sqlmapproject/sqlmap
1
1
Fork 0
mirror of https://github.com/sqlmapproject/sqlmap.git synced 2025-02-03 13:14:13 +03:00
Code Issues Packages Projects Releases Wiki Activity

update regarding expectingNone in fingerprinting mode to cancel drop down to other techniques available

Browse Source
This commit is contained in:
Miroslav Stampar 2010-12-11 17:55:28 +00:00
parent e32fa9df43
commit e6c66fa37c
10 changed files with 43 additions and 49 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

10
lib/request/inject.py
View File

@ -97,10 +97,6 @@ def __goInferenceFields(expression, expressionFields, expressionFieldsList, payl
return outputs return outputs
def __goBooleanProxy(expression, resumeValue=True): def __goBooleanProxy(expression, resumeValue=True):
pushValue(conf.verbose)
conf.verbose = 0
vector = kb.injection.data[kb.technique].vector vector = kb.injection.data[kb.technique].vector
kb.pageTemplate = getPageTemplate(kb.injection.data[kb.technique].templatePayload, kb.injection.place) kb.pageTemplate = getPageTemplate(kb.injection.data[kb.technique].templatePayload, kb.injection.place)
@ -118,8 +114,6 @@ def __goBooleanProxy(expression, resumeValue=True):
if not output: if not output:
output = Request.queryPage(payload) output = Request.queryPage(payload)
conf.verbose = popValue()
return output return output
@ -404,7 +398,7 @@ def getValue(expression, blind=True, inband=True, error=True, time=True, fromUse
(if selected). (if selected).
""" """
if suppressOutput: if suppressOutput or expected == EXPECTED.BOOL:
pushValue(conf.verbose) pushValue(conf.verbose)
conf.verbose = 0 conf.verbose = 0
@ -478,7 +472,7 @@ def getValue(expression, blind=True, inband=True, error=True, time=True, fromUse
errMsg += "leveraged to retrieve queries output" errMsg += "leveraged to retrieve queries output"
raise sqlmapNotVulnerableException, errMsg raise sqlmapNotVulnerableException, errMsg
finally: finally:
if suppressOutput: if suppressOutput or expected == EXPECTED.BOOL:
conf.verbose = popValue() conf.verbose = popValue()
if value and expected == EXPECTED.BOOL: if value and expected == EXPECTED.BOOL:

