aliasName), ['%s.name' % kb.aliasName], blind=blind, alias=kb.aliasName)
|
||||
|
||||
if retVal:
|
||||
for table in retVal[0].values()[0]:
|
||||
|
@ -278,15 +275,14 @@ class Enumeration(GenericEnumeration):
|
|||
logger.info(infoMsg)
|
||||
|
||||
for blind in blinds:
|
||||
randStr = randomStr()
|
||||
query = rootQuery.inband.query % (conf.db, conf.db, conf.db, conf.db, conf.db, conf.db, conf.db, unsafeSQLIdentificatorNaming(tbl))
|
||||
retVal = pivotDumpTable("(%s) AS %s" % (query, randStr), ['%s.name' % randStr, '%s.usertype' % randStr], blind=blind)
|
||||
retVal = pivotDumpTable("(%s) AS %s" % (query, kb.aliasName), ['%s.name' % kb.aliasName, '%s.usertype' % kb.aliasName], blind=blind, alias=kb.aliasName)
|
||||
|
||||
if retVal:
|
||||
table = {}
|
||||
columns = {}
|
||||
|
||||
for name, type_ in filterPairValues(zip(retVal[0]["%s.name" % randStr], retVal[0]["%s.usertype" % randStr])):
|
||||
for name, type_ in filterPairValues(zip(retVal[0]["%s.name" % kb.aliasName], retVal[0]["%s.usertype" % kb.aliasName])):
|
||||
columns[name] = SYBASE_TYPES.get(int(type_) if isinstance(type_, basestring) and type_.isdigit() else type_, type_)
|
||||
|
||||
table[safeSQLIdentificatorNaming(tbl)] = columns
|
||||
|
|
|
@ -187,13 +187,12 @@ class Users:
|
|||
query += " OR ".join("%s = '%s'" % (condition, user) for user in sorted(users))
|
||||
|
||||
if Backend.isDbms(DBMS.SYBASE):
|
||||
randStr = randomStr()
|
||||
getCurrentThreadData().disableStdOut = True
|
||||
|
||||
retVal = pivotDumpTable("(%s) AS %s" % (query, randStr), ['%s.name' % randStr, '%s.password' % randStr], blind=False)
|
||||
retVal = pivotDumpTable("(%s) AS %s" % (query, kb.aliasName), ['%s.name' % kb.aliasName, '%s.password' % kb.aliasName], blind=False)
|
||||
|
||||
if retVal:
|
||||
for user, password in filterPairValues(zip(retVal[0]["%s.name" % randStr], retVal[0]["%s.password" % randStr])):
|
||||
for user, password in filterPairValues(zip(retVal[0]["%s.name" % kb.aliasName], retVal[0]["%s.password" % kb.aliasName])):
|
||||
if user not in kb.data.cachedUsersPasswords:
|
||||
kb.data.cachedUsersPasswords[user] = [password]
|
||||
else:
|
||||
|
@ -228,13 +227,12 @@ class Users:
|
|||
if Backend.isDbms(DBMS.SYBASE):
|
||||
getCurrentThreadData().disableStdOut = True
|
||||
|
||||
randStr = randomStr()
|
||||
query = rootQuery.inband.query
|
||||
|
||||
retVal = pivotDumpTable("(%s) AS %s" % (query, randStr), ['%s.name' % randStr, '%s.password' % randStr], blind=True)
|
||||
retVal = pivotDumpTable("(%s) AS %s" % (query, kb.aliasName), ['%s.name' % kb.aliasName, '%s.password' % kb.aliasName], blind=True)
|
||||
|
||||
if retVal:
|
||||
for user, password in filterPairValues(zip(retVal[0]["%s.name" % randStr], retVal[0]["%s.password" % randStr])):
|
||||
for user, password in filterPairValues(zip(retVal[0]["%s.name" % kb.aliasName], retVal[0]["%s.password" % kb.aliasName])):
|
||||
password = "0x%s" % hexencode(password, conf.encoding).upper()
|
||||
|
||||
if user not in kb.data.cachedUsersPasswords:
|
||||
|
|
|
@ -43,17 +43,17 @@ cada93357a7321655927fc9625b3bfec lib/core/exception.py
|
|||
1e5532ede194ac9c083891c2f02bca93 lib/core/__init__.py
|
||||
458a194764805cd8312c14ecd4be4d1e lib/core/log.py
|
||||
7d6edc552e08c30f4f4d49fa93b746f1 lib/core/optiondict.py
|
||||
c59c0bfccf3e906564d82adf1fcd17de lib/core/option.py
|
||||
2f2b2286f82028cf36ace9be3af06bf9 lib/core/option.py
|
||||
c8c386d644d57c659d74542f5f57f632 lib/core/patch.py
