mirror of
				https://github.com/sqlmapproject/sqlmap.git
				synced 2025-10-25 13:11:00 +03:00 
			
		
		
		
	update regarding expectingNone in fingerprinting mode to cancel drop down to other techniques available
This commit is contained in:
		
							parent
							
								
									e32fa9df43
								
							
						
					
					
						commit
						e6c66fa37c
					
				|  | @ -97,10 +97,6 @@ def __goInferenceFields(expression, expressionFields, expressionFieldsList, payl | |||
|     return outputs | ||||
| 
 | ||||
| def __goBooleanProxy(expression, resumeValue=True): | ||||
| 
 | ||||
|     pushValue(conf.verbose) | ||||
|     conf.verbose = 0 | ||||
| 
 | ||||
|     vector  = kb.injection.data[kb.technique].vector | ||||
| 
 | ||||
|     kb.pageTemplate = getPageTemplate(kb.injection.data[kb.technique].templatePayload, kb.injection.place) | ||||
|  | @ -118,8 +114,6 @@ def __goBooleanProxy(expression, resumeValue=True): | |||
|     if not output: | ||||
|         output = Request.queryPage(payload) | ||||
| 
 | ||||
|     conf.verbose = popValue() | ||||
| 
 | ||||
|     return output | ||||
| 
 | ||||
| 
 | ||||
|  | @ -404,7 +398,7 @@ def getValue(expression, blind=True, inband=True, error=True, time=True, fromUse | |||
|     (if selected). | ||||
|     """ | ||||
| 
 | ||||
|     if suppressOutput: | ||||
|     if suppressOutput or expected == EXPECTED.BOOL: | ||||
|         pushValue(conf.verbose) | ||||
|         conf.verbose = 0 | ||||
| 
 | ||||
|  | @ -478,7 +472,7 @@ def getValue(expression, blind=True, inband=True, error=True, time=True, fromUse | |||
|             errMsg += "leveraged to retrieve queries output" | ||||
|             raise sqlmapNotVulnerableException, errMsg | ||||
|     finally: | ||||
|         if suppressOutput: | ||||
|         if suppressOutput or expected == EXPECTED.BOOL: | ||||
|             conf.verbose = popValue() | ||||
| 
 | ||||
|     if value and expected == EXPECTED.BOOL: | ||||
|  |  | |||
|  | @ -41,7 +41,7 @@ class Fingerprint(GenericFingerprint): | |||
|             elif kb.dbmsVersion[0] in ("2002-2003", "2007"): | ||||
|                 table = "MSysAccessStorage" | ||||
|             if table: | ||||
|                 result = inject.checkBooleanExpression("EXISTS(SELECT CURDIR() FROM %s)" % table) | ||||
|                 result = inject.checkBooleanExpression("EXISTS(SELECT CURDIR() FROM %s)" % table, expectingNone=True) | ||||
|                 retVal = "not sandboxed" if result else "sandboxed" | ||||
| 
 | ||||
|         return retVal | ||||
|  | @ -68,7 +68,7 @@ class Fingerprint(GenericFingerprint): | |||
|                     negate = True | ||||
|                     table = table[1:] | ||||
|                 randInt = randomInt() | ||||
|                 result = inject.checkBooleanExpression("EXISTS(SELECT * FROM %s WHERE %d=%d)" % (table, randInt, randInt)) | ||||
|                 result = inject.checkBooleanExpression("EXISTS(SELECT * FROM %s WHERE %d=%d)" % (table, randInt, randInt), expectingNone=True) | ||||
|                 if result is None: | ||||
|                     result = False | ||||
|                 if negate: | ||||
|  | @ -89,7 +89,7 @@ class Fingerprint(GenericFingerprint): | |||
| 
 | ||||
|         randInt = randomInt() | ||||
|         randStr = randomStr() | ||||
