sqlmapproject/sqlmap
1
1
Fork 0
mirror of https://github.com/sqlmapproject/sqlmap.git synced 2025-01-24 00:04:23 +03:00
Code Issues Packages Projects Releases Wiki Activity

update regarding expectingNone in fingerprinting mode to cancel drop down to other techniques available

Browse Source
This commit is contained in:
Miroslav Stampar 2010-12-11 17:55:28 +00:00
parent e32fa9df43
commit e6c66fa37c
10 changed files with 43 additions and 49 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

10
lib/request/inject.py
View File

@ -97,10 +97,6 @@ def __goInferenceFields(expression, expressionFields, expressionFieldsList, payl
return outputs
def __goBooleanProxy(expression, resumeValue=True):
pushValue(conf.verbose)
conf.verbose = 0
vector = kb.injection.data[kb.technique].vector
kb.pageTemplate = getPageTemplate(kb.injection.data[kb.technique].templatePayload, kb.injection.place)
@ -118,8 +114,6 @@ def __goBooleanProxy(expression, resumeValue=True):
if not output:
output = Request.queryPage(payload)
conf.verbose = popValue()
return output
@ -404,7 +398,7 @@ def getValue(expression, blind=True, inband=True, error=True, time=True, fromUse
(if selected).
"""
if suppressOutput:
if suppressOutput or expected == EXPECTED.BOOL:
pushValue(conf.verbose)
conf.verbose = 0
@ -478,7 +472,7 @@ def getValue(expression, blind=True, inband=True, error=True, time=True, fromUse
errMsg += "leveraged to retrieve queries output"
raise sqlmapNotVulnerableException, errMsg
finally:
if suppressOutput:
if suppressOutput or expected == EXPECTED.BOOL:
conf.verbose = popValue()
if value and expected == EXPECTED.BOOL:

10
plugins/dbms/access/fingerprint.py
View File

@ -41,7 +41,7 @@ class Fingerprint(GenericFingerprint):
elif kb.dbmsVersion[0] in ("2002-2003", "2007"):
table = "MSysAccessStorage"
if table:
result = inject.checkBooleanExpression("EXISTS(SELECT CURDIR() FROM %s)" % table)
result = inject.checkBooleanExpression("EXISTS(SELECT CURDIR() FROM %s)" % table, expectingNone=True)
retVal = "not sandboxed" if result else "sandboxed"
return retVal
@ -68,7 +68,7 @@ class Fingerprint(GenericFingerprint):
negate = True
table = table[1:]
randInt = randomInt()
result = inject.checkBooleanExpression("EXISTS(SELECT * FROM %s WHERE %d=%d)" % (table, randInt, randInt))
result = inject.checkBooleanExpression("EXISTS(SELECT * FROM %s WHERE %d=%d)" % (table, randInt, randInt), expectingNone=True)
if result is None:
result = False
if negate:
@ -89,7 +89,7 @@ class Fingerprint(GenericFingerprint):
randInt = randomInt()
randStr = randomStr()
_ = inject.checkBooleanExpression("EXISTS(SELECT * FROM %s.%s WHERE %d=%d)" % (randStr, randStr, randInt, randInt))
_ = inject.checkBooleanExpression("EXISTS(SELECT * FROM %s.%s WHERE %d=%d)" % (randStr, randStr, randInt, randInt), expectingNone=True)
if wasLastRequestDBMSError():
match = re.search("Could not find file\s+'([^']+?)'", kb.lastErrorPage[1])
@ -153,13 +153,13 @@ class Fingerprint(GenericFingerprint):
logMsg = "testing Microsoft Access"
logger.info(logMsg)
result = inject.checkBooleanExpression("VAL(CVAR(1))=1")
result = inject.checkBooleanExpression("VAL(CVAR(1))=1", expectingNone=True)
if result:
logMsg = "confirming Microsoft Access"
logger.info(logMsg)
result = inject.checkBooleanExpression("IIF(ATN(2)>0,1,0) BETWEEN 2 AND 0")
result = inject.checkBooleanExpression("IIF(ATN(2)>0,1,0) BETWEEN 2 AND 0", expectingNone=True)
if not result:
warnMsg = "the back-end DBMS is not Microsoft Access"