10
plugins/dbms/access/fingerprint.py
View File

@ -41,7 +41,7 @@ class Fingerprint(GenericFingerprint):
elif kb.dbmsVersion[0] in ("2002-2003", "2007"): elif kb.dbmsVersion[0] in ("2002-2003", "2007"):
table = "MSysAccessStorage" table = "MSysAccessStorage"
if table: if table:
result = inject.checkBooleanExpression("EXISTS(SELECT CURDIR() FROM %s)" % table) result = inject.checkBooleanExpression("EXISTS(SELECT CURDIR() FROM %s)" % table, expectingNone=True)
retVal = "not sandboxed" if result else "sandboxed" retVal = "not sandboxed" if result else "sandboxed"
return retVal return retVal
@ -68,7 +68,7 @@ class Fingerprint(GenericFingerprint):
negate = True negate = True
table = table[1:] table = table[1:]
randInt = randomInt() randInt = randomInt()
result = inject.checkBooleanExpression("EXISTS(SELECT * FROM %s WHERE %d=%d)" % (table, randInt, randInt)) result = inject.checkBooleanExpression("EXISTS(SELECT * FROM %s WHERE %d=%d)" % (table, randInt, randInt), expectingNone=True)
if result is None: if result is None:
result = False result = False
if negate: if negate:
@ -89,7 +89,7 @@ class Fingerprint(GenericFingerprint):
randInt = randomInt() randInt = randomInt()
randStr = randomStr() randStr = randomStr()
_ = inject.checkBooleanExpression("EXISTS(SELECT * FROM %s.%s WHERE %d=%d)" % (randStr, randStr, randInt, randInt)) _ = inject.checkBooleanExpression("EXISTS(SELECT * FROM %s.%s WHERE %d=%d)" % (randStr, randStr, randInt, randInt), expectingNone=True)
if wasLastRequestDBMSError(): if wasLastRequestDBMSError():
match = re.search("Could not find file\s+'([^']+?)'", kb.lastErrorPage[1]) match = re.search("Could not find file\s+'([^']+?)'", kb.lastErrorPage[1])
@ -153,13 +153,13 @@ class Fingerprint(GenericFingerprint):
logMsg = "testing Microsoft Access" logMsg = "testing Microsoft Access"
logger.info(logMsg) logger.info(logMsg)
result = inject.checkBooleanExpression("VAL(CVAR(1))=1") result = inject.checkBooleanExpression("VAL(CVAR(1))=1", expectingNone=True)
if result: if result:
logMsg = "confirming Microsoft Access" logMsg = "confirming Microsoft Access"
logger.info(logMsg) logger.info(logMsg)
result = inject.checkBooleanExpression("IIF(ATN(2)>0,1,0) BETWEEN 2 AND 0") result = inject.checkBooleanExpression("IIF(ATN(2)>0,1,0) BETWEEN 2 AND 0", expectingNone=True)
if not result: if not result:
warnMsg = "the back-end DBMS is not Microsoft Access" warnMsg = "the back-end DBMS is not Microsoft Access"

8
plugins/dbms/firebird/fingerprint.py
View File

@ -83,7 +83,7 @@ class Fingerprint(GenericFingerprint):
version, checks = table[i] version, checks = table[i]
failed = False failed = False
check = checks[randomRange(0,len(checks)-1)].replace("%d", getUnicode(randomRange(1,100))) check = checks[randomRange(0,len(checks)-1)].replace("%d", getUnicode(randomRange(1,100)))
result = inject.checkBooleanExpression(check) result = inject.checkBooleanExpression(check, expectingNone=True)
if result: if result:
retVal = version retVal = version
else: else:
@ -97,7 +97,7 @@ class Fingerprint(GenericFingerprint):
def __dialectCheck(self): def __dialectCheck(self):
retVal = None retVal = None
if kb.dbms: if kb.dbms:
result = inject.checkBooleanExpression("EXISTS(SELECT CURRENT_DATE FROM RDB$DATABASE)") result = inject.checkBooleanExpression("EXISTS(SELECT CURRENT_DATE FROM RDB$DATABASE)", expectingNone=True)
retVal = "dialect 3" if result else "dialect 1" retVal = "dialect 3" if result else "dialect 1"
return retVal return retVal
@ -114,13 +114,13 @@ class Fingerprint(GenericFingerprint):
logger.info(logMsg) logger.info(logMsg)
randInt = randomInt() randInt = randomInt()
result = inject.checkBooleanExpression("EXISTS(SELECT * FROM RDB$DATABASE WHERE %d=%d)" % (randInt, randInt)) result = inject.checkBooleanExpression("EXISTS(SELECT * FROM RDB$DATABASE WHERE %d=%d)" % (randInt, randInt), expectingNone=True)
if result: if result:
logMsg = "confirming Firebird" logMsg = "confirming Firebird"
logger.info(logMsg) logger.info(logMsg)
result = inject.checkBooleanExpression("EXISTS(SELECT CURRENT_USER FROM RDB$DATABASE)") result = inject.checkBooleanExpression("EXISTS(SELECT CURRENT_USER FROM RDB$DATABASE)", expectingNone=True)
if not result: if not result:
warnMsg = "the back-end DBMS is not Firebird" warnMsg = "the back-end DBMS is not Firebird"