|         _ = inject.checkBooleanExpression("EXISTS(SELECT * FROM %s.%s WHERE %d=%d)" % (randStr, randStr, randInt, randInt)) | ||||
|         _ = inject.checkBooleanExpression("EXISTS(SELECT * FROM %s.%s WHERE %d=%d)" % (randStr, randStr, randInt, randInt), expectingNone=True) | ||||
| 
 | ||||
|         if wasLastRequestDBMSError(): | ||||
|             match = re.search("Could not find file\s+'([^']+?)'", kb.lastErrorPage[1]) | ||||
|  | @ -153,13 +153,13 @@ class Fingerprint(GenericFingerprint): | |||
|         logMsg = "testing Microsoft Access" | ||||
|         logger.info(logMsg) | ||||
| 
 | ||||
|         result = inject.checkBooleanExpression("VAL(CVAR(1))=1") | ||||
|         result = inject.checkBooleanExpression("VAL(CVAR(1))=1", expectingNone=True) | ||||
| 
 | ||||
|         if result: | ||||
|             logMsg = "confirming Microsoft Access" | ||||
|             logger.info(logMsg) | ||||
| 
 | ||||
|             result = inject.checkBooleanExpression("IIF(ATN(2)>0,1,0) BETWEEN 2 AND 0") | ||||
|             result = inject.checkBooleanExpression("IIF(ATN(2)>0,1,0) BETWEEN 2 AND 0", expectingNone=True) | ||||
| 
 | ||||
|             if not result: | ||||
|                 warnMsg = "the back-end DBMS is not Microsoft Access" | ||||
|  |  | |||
|  | @ -83,7 +83,7 @@ class Fingerprint(GenericFingerprint): | |||
|             version, checks = table[i] | ||||
|             failed = False | ||||
|             check = checks[randomRange(0,len(checks)-1)].replace("%d", getUnicode(randomRange(1,100))) | ||||
|             result = inject.checkBooleanExpression(check) | ||||
|             result = inject.checkBooleanExpression(check, expectingNone=True) | ||||
|             if result: | ||||
|                 retVal = version | ||||
|             else: | ||||
|  | @ -97,7 +97,7 @@ class Fingerprint(GenericFingerprint): | |||
|     def __dialectCheck(self): | ||||
|         retVal = None | ||||
|         if kb.dbms: | ||||
|             result = inject.checkBooleanExpression("EXISTS(SELECT CURRENT_DATE FROM RDB$DATABASE)") | ||||
|             result = inject.checkBooleanExpression("EXISTS(SELECT CURRENT_DATE FROM RDB$DATABASE)", expectingNone=True) | ||||
|             retVal = "dialect 3" if result else "dialect 1" | ||||
|         return retVal | ||||
| 
 | ||||
|  | @ -114,13 +114,13 @@ class Fingerprint(GenericFingerprint): | |||
|         logger.info(logMsg) | ||||
| 
 | ||||
|         randInt = randomInt() | ||||
|         result = inject.checkBooleanExpression("EXISTS(SELECT * FROM RDB$DATABASE WHERE %d=%d)" % (randInt, randInt)) | ||||
|         result = inject.checkBooleanExpression("EXISTS(SELECT * FROM RDB$DATABASE WHERE %d=%d)" % (randInt, randInt), expectingNone=True) | ||||
| 
 | ||||
|         if result: | ||||
|             logMsg = "confirming Firebird" | ||||
|             logger.info(logMsg) | ||||
| 
 | ||||
|             result = inject.checkBooleanExpression("EXISTS(SELECT CURRENT_USER FROM RDB$DATABASE)") | ||||
|             result = inject.checkBooleanExpression("EXISTS(SELECT CURRENT_USER FROM RDB$DATABASE)", expectingNone=True) | ||||
| 
 | ||||
|             if not result: | ||||
|                 warnMsg = "the back-end DBMS is not Firebird" | ||||
|  |  | |||