8
plugins/dbms/firebird/fingerprint.py
View File

@ -83,7 +83,7 @@ class Fingerprint(GenericFingerprint):
version, checks = table[i]
failed = False
check = checks[randomRange(0,len(checks)-1)].replace("%d", getUnicode(randomRange(1,100)))
result = inject.checkBooleanExpression(check)
result = inject.checkBooleanExpression(check, expectingNone=True)
if result:
retVal = version
else:
@ -97,7 +97,7 @@ class Fingerprint(GenericFingerprint):
def __dialectCheck(self):
retVal = None
if kb.dbms:
result = inject.checkBooleanExpression("EXISTS(SELECT CURRENT_DATE FROM RDB$DATABASE)")
result = inject.checkBooleanExpression("EXISTS(SELECT CURRENT_DATE FROM RDB$DATABASE)", expectingNone=True)
retVal = "dialect 3" if result else "dialect 1"
return retVal
@ -114,13 +114,13 @@ class Fingerprint(GenericFingerprint):
logger.info(logMsg)
randInt = randomInt()
result = inject.checkBooleanExpression("EXISTS(SELECT * FROM RDB$DATABASE WHERE %d=%d)" % (randInt, randInt))
result = inject.checkBooleanExpression("EXISTS(SELECT * FROM RDB$DATABASE WHERE %d=%d)" % (randInt, randInt), expectingNone=True)
if result:
logMsg = "confirming Firebird"
logger.info(logMsg)
result = inject.checkBooleanExpression("EXISTS(SELECT CURRENT_USER FROM RDB$DATABASE)")
result = inject.checkBooleanExpression("EXISTS(SELECT CURRENT_USER FROM RDB$DATABASE)", expectingNone=True)
if not result:
warnMsg = "the back-end DBMS is not Firebird"

4
plugins/dbms/maxdb/fingerprint.py
View File

@ -112,13 +112,13 @@ class Fingerprint(GenericFingerprint):
logger.info(logMsg)
randInt = randomInt()
result = inject.checkBooleanExpression("NOROUND(%d)=%d" % (randInt, randInt))
result = inject.checkBooleanExpression("NOROUND(%d)=%d" % (randInt, randInt), expectingNone=True)
if result:
logMsg = "confirming SAP MaxDB"
logger.info(logMsg)
result = inject.checkBooleanExpression("MAPCHAR(NULL,1,DEFAULTMAP) IS NULL")
result = inject.checkBooleanExpression("MAPCHAR(NULL,1,DEFAULTMAP) IS NULL", expectingNone=True)
if not result:
warnMsg = "the back-end DBMS is not SAP MaxDB"

2
plugins/dbms/mssqlserver/fingerprint.py
View File

@ -92,7 +92,7 @@ class Fingerprint(GenericFingerprint):
result = True
else:
randInt = randomInt()
result = inject.checkBooleanExpression("BINARY_CHECKSUM(%d)=BINARY_CHECKSUM(%d)" % (randInt, randInt))
result = inject.checkBooleanExpression("BINARY_CHECKSUM(%d)=BINARY_CHECKSUM(%d)" % (randInt, randInt), expectingNone=True)
if result:
infoMsg = "confirming Microsoft SQL Server"