4
plugins/dbms/maxdb/fingerprint.py
View File

@ -112,13 +112,13 @@ class Fingerprint(GenericFingerprint):
logger.info(logMsg) logger.info(logMsg)
randInt = randomInt() randInt = randomInt()
result = inject.checkBooleanExpression("NOROUND(%d)=%d" % (randInt, randInt)) result = inject.checkBooleanExpression("NOROUND(%d)=%d" % (randInt, randInt), expectingNone=True)
if result: if result:
logMsg = "confirming SAP MaxDB" logMsg = "confirming SAP MaxDB"
logger.info(logMsg) logger.info(logMsg)
result = inject.checkBooleanExpression("MAPCHAR(NULL,1,DEFAULTMAP) IS NULL") result = inject.checkBooleanExpression("MAPCHAR(NULL,1,DEFAULTMAP) IS NULL", expectingNone=True)
if not result: if not result:
warnMsg = "the back-end DBMS is not SAP MaxDB" warnMsg = "the back-end DBMS is not SAP MaxDB"

2
plugins/dbms/mssqlserver/fingerprint.py
View File

@ -92,7 +92,7 @@ class Fingerprint(GenericFingerprint):
result = True result = True
else: else:
randInt = randomInt() randInt = randomInt()
result = inject.checkBooleanExpression("BINARY_CHECKSUM(%d)=BINARY_CHECKSUM(%d)" % (randInt, randInt)) result = inject.checkBooleanExpression("BINARY_CHECKSUM(%d)=BINARY_CHECKSUM(%d)" % (randInt, randInt), expectingNone=True)
if result: if result:
infoMsg = "confirming Microsoft SQL Server" infoMsg = "confirming Microsoft SQL Server"