|  | @ -112,13 +112,13 @@ class Fingerprint(GenericFingerprint): | |||
|         logger.info(logMsg) | ||||
| 
 | ||||
|         randInt = randomInt() | ||||
|         result = inject.checkBooleanExpression("NOROUND(%d)=%d" % (randInt, randInt)) | ||||
|         result = inject.checkBooleanExpression("NOROUND(%d)=%d" % (randInt, randInt), expectingNone=True) | ||||
| 
 | ||||
|         if result: | ||||
|             logMsg = "confirming SAP MaxDB" | ||||
|             logger.info(logMsg) | ||||
| 
 | ||||
|             result = inject.checkBooleanExpression("MAPCHAR(NULL,1,DEFAULTMAP) IS NULL") | ||||
|             result = inject.checkBooleanExpression("MAPCHAR(NULL,1,DEFAULTMAP) IS NULL", expectingNone=True) | ||||
| 
 | ||||
|             if not result: | ||||
|                 warnMsg = "the back-end DBMS is not SAP MaxDB" | ||||
|  |  | |||
|  | @ -92,7 +92,7 @@ class Fingerprint(GenericFingerprint): | |||
|             result = True | ||||
|         else: | ||||
|             randInt = randomInt() | ||||
|             result = inject.checkBooleanExpression("BINARY_CHECKSUM(%d)=BINARY_CHECKSUM(%d)" % (randInt, randInt)) | ||||
|             result = inject.checkBooleanExpression("BINARY_CHECKSUM(%d)=BINARY_CHECKSUM(%d)" % (randInt, randInt), expectingNone=True) | ||||
| 
 | ||||
|         if result: | ||||
|             infoMsg = "confirming Microsoft SQL Server" | ||||
|  |  | |||
|  | @ -163,13 +163,13 @@ class Fingerprint(GenericFingerprint): | |||
|         logger.info(infoMsg) | ||||
| 
 | ||||
|         randInt = getUnicode(randomInt(1)) | ||||
|         result = inject.checkBooleanExpression("CONNECTION_ID()=CONNECTION_ID()") | ||||
|         result = inject.checkBooleanExpression("CONNECTION_ID()=CONNECTION_ID()", expectingNone=True) | ||||
| 
 | ||||
|         if result: | ||||
|             infoMsg = "confirming MySQL" | ||||
|             logger.info(infoMsg) | ||||
| 
 | ||||
|             result = inject.checkBooleanExpression("ISNULL(1/0)" if kb.injection.place != PLACE.URI else "ISNULL(1 DIV 0)") | ||||
|             result = inject.checkBooleanExpression("ISNULL(1/0)" if kb.injection.place != PLACE.URI else "ISNULL(1 DIV 0)", expectingNone=True) | ||||
| 
 | ||||
|             if not result: | ||||
|                 warnMsg = "the back-end DBMS is not MySQL" | ||||
|  | @ -178,7 +178,7 @@ class Fingerprint(GenericFingerprint): | |||
|                 return False | ||||
| 
 | ||||
|             # Determine if it is MySQL >= 5.0.0 | ||||
|             if inject.checkBooleanExpression("%s=(SELECT %s FROM information_schema.TABLES LIMIT 0, 1)" % (randInt, randInt)): | ||||
|             if inject.checkBooleanExpression("%s=(SELECT %s FROM information_schema.TABLES LIMIT 0, 1)" % (randInt, randInt), expectingNone=True): | ||||
|                 kb.data.has_information_schema = True | ||||
|                 kb.dbmsVersion = [">= 5.0.0"] | ||||
| 
 | ||||
|  | @ -190,28 +190,28 @@ class Fingerprint(GenericFingerprint): | |||
|                     return True | ||||
| 
 | ||||
|                 # Check if it is MySQL >= 5.5.0 | ||||
|                 if inject.checkBooleanExpression("TO_SECONDS(950501)>0"): | ||||
|                 if inject.checkBooleanExpression("TO_SECONDS(950501)>0", expectingNone=True): | ||||