38
plugins/dbms/mysql/fingerprint.py
View File

@ -163,13 +163,13 @@ class Fingerprint(GenericFingerprint):
logger.info(infoMsg)
randInt = getUnicode(randomInt(1))
result = inject.checkBooleanExpression("CONNECTION_ID()=CONNECTION_ID()")
result = inject.checkBooleanExpression("CONNECTION_ID()=CONNECTION_ID()", expectingNone=True)
if result:
infoMsg = "confirming MySQL"
logger.info(infoMsg)
result = inject.checkBooleanExpression("ISNULL(1/0)" if kb.injection.place != PLACE.URI else "ISNULL(1 DIV 0)")
result = inject.checkBooleanExpression("ISNULL(1/0)" if kb.injection.place != PLACE.URI else "ISNULL(1 DIV 0)", expectingNone=True)
if not result:
warnMsg = "the back-end DBMS is not MySQL"
@ -178,7 +178,7 @@ class Fingerprint(GenericFingerprint):
return False
# Determine if it is MySQL >= 5.0.0
if inject.checkBooleanExpression("%s=(SELECT %s FROM information_schema.TABLES LIMIT 0, 1)" % (randInt, randInt)):
if inject.checkBooleanExpression("%s=(SELECT %s FROM information_schema.TABLES LIMIT 0, 1)" % (randInt, randInt), expectingNone=True):
kb.data.has_information_schema = True
kb.dbmsVersion = [">= 5.0.0"]
@ -190,28 +190,28 @@ class Fingerprint(GenericFingerprint):
return True
# Check if it is MySQL >= 5.5.0
if inject.checkBooleanExpression("TO_SECONDS(950501)>0"):
if inject.checkBooleanExpression("TO_SECONDS(950501)>0", expectingNone=True):
kb.dbmsVersion = [">= 5.5.0"]
# Check if it is MySQL >= 5.1.2 and < 5.5.0
elif inject.checkBooleanExpression("@@table_open_cache=@@table_open_cache"):
if inject.checkBooleanExpression("%s=(SELECT %s FROM information_schema.GLOBAL_STATUS LIMIT 0, 1)" % (randInt, randInt)):
elif inject.checkBooleanExpression("@@table_open_cache=@@table_open_cache", expectingNone=True):
if inject.checkBooleanExpression("%s=(SELECT %s FROM information_schema.GLOBAL_STATUS LIMIT 0, 1)" % (randInt, randInt), expectingNone=True):
kb.dbmsVersion = [">= 5.1.12", "< 5.5.0"]
elif inject.checkBooleanExpression("%s=(SELECT %s FROM information_schema.PROCESSLIST LIMIT 0, 1)" % (randInt,randInt)):
elif inject.checkBooleanExpression("%s=(SELECT %s FROM information_schema.PROCESSLIST LIMIT 0, 1)" % (randInt,randInt), expectingNone=True):
kb.dbmsVersion = [">= 5.1.7", "< 5.1.12"]
elif inject.checkBooleanExpression("%s=(SELECT %s FROM information_schema.PARTITIONS LIMIT 0, 1)" % (randInt, randInt)):
elif inject.checkBooleanExpression("%s=(SELECT %s FROM information_schema.PARTITIONS LIMIT 0, 1)" % (randInt, randInt), expectingNone=True):
kb.dbmsVersion = ["= 5.1.6"]
elif inject.checkBooleanExpression("%s=(SELECT %s FROM information_schema.PLUGINS LIMIT 0, 1)" % (randInt, randInt)):
elif inject.checkBooleanExpression("%s=(SELECT %s FROM information_schema.PLUGINS LIMIT 0, 1)" % (randInt, randInt), expectingNone=True):
kb.dbmsVersion = [">= 5.1.5", "< 5.1.6"]
else:
kb.dbmsVersion = [">= 5.1.2", "< 5.1.5"]
# Check if it is MySQL >= 5.0.0 and < 5.1.2
elif inject.checkBooleanExpression("@@hostname=@@hostname"):
elif inject.checkBooleanExpression("@@hostname=@@hostname", expectingNone=True):
kb.dbmsVersion = [">= 5.0.38", "< 5.1.2"]
elif inject.checkBooleanExpression("%s=(SELECT %s FROM DUAL)" % (randInt, randInt)):
elif inject.checkBooleanExpression("%s=(SELECT %s FROM DUAL)" % (randInt, randInt), expectingNone=True):
kb.dbmsVersion = [">= 5.0.11", "< 5.0.38"]
elif inject.checkBooleanExpression("DATABASE() LIKE SCHEMA()"):
elif inject.checkBooleanExpression("DATABASE() LIKE SCHEMA()", expectingNone=True):
kb.dbmsVersion = [">= 5.0.2", "< 5.0.11"]
else:
kb.dbmsVersion = [">= 5.0.0", "<= 5.0.1"]
@ -228,22 +228,22 @@ class Fingerprint(GenericFingerprint):
return True
# Check which version of MySQL < 5.0.0 it is
if inject.checkBooleanExpression("3=(SELECT COERCIBILITY(USER()))"):
if inject.checkBooleanExpression("3=(SELECT COERCIBILITY(USER()))", expectingNone=True):
kb.dbmsVersion = [">= 4.1.11", "< 5.0.0"]
elif inject.checkBooleanExpression("2=(SELECT COERCIBILITY(USER()))"):
elif inject.checkBooleanExpression("2=(SELECT COERCIBILITY(USER()))", expectingNone=True):
kb.dbmsVersion = [">= 4.1.1", "< 4.1.11"]
elif inject.checkBooleanExpression("CURRENT_USER()=CURRENT_USER()"):
elif inject.checkBooleanExpression("CURRENT_USER()=CURRENT_USER()", expectingNone=True):
kb.dbmsVersion = [">= 4.0.6", "< 4.1.1"]
if inject.checkBooleanExpression("(SELECT CHARSET(CURRENT_USER()))='utf8'"):
if inject.checkBooleanExpression("(SELECT CHARSET(CURRENT_USER()))='utf8'", expectingNone=True):
kb.dbmsVersion = ["= 4.1.0"]
else:
kb.dbmsVersion = [">= 4.0.6", "< 4.1.0"]
elif inject.checkBooleanExpression("0=(SELECT FOUND_ROWS()"):
elif inject.checkBooleanExpression("0=(SELECT FOUND_ROWS()", expectingNone=True):
kb.dbmsVersion = [">= 4.0.0", "< 4.0.6"]
elif inject.checkBooleanExpression("CONNECTION_ID()=CONNECTION_ID()"):
elif inject.checkBooleanExpression("CONNECTION_ID()=CONNECTION_ID()", expectingNone=True):
kb.dbmsVersion = [">= 3.23.14", "< 4.0.0"]
elif inject.checkBooleanExpression("USER()=USER()"):
elif inject.checkBooleanExpression("USER()=USER()", expectingNone=True):
kb.dbmsVersion = [">= 3.22.11", "< 3.23.14"]
else:
kb.dbmsVersion = ["< 3.22.11"]