38
plugins/dbms/mysql/fingerprint.py
View File

@ -163,13 +163,13 @@ class Fingerprint(GenericFingerprint):
logger.info(infoMsg) logger.info(infoMsg)
randInt = getUnicode(randomInt(1)) randInt = getUnicode(randomInt(1))
result = inject.checkBooleanExpression("CONNECTION_ID()=CONNECTION_ID()") result = inject.checkBooleanExpression("CONNECTION_ID()=CONNECTION_ID()", expectingNone=True)
if result: if result:
infoMsg = "confirming MySQL" infoMsg = "confirming MySQL"
logger.info(infoMsg) logger.info(infoMsg)
result = inject.checkBooleanExpression("ISNULL(1/0)" if kb.injection.place != PLACE.URI else "ISNULL(1 DIV 0)") result = inject.checkBooleanExpression("ISNULL(1/0)" if kb.injection.place != PLACE.URI else "ISNULL(1 DIV 0)", expectingNone=True)
if not result: if not result:
warnMsg = "the back-end DBMS is not MySQL" warnMsg = "the back-end DBMS is not MySQL"
@ -178,7 +178,7 @@ class Fingerprint(GenericFingerprint):
return False return False
# Determine if it is MySQL >= 5.0.0 # Determine if it is MySQL >= 5.0.0
if inject.checkBooleanExpression("%s=(SELECT %s FROM information_schema.TABLES LIMIT 0, 1)" % (randInt, randInt)): if inject.checkBooleanExpression("%s=(SELECT %s FROM information_schema.TABLES LIMIT 0, 1)" % (randInt, randInt), expectingNone=True):
kb.data.has_information_schema = True kb.data.has_information_schema = True
kb.dbmsVersion = [">= 5.0.0"] kb.dbmsVersion = [">= 5.0.0"]
@ -190,28 +190,28 @@ class Fingerprint(GenericFingerprint):
return True return True
# Check if it is MySQL >= 5.5.0 # Check if it is MySQL >= 5.5.0
if inject.checkBooleanExpression("TO_SECONDS(950501)>0"): if inject.checkBooleanExpression("TO_SECONDS(950501)>0", expectingNone=True):
kb.dbmsVersion = [">= 5.5.0"] kb.dbmsVersion = [">= 5.5.0"]
# Check if it is MySQL >= 5.1.2 and < 5.5.0 # Check if it is MySQL >= 5.1.2 and < 5.5.0
elif inject.checkBooleanExpression("@@table_open_cache=@@table_open_cache"): elif inject.checkBooleanExpression("@@table_open_cache=@@table_open_cache", expectingNone=True):
if inject.checkBooleanExpression("%s=(SELECT %s FROM information_schema.GLOBAL_STATUS LIMIT 0, 1)" % (randInt, randInt)): if inject.checkBooleanExpression("%s=(SELECT %s FROM information_schema.GLOBAL_STATUS LIMIT 0, 1)" % (randInt, randInt), expectingNone=True):
kb.dbmsVersion = [">= 5.1.12", "< 5.5.0"] kb.dbmsVersion = [">= 5.1.12", "< 5.5.0"]
elif inject.checkBooleanExpression("%s=(SELECT %s FROM information_schema.PROCESSLIST LIMIT 0, 1)" % (randInt,randInt)): elif inject.checkBooleanExpression("%s=(SELECT %s FROM information_schema.PROCESSLIST LIMIT 0, 1)" % (randInt,randInt), expectingNone=True):
kb.dbmsVersion = [">= 5.1.7", "< 5.1.12"] kb.dbmsVersion = [">= 5.1.7", "< 5.1.12"]
elif inject.checkBooleanExpression("%s=(SELECT %s FROM information_schema.PARTITIONS LIMIT 0, 1)" % (randInt, randInt)): elif inject.checkBooleanExpression("%s=(SELECT %s FROM information_schema.PARTITIONS LIMIT 0, 1)" % (randInt, randInt), expectingNone=True):
kb.dbmsVersion = ["= 5.1.6"] kb.dbmsVersion = ["= 5.1.6"]
elif inject.checkBooleanExpression("%s=(SELECT %s FROM information_schema.PLUGINS LIMIT 0, 1)" % (randInt, randInt)): elif inject.checkBooleanExpression("%s=(SELECT %s FROM information_schema.PLUGINS LIMIT 0, 1)" % (randInt, randInt), expectingNone=True):