|
||||
6783160150b4711d02c56ee2beadffdb lib/core/profiling.py
|
||||
6f654e1715571eff68a0f8af3d62dcf8 lib/core/readlineng.py
|
||||
0c3eef46bdbf87e29a3f95f90240d192 lib/core/replication.py
|
||||
a7db43859b61569b601b97f187dd31c5 lib/core/revision.py
|
||||
fcb74fcc9577523524659ec49e2e964b lib/core/session.py
|
||||
de9fa04f019f5d14db8589e1a61b3064 lib/core/settings.py
|
||||
279a9ae0ba5b11e48fa3e3c7fc0f6173 lib/core/settings.py
|
||||
dd68a9d02fccb4fa1428b20e15b0db5d lib/core/shell.py
|
||||
a7edc9250d13af36ac0108f259859c19 lib/core/subprocessng.py
|
||||
248bd121e0565318e1efaff54aa427bc lib/core/target.py
|
||||
62bc180e3e828949ffb342a8f756c183 lib/core/target.py
|
||||
72d499ca8d792e90a1ebfb2ad2341a51 lib/core/testing.py
|
||||
e896992e4db26605ab1e73615b1f9434 lib/core/threads.py
|
||||
c40758411bb0bd68764d78e0bb72bd0f lib/core/unescaper.py
|
||||
|
@ -112,7 +112,7 @@ f7af65aa47329d021e2b2cc8521b42a4 lib/utils/getch.py
|
|||
d0f4d56c5d6a09a4635035e233d4a782 lib/utils/hash.py
|
||||
011d2dbf589e0faa0deca61a651239cc lib/utils/htmlentities.py
|
||||
1e5532ede194ac9c083891c2f02bca93 lib/utils/__init__.py
|
||||
b0105f091c2e919c3cdb549cb29fd194 lib/utils/pivotdumptable.py
|
||||
527409077a094b63c88f3291138b1c81 lib/utils/pivotdumptable.py
|
||||
683c3bd05b6164f56a57ed495c162684 lib/utils/progress.py
|
||||
0ec5cec9d93d5ffd1eaeda6e942ecadf lib/utils/purge.py
|
||||
2c5a655c8e94cbe2664ee497752ac1f2 lib/utils/search.py
|
||||
|
@ -157,7 +157,7 @@ aa77fec4fe6b2d7ca4a91aebd9ff4e21 plugins/dbms/informix/syntax.py
|
|||
25f0fb28e9defcab48a2e946fbb7550a plugins/dbms/informix/takeover.py
|
||||
1e5532ede194ac9c083891c2f02bca93 plugins/dbms/__init__.py
|
||||
6917f9b045f6188b89e816dea9b46a3f plugins/dbms/maxdb/connector.py
|
||||
f33efaab1695dc9885ebae3f6072fffa plugins/dbms/maxdb/enumeration.py
|
||||
c5728157a49a4a3a98d414f453bb347e plugins/dbms/maxdb/enumeration.py
|
||||
ffd26f64142226d0b1ed1d70f7f294c0 plugins/dbms/maxdb/filesystem.py
|
||||
9f9f1c4c4c3150545c4b61d1cffc76a8 plugins/dbms/maxdb/fingerprint.py
|
||||
4321d7018f5121343460ebfd83bb69be plugins/dbms/maxdb/__init__.py
|
||||
|
@ -199,7 +199,7 @@ f639120d42b33b6ca67930bddbf2ac1f plugins/dbms/sqlite/__init__.py
|
|||
964e59d2eba619b068b0a15cea28efe0 plugins/dbms/sqlite/syntax.py
|
||||
3364b2938d7040c507cd622c323557dc plugins/dbms/sqlite/takeover.py
|
||||
9e64e67291a4c369bad8b8cf2cfa722a plugins/dbms/sybase/connector.py
|
||||
426698152f63504061e5875e64957691 plugins/dbms/sybase/enumeration.py
|
||||
6a675a1eb50121a3290e77f0e83a78b3 plugins/dbms/sybase/enumeration.py
|
||||
74de450dd6d6d006aa9c7eed56e6b09a plugins/dbms/sybase/filesystem.py
|
||||
0329ab09187614bea02398def59695ec plugins/dbms/sybase/fingerprint.py
|
||||
a3db8618eed5bb2807b6f77605cba9cc plugins/dbms/sybase/__init__.py
|
||||
|
@ -217,7 +217,7 @@ f7874230e5661910d5fd21544c7d1022 plugins/generic/misc.py
|
|||
b1d2a7f3170f9b69e71335aa47f9b08b plugins/generic/search.py
|
||||
a70cc0ada4b0cc9e7df23cb6d48a4a0c plugins/generic/syntax.py
|
||||
a37c21cc3fa5c0c220d33d450bf503ed plugins/generic/takeover.py
|
||||
4419b13a4b78d7e9e4a2632302344a1a plugins/generic/users.py
|
||||
4db140069923afbae38fd93e37c00248 plugins/generic/users.py
|
||||
1e5532ede194ac9c083891c2f02bca93 plugins/__init__.py
|
||||
5dc693e22f5d020c5c568d7325bd4226 shell/backdoors/backdoor.asp_
|
||||
158bfa168128393dde8d6ed11fe9a1b8 shell/backdoors/backdoor.aspx_
|
||||
|
|
Loading…
Reference in New Issue
Block a user