|                     kb.dbmsVersion = [">= 5.5.0"] | ||||
| 
 | ||||
|                 # Check if it is MySQL >= 5.1.2 and < 5.5.0 | ||||
|                 elif inject.checkBooleanExpression("@@table_open_cache=@@table_open_cache"): | ||||
|                     if inject.checkBooleanExpression("%s=(SELECT %s FROM information_schema.GLOBAL_STATUS LIMIT 0, 1)" % (randInt, randInt)): | ||||
|                 elif inject.checkBooleanExpression("@@table_open_cache=@@table_open_cache", expectingNone=True): | ||||
|                     if inject.checkBooleanExpression("%s=(SELECT %s FROM information_schema.GLOBAL_STATUS LIMIT 0, 1)" % (randInt, randInt), expectingNone=True): | ||||
|                         kb.dbmsVersion = [">= 5.1.12", "< 5.5.0"] | ||||
|                     elif inject.checkBooleanExpression("%s=(SELECT %s FROM information_schema.PROCESSLIST LIMIT 0, 1)" % (randInt,randInt)): | ||||
|                     elif inject.checkBooleanExpression("%s=(SELECT %s FROM information_schema.PROCESSLIST LIMIT 0, 1)" % (randInt,randInt), expectingNone=True): | ||||
|                         kb.dbmsVersion = [">= 5.1.7", "< 5.1.12"] | ||||
|                     elif inject.checkBooleanExpression("%s=(SELECT %s FROM information_schema.PARTITIONS LIMIT 0, 1)" % (randInt, randInt)): | ||||
|                     elif inject.checkBooleanExpression("%s=(SELECT %s FROM information_schema.PARTITIONS LIMIT 0, 1)" % (randInt, randInt), expectingNone=True): | ||||
|                         kb.dbmsVersion = ["= 5.1.6"] | ||||
|                     elif inject.checkBooleanExpression("%s=(SELECT %s FROM information_schema.PLUGINS LIMIT 0, 1)" % (randInt, randInt)): | ||||
|                     elif inject.checkBooleanExpression("%s=(SELECT %s FROM information_schema.PLUGINS LIMIT 0, 1)" % (randInt, randInt), expectingNone=True): | ||||
|                         kb.dbmsVersion = [">= 5.1.5", "< 5.1.6"] | ||||
|                     else: | ||||
|                         kb.dbmsVersion = [">= 5.1.2", "< 5.1.5"] | ||||
| 
 | ||||
|                 # Check if it is MySQL >= 5.0.0 and < 5.1.2 | ||||
|                 elif inject.checkBooleanExpression("@@hostname=@@hostname"): | ||||
|                 elif inject.checkBooleanExpression("@@hostname=@@hostname", expectingNone=True): | ||||
|                     kb.dbmsVersion = [">= 5.0.38", "< 5.1.2"] | ||||
|                 elif inject.checkBooleanExpression("%s=(SELECT %s FROM DUAL)" % (randInt, randInt)): | ||||
|                 elif inject.checkBooleanExpression("%s=(SELECT %s FROM DUAL)" % (randInt, randInt), expectingNone=True): | ||||
|                     kb.dbmsVersion = [">= 5.0.11", "< 5.0.38"] | ||||
|                 elif inject.checkBooleanExpression("DATABASE() LIKE SCHEMA()"): | ||||
|                 elif inject.checkBooleanExpression("DATABASE() LIKE SCHEMA()", expectingNone=True): | ||||
|                     kb.dbmsVersion = [">= 5.0.2", "< 5.0.11"] | ||||
|                 else: | ||||
|                     kb.dbmsVersion = [">= 5.0.0", "<= 5.0.1"] | ||||
|  | @ -228,22 +228,22 @@ class Fingerprint(GenericFingerprint): | |||
|                     return True | ||||
| 
 | ||||
|                 # Check which version of MySQL < 5.0.0 it is | ||||
|                 if inject.checkBooleanExpression("3=(SELECT COERCIBILITY(USER()))"): | ||||