4
plugins/dbms/oracle/fingerprint.py
View File

@ -80,7 +80,7 @@ class Fingerprint(GenericFingerprint):
if conf.direct:
result = True
else:
result = inject.checkBooleanExpression("ROWNUM=ROWNUM")
result = inject.checkBooleanExpression("ROWNUM=ROWNUM", expectingNone=True)
if result:
logMsg = "confirming Oracle"
@ -91,7 +91,7 @@ class Fingerprint(GenericFingerprint):
if conf.direct:
result = True
else:
result = inject.checkBooleanExpression("LENGTH(SYSDATE)=LENGTH(SYSDATE)")
result = inject.checkBooleanExpression("LENGTH(SYSDATE)=LENGTH(SYSDATE)", expectingNone=True)
if not result:
warnMsg = "the back-end DBMS is not Oracle"

4
plugins/dbms/postgresql/fingerprint.py
View File

@ -86,13 +86,13 @@ class Fingerprint(GenericFingerprint):
randInt = getUnicode(randomInt(1))
result = inject.checkBooleanExpression("%s::int=%s" % (randInt, randInt))
result = inject.checkBooleanExpression("%s::int=%s" % (randInt, randInt), expectingNone=True)
if result:
infoMsg = "confirming PostgreSQL"
logger.info(infoMsg)
result = inject.checkBooleanExpression("COALESCE(%s, NULL)=%s" % (randInt, randInt))
result = inject.checkBooleanExpression("COALESCE(%s, NULL)=%s" % (randInt, randInt), expectingNone=True)
if not result:
warnMsg = "the back-end DBMS is not PostgreSQL"

6
plugins/dbms/sqlite/fingerprint.py
View File

@ -80,13 +80,13 @@ class Fingerprint(GenericFingerprint):
logMsg = "testing SQLite"
logger.info(logMsg)
result = inject.checkBooleanExpression("LAST_INSERT_ROWID()=LAST_INSERT_ROWID()")
result = inject.checkBooleanExpression("LAST_INSERT_ROWID()=LAST_INSERT_ROWID()", expectingNone=True)
if result:
logMsg = "confirming SQLite"
logger.info(logMsg)
result = inject.checkBooleanExpression("SQLITE_VERSION()=SQLITE_VERSION()")
result = inject.checkBooleanExpression("SQLITE_VERSION()=SQLITE_VERSION()", expectingNone=True)
if not result:
warnMsg = "the back-end DBMS is not SQLite"
@ -94,7 +94,7 @@ class Fingerprint(GenericFingerprint):
return False
else:
result = inject.checkBooleanExpression("RANDOMBLOB(-1)>0")
result = inject.checkBooleanExpression("RANDOMBLOB(-1)>0", expectingNone=True)
kb.dbmsVersion = [ '3' if result else '2' ]
setDbms(DBMS.SQLITE)

6
plugins/dbms/sybase/fingerprint.py
View File

@ -81,13 +81,13 @@ class Fingerprint(GenericFingerprint):
if conf.direct:
result = True
else:
result = inject.checkBooleanExpression("tempdb_id()=tempdb_id()")
result = inject.checkBooleanExpression("tempdb_id()=tempdb_id()", expectingNone=True)
if result:
logMsg = "confirming Sybase"
logger.info(logMsg)
result = inject.checkBooleanExpression("suser_id()=suser_id()")
result = inject.checkBooleanExpression("suser_id()=suser_id()", expectingNone=True)
if not result:
warnMsg = "the back-end DBMS is not Sybase"
@ -103,7 +103,7 @@ class Fingerprint(GenericFingerprint):
return True
for version in range(12, 16):
result = inject.checkBooleanExpression("@@VERSION_NUMBER/1000=%d" % version)
result = inject.checkBooleanExpression("@@VERSION_NUMBER/1000=%d" % version, expectingNone=True)
if result:
kb.dbmsVersion = ["%d" % version]
break