kb.dbmsVersion = [">= 5.1.5", "< 5.1.6"] kb.dbmsVersion = [">= 5.1.5", "< 5.1.6"]
else: else:
kb.dbmsVersion = [">= 5.1.2", "< 5.1.5"] kb.dbmsVersion = [">= 5.1.2", "< 5.1.5"]
# Check if it is MySQL >= 5.0.0 and < 5.1.2 # Check if it is MySQL >= 5.0.0 and < 5.1.2
elif inject.checkBooleanExpression("@@hostname=@@hostname"): elif inject.checkBooleanExpression("@@hostname=@@hostname", expectingNone=True):
kb.dbmsVersion = [">= 5.0.38", "< 5.1.2"] kb.dbmsVersion = [">= 5.0.38", "< 5.1.2"]
elif inject.checkBooleanExpression("%s=(SELECT %s FROM DUAL)" % (randInt, randInt)): elif inject.checkBooleanExpression("%s=(SELECT %s FROM DUAL)" % (randInt, randInt), expectingNone=True):
kb.dbmsVersion = [">= 5.0.11", "< 5.0.38"] kb.dbmsVersion = [">= 5.0.11", "< 5.0.38"]
elif inject.checkBooleanExpression("DATABASE() LIKE SCHEMA()"): elif inject.checkBooleanExpression("DATABASE() LIKE SCHEMA()", expectingNone=True):
kb.dbmsVersion = [">= 5.0.2", "< 5.0.11"] kb.dbmsVersion = [">= 5.0.2", "< 5.0.11"]
else: else:
kb.dbmsVersion = [">= 5.0.0", "<= 5.0.1"] kb.dbmsVersion = [">= 5.0.0", "<= 5.0.1"]
@ -228,22 +228,22 @@ class Fingerprint(GenericFingerprint):
return True return True
# Check which version of MySQL < 5.0.0 it is # Check which version of MySQL < 5.0.0 it is
if inject.checkBooleanExpression("3=(SELECT COERCIBILITY(USER()))"): if inject.checkBooleanExpression("3=(SELECT COERCIBILITY(USER()))", expectingNone=True):
kb.dbmsVersion = [">= 4.1.11", "< 5.0.0"] kb.dbmsVersion = [">= 4.1.11", "< 5.0.0"]
elif inject.checkBooleanExpression("2=(SELECT COERCIBILITY(USER()))"): elif inject.checkBooleanExpression("2=(SELECT COERCIBILITY(USER()))", expectingNone=True):
kb.dbmsVersion = [">= 4.1.1", "< 4.1.11"] kb.dbmsVersion = [">= 4.1.1", "< 4.1.11"]
elif inject.checkBooleanExpression("CURRENT_USER()=CURRENT_USER()"): elif inject.checkBooleanExpression("CURRENT_USER()=CURRENT_USER()", expectingNone=True):
kb.dbmsVersion = [">= 4.0.6", "< 4.1.1"] kb.dbmsVersion = [">= 4.0.6", "< 4.1.1"]
if inject.checkBooleanExpression("(SELECT CHARSET(CURRENT_USER()))='utf8'"): if inject.checkBooleanExpression("(SELECT CHARSET(CURRENT_USER()))='utf8'", expectingNone=True):
kb.dbmsVersion = ["= 4.1.0"] kb.dbmsVersion = ["= 4.1.0"]
else: else:
kb.dbmsVersion = [">= 4.0.6", "< 4.1.0"] kb.dbmsVersion = [">= 4.0.6", "< 4.1.0"]
elif inject.checkBooleanExpression("0=(SELECT FOUND_ROWS()"): elif inject.checkBooleanExpression("0=(SELECT FOUND_ROWS()", expectingNone=True):
kb.dbmsVersion = [">= 4.0.0", "< 4.0.6"] kb.dbmsVersion = [">= 4.0.0", "< 4.0.6"]
elif inject.checkBooleanExpression("CONNECTION_ID()=CONNECTION_ID()"): elif inject.checkBooleanExpression("CONNECTION_ID()=CONNECTION_ID()", expectingNone=True):
kb.dbmsVersion = [">= 3.23.14", "< 4.0.0"] kb.dbmsVersion = [">= 3.23.14", "< 4.0.0"]
elif inject.checkBooleanExpression("USER()=USER()"): elif inject.checkBooleanExpression("USER()=USER()", expectingNone=True):
kb.dbmsVersion = [">= 3.22.11", "< 3.23.14"] kb.dbmsVersion = [">= 3.22.11", "< 3.23.14"]
else: else:
kb.dbmsVersion = ["< 3.22.11"] kb.dbmsVersion = ["< 3.22.11"]