|                 if inject.checkBooleanExpression("3=(SELECT COERCIBILITY(USER()))", expectingNone=True): | ||||
|                     kb.dbmsVersion = [">= 4.1.11", "< 5.0.0"] | ||||
|                 elif inject.checkBooleanExpression("2=(SELECT COERCIBILITY(USER()))"): | ||||
|                 elif inject.checkBooleanExpression("2=(SELECT COERCIBILITY(USER()))", expectingNone=True): | ||||
|                     kb.dbmsVersion = [">= 4.1.1", "< 4.1.11"] | ||||
|                 elif inject.checkBooleanExpression("CURRENT_USER()=CURRENT_USER()"): | ||||
|                 elif inject.checkBooleanExpression("CURRENT_USER()=CURRENT_USER()", expectingNone=True): | ||||
|                     kb.dbmsVersion = [">= 4.0.6", "< 4.1.1"] | ||||
| 
 | ||||
|                     if inject.checkBooleanExpression("(SELECT CHARSET(CURRENT_USER()))='utf8'"): | ||||
|                     if inject.checkBooleanExpression("(SELECT CHARSET(CURRENT_USER()))='utf8'", expectingNone=True): | ||||
|                         kb.dbmsVersion = ["= 4.1.0"] | ||||
|                     else: | ||||
|                         kb.dbmsVersion = [">= 4.0.6", "< 4.1.0"] | ||||
|                 elif inject.checkBooleanExpression("0=(SELECT FOUND_ROWS()"): | ||||
|                 elif inject.checkBooleanExpression("0=(SELECT FOUND_ROWS()", expectingNone=True): | ||||
|                     kb.dbmsVersion = [">= 4.0.0", "< 4.0.6"] | ||||
|                 elif inject.checkBooleanExpression("CONNECTION_ID()=CONNECTION_ID()"): | ||||
|                 elif inject.checkBooleanExpression("CONNECTION_ID()=CONNECTION_ID()", expectingNone=True): | ||||
|                     kb.dbmsVersion = [">= 3.23.14", "< 4.0.0"] | ||||
|                 elif inject.checkBooleanExpression("USER()=USER()"): | ||||
|                 elif inject.checkBooleanExpression("USER()=USER()", expectingNone=True): | ||||
|                     kb.dbmsVersion = [">= 3.22.11", "< 3.23.14"] | ||||
|                 else: | ||||
|                     kb.dbmsVersion = ["< 3.22.11"] | ||||
|  |  | |||
|  | @ -80,7 +80,7 @@ class Fingerprint(GenericFingerprint): | |||
|         if conf.direct: | ||||
|             result = True | ||||
|         else: | ||||
|             result = inject.checkBooleanExpression("ROWNUM=ROWNUM") | ||||
|             result = inject.checkBooleanExpression("ROWNUM=ROWNUM", expectingNone=True) | ||||
| 
 | ||||
|         if result: | ||||
|             logMsg = "confirming Oracle" | ||||
|  | @ -91,7 +91,7 @@ class Fingerprint(GenericFingerprint): | |||
|             if conf.direct: | ||||
|                 result = True | ||||
|             else: | ||||
|                 result = inject.checkBooleanExpression("LENGTH(SYSDATE)=LENGTH(SYSDATE)") | ||||
|                 result = inject.checkBooleanExpression("LENGTH(SYSDATE)=LENGTH(SYSDATE)", expectingNone=True) | ||||
| 
 | ||||
|             if not result: | ||||
|                 warnMsg = "the back-end DBMS is not Oracle" | ||||
|  |  | |||
|  | @ -86,13 +86,13 @@ class Fingerprint(GenericFingerprint): | |||
| 
 | ||||
|         randInt = getUnicode(randomInt(1)) | ||||
| 
 | ||||
|         result = inject.checkBooleanExpression("%s::int=%s" % (randInt, randInt)) | ||||