4
plugins/dbms/oracle/fingerprint.py
View File

@ -80,7 +80,7 @@ class Fingerprint(GenericFingerprint):
if conf.direct: if conf.direct:
result = True result = True
else: else:
result = inject.checkBooleanExpression("ROWNUM=ROWNUM") result = inject.checkBooleanExpression("ROWNUM=ROWNUM", expectingNone=True)
if result: if result:
logMsg = "confirming Oracle" logMsg = "confirming Oracle"
@ -91,7 +91,7 @@ class Fingerprint(GenericFingerprint):
if conf.direct: if conf.direct:
result = True result = True
else: else:
result = inject.checkBooleanExpression("LENGTH(SYSDATE)=LENGTH(SYSDATE)") result = inject.checkBooleanExpression("LENGTH(SYSDATE)=LENGTH(SYSDATE)", expectingNone=True)
if not result: if not result:
warnMsg = "the back-end DBMS is not Oracle" warnMsg = "the back-end DBMS is not Oracle"

4
plugins/dbms/postgresql/fingerprint.py
View File

@ -86,13 +86,13 @@ class Fingerprint(GenericFingerprint):
randInt = getUnicode(randomInt(1)) randInt = getUnicode(randomInt(1))
result = inject.checkBooleanExpression("%s::int=%s" % (randInt, randInt)) result = inject.checkBooleanExpression("%s::int=%s" % (randInt, randInt), expectingNone=True)
if result: if result:
infoMsg = "confirming PostgreSQL" infoMsg = "confirming PostgreSQL"
logger.info(infoMsg) logger.info(infoMsg)
result = inject.checkBooleanExpression("COALESCE(%s, NULL)=%s" % (randInt, randInt)) result = inject.checkBooleanExpression("COALESCE(%s, NULL)=%s" % (randInt, randInt), expectingNone=True)
if not result: if not result:
warnMsg = "the back-end DBMS is not PostgreSQL" warnMsg = "the back-end DBMS is not PostgreSQL"

6
plugins/dbms/sqlite/fingerprint.py
View File

@ -80,13 +80,13 @@ class Fingerprint(GenericFingerprint):
logMsg = "testing SQLite" logMsg = "testing SQLite"
logger.info(logMsg) logger.info(logMsg)
result = inject.checkBooleanExpression("LAST_INSERT_ROWID()=LAST_INSERT_ROWID()") result = inject.checkBooleanExpression("LAST_INSERT_ROWID()=LAST_INSERT_ROWID()", expectingNone=True)
if result: if result:
logMsg = "confirming SQLite" logMsg = "confirming SQLite"
logger.info(logMsg) logger.info(logMsg)
result = inject.checkBooleanExpression("SQLITE_VERSION()=SQLITE_VERSION()") result = inject.checkBooleanExpression("SQLITE_VERSION()=SQLITE_VERSION()", expectingNone=True)
if not result: if not result:
warnMsg = "the back-end DBMS is not SQLite" warnMsg = "the back-end DBMS is not SQLite"
@ -94,7 +94,7 @@ class Fingerprint(GenericFingerprint):
return False return False
else: else:
result = inject.checkBooleanExpression("RANDOMBLOB(-1)>0") result = inject.checkBooleanExpression("RANDOMBLOB(-1)>0", expectingNone=True)
kb.dbmsVersion = [ '3' if result else '2' ] kb.dbmsVersion = [ '3' if result else '2' ]
setDbms(DBMS.SQLITE) setDbms(DBMS.SQLITE)

6
plugins/dbms/sybase/fingerprint.py
View File

@ -81,13 +81,13 @@ class Fingerprint(GenericFingerprint):
if conf.direct: if conf.direct:
result = True result = True
else: else:
result = inject.checkBooleanExpression("tempdb_id()=tempdb_id()") result = inject.checkBooleanExpression("tempdb_id()=tempdb_id()", expectingNone=True)
if result: if result:
logMsg = "confirming Sybase" logMsg = "confirming Sybase"
logger.info(logMsg) logger.info(logMsg)
result = inject.checkBooleanExpression("suser_id()=suser_id()") result = inject.checkBooleanExpression("suser_id()=suser_id()", expectingNone=True)
if not result: if not result:
warnMsg = "the back-end DBMS is not Sybase" warnMsg = "the back-end DBMS is not Sybase"
@ -103,7 +103,7 @@ class Fingerprint(GenericFingerprint):
return True return True
for version in range(12, 16): for version in range(12, 16):
result = inject.checkBooleanExpression("@@VERSION_NUMBER/1000=%d" % version) result = inject.checkBooleanExpression("@@VERSION_NUMBER/1000=%d" % version, expectingNone=True)
if result: if result:
kb.dbmsVersion = ["%d" % version] kb.dbmsVersion = ["%d" % version]
break break