|         result = inject.checkBooleanExpression("%s::int=%s" % (randInt, randInt), expectingNone=True) | ||||
| 
 | ||||
|         if result: | ||||
|             infoMsg = "confirming PostgreSQL" | ||||
|             logger.info(infoMsg) | ||||
| 
 | ||||
|             result = inject.checkBooleanExpression("COALESCE(%s, NULL)=%s" % (randInt, randInt)) | ||||
|             result = inject.checkBooleanExpression("COALESCE(%s, NULL)=%s" % (randInt, randInt), expectingNone=True) | ||||
| 
 | ||||
|             if not result: | ||||
|                 warnMsg = "the back-end DBMS is not PostgreSQL" | ||||
|  |  | |||
|  | @ -80,13 +80,13 @@ class Fingerprint(GenericFingerprint): | |||
|         logMsg = "testing SQLite" | ||||
|         logger.info(logMsg) | ||||
| 
 | ||||
|         result = inject.checkBooleanExpression("LAST_INSERT_ROWID()=LAST_INSERT_ROWID()") | ||||
|         result = inject.checkBooleanExpression("LAST_INSERT_ROWID()=LAST_INSERT_ROWID()", expectingNone=True) | ||||
| 
 | ||||
|         if result: | ||||
|             logMsg = "confirming SQLite" | ||||
|             logger.info(logMsg) | ||||
| 
 | ||||
|             result = inject.checkBooleanExpression("SQLITE_VERSION()=SQLITE_VERSION()") | ||||
|             result = inject.checkBooleanExpression("SQLITE_VERSION()=SQLITE_VERSION()", expectingNone=True) | ||||
| 
 | ||||
|             if not result: | ||||
|                 warnMsg = "the back-end DBMS is not SQLite" | ||||
|  | @ -94,7 +94,7 @@ class Fingerprint(GenericFingerprint): | |||
| 
 | ||||
|                 return False | ||||
|             else: | ||||
|                 result = inject.checkBooleanExpression("RANDOMBLOB(-1)>0") | ||||
|                 result = inject.checkBooleanExpression("RANDOMBLOB(-1)>0", expectingNone=True) | ||||
|                 kb.dbmsVersion = [ '3' if result else '2' ] | ||||
| 
 | ||||
|             setDbms(DBMS.SQLITE) | ||||
|  |  | |||
|  | @ -81,13 +81,13 @@ class Fingerprint(GenericFingerprint): | |||
|         if conf.direct: | ||||
|             result = True | ||||
|         else: | ||||
|             result = inject.checkBooleanExpression("tempdb_id()=tempdb_id()") | ||||
|             result = inject.checkBooleanExpression("tempdb_id()=tempdb_id()", expectingNone=True) | ||||
| 
 | ||||
|         if result: | ||||
|             logMsg = "confirming Sybase" | ||||
|             logger.info(logMsg) | ||||
| 
 | ||||
|             result = inject.checkBooleanExpression("suser_id()=suser_id()") | ||||
|             result = inject.checkBooleanExpression("suser_id()=suser_id()", expectingNone=True) | ||||
| 
 | ||||
|             if not result: | ||||
|                 warnMsg = "the back-end DBMS is not Sybase" | ||||
|  | @ -103,7 +103,7 @@ class Fingerprint(GenericFingerprint): | |||
|                 return True | ||||
| 
 | ||||
|             for version in range(12, 16): | ||||
|                 result = inject.checkBooleanExpression("@@VERSION_NUMBER/1000=%d" % version) | ||||
|                 result = inject.checkBooleanExpression("@@VERSION_NUMBER/1000=%d" % version, expectingNone=True) | ||||
|                 if result: | ||||
|                     kb.dbmsVersion = ["%d" % version] | ||||
|                     break | ||||
|  |  | |||
		Loading…
	
		Reference in New Issue
	
	Block a user