mirror of
https://github.com/sqlmapproject/sqlmap.git
synced 2024-12-01 14:03:52 +03:00
upgrade/fixes for direct DBMS access
This commit is contained in:
parent
af71e3c563
commit
f7bf1fbe94
|
@ -84,6 +84,7 @@ from lib.core.settings import UNICODE_ENCODING
|
||||||
from lib.core.settings import DBMS_DICT
|
from lib.core.settings import DBMS_DICT
|
||||||
from lib.core.settings import DESCRIPTION
|
from lib.core.settings import DESCRIPTION
|
||||||
from lib.core.settings import DUMMY_SQL_INJECTION_CHARS
|
from lib.core.settings import DUMMY_SQL_INJECTION_CHARS
|
||||||
|
from lib.core.settings import NULL
|
||||||
from lib.core.settings import IS_WIN
|
from lib.core.settings import IS_WIN
|
||||||
from lib.core.settings import PLATFORM
|
from lib.core.settings import PLATFORM
|
||||||
from lib.core.settings import PYVERSION
|
from lib.core.settings import PYVERSION
|
||||||
|
@ -1088,9 +1089,9 @@ def parsePasswordHash(password):
|
||||||
blank = " " * 8
|
blank = " " * 8
|
||||||
|
|
||||||
if not password or password == " ":
|
if not password or password == " ":
|
||||||
password = "NULL"
|
password = NULL
|
||||||
|
|
||||||
if Backend.isDbms(DBMS.MSSQL) and password != "NULL" and isHexEncodedString(password):
|
if Backend.isDbms(DBMS.MSSQL) and password != NULL and isHexEncodedString(password):
|
||||||
hexPassword = password
|
hexPassword = password
|
||||||
password = "%s\n" % hexPassword
|
password = "%s\n" % hexPassword
|
||||||
password += "%sheader: %s\n" % (blank, hexPassword[:6])
|
password += "%sheader: %s\n" % (blank, hexPassword[:6])
|
||||||
|
@ -2047,7 +2048,7 @@ def getPartRun():
|
||||||
# Return the INI tag to consider for common outputs (e.g. 'Databases')
|
# Return the INI tag to consider for common outputs (e.g. 'Databases')
|
||||||
return commonPartsDict[retVal][1] if isinstance(commonPartsDict.get(retVal), tuple) else retVal
|
return commonPartsDict[retVal][1] if isinstance(commonPartsDict.get(retVal), tuple) else retVal
|
||||||
|
|
||||||
def getUnicode(value, encoding=None, system=False):
|
def getUnicode(value, encoding=None, system=False, noneToNull=False):
|
||||||
"""
|
"""
|
||||||
Return the unicode representation of the supplied value:
|
Return the unicode representation of the supplied value:
|
||||||
|
|
||||||
|
@ -2059,6 +2060,13 @@ def getUnicode(value, encoding=None, system=False):
|
||||||
u'1'
|
u'1'
|
||||||
"""
|
"""
|
||||||
|
|
||||||
|
if noneToNull and value is None:
|
||||||
|
return NULL
|
||||||
|
|
||||||
|
if isinstance(value, (list, tuple)):
|
||||||
|
value = list(getUnicode(_, encoding, system, noneToNull) for _ in value)
|
||||||
|
return value
|
||||||
|
|
||||||
if not system:
|
if not system:
|
||||||
if isinstance(value, unicode):
|
if isinstance(value, unicode):
|
||||||
return value
|
return value
|
||||||
|
@ -2917,7 +2925,7 @@ def isNullValue(value):
|
||||||
Returns whether the value contains explicit 'NULL' value
|
Returns whether the value contains explicit 'NULL' value
|
||||||
"""
|
"""
|
||||||
|
|
||||||
return isinstance(value, basestring) and value.upper() == "NULL"
|
return isinstance(value, basestring) and value.upper() == NULL
|
||||||
|
|
||||||
def expandMnemonics(mnemonics, parser, args):
|
def expandMnemonics(mnemonics, parser, args):
|
||||||
"""
|
"""
|
||||||
|
|
|
@ -29,6 +29,7 @@ from lib.core.enums import DBMS
|
||||||
from lib.core.exception import sqlmapValueException
|
from lib.core.exception import sqlmapValueException
|
||||||
from lib.core.replication import Replication
|
from lib.core.replication import Replication
|
||||||
from lib.core.settings import BUFFERED_LOG_SIZE
|
from lib.core.settings import BUFFERED_LOG_SIZE
|
||||||
|
from lib.core.settings import NULL
|
||||||
from lib.core.settings import TRIM_STDOUT_DUMP_SIZE
|
from lib.core.settings import TRIM_STDOUT_DUMP_SIZE
|
||||||
from lib.core.settings import UNICODE_ENCODING
|
from lib.core.settings import UNICODE_ENCODING
|
||||||
|
|
||||||
|
@ -455,7 +456,7 @@ class Dump:
|
||||||
value = getUnicode(info["values"][i])
|
value = getUnicode(info["values"][i])
|
||||||
|
|
||||||
if re.search("^[\ *]*$", value):
|
if re.search("^[\ *]*$", value):
|
||||||
value = "NULL"
|
value = NULL
|
||||||
|
|
||||||
values.append(value)
|
values.append(value)
|
||||||
maxlength = int(info["length"])
|
maxlength = int(info["length"])
|
||||||
|
|
|
@ -86,6 +86,7 @@ from lib.core.settings import DEFAULT_PAGE_ENCODING
|
||||||
from lib.core.settings import DEFAULT_TOR_HTTP_PORTS
|
from lib.core.settings import DEFAULT_TOR_HTTP_PORTS
|
||||||
from lib.core.settings import DEFAULT_TOR_SOCKS_PORT
|
from lib.core.settings import DEFAULT_TOR_SOCKS_PORT
|
||||||
from lib.core.settings import IS_WIN
|
from lib.core.settings import IS_WIN
|
||||||
|
from lib.core.settings import NULL
|
||||||
from lib.core.settings import PLATFORM
|
from lib.core.settings import PLATFORM
|
||||||
from lib.core.settings import PYVERSION
|
from lib.core.settings import PYVERSION
|
||||||
from lib.core.settings import SITE
|
from lib.core.settings import SITE
|
||||||
|
@ -1474,7 +1475,7 @@ def __setKnowledgeBaseAttributes(flushAll=True):
|
||||||
kb.testQueryCount = 0
|
kb.testQueryCount = 0
|
||||||
kb.threadContinue = True
|
kb.threadContinue = True
|
||||||
kb.threadException = False
|
kb.threadException = False
|
||||||
kb.uChar = "NULL"
|
kb.uChar = NULL
|
||||||
kb.xpCmdshellAvailable = False
|
kb.xpCmdshellAvailable = False
|
||||||
|
|
||||||
kb.chars = AttribDict()
|
kb.chars = AttribDict()
|
||||||
|
|
|
@ -239,6 +239,9 @@ SQL_STATEMENTS = {
|
||||||
"rollback ", ),
|
"rollback ", ),
|
||||||
}
|
}
|
||||||
|
|
||||||
|
# string representation for NULL value
|
||||||
|
NULL = "NULL"
|
||||||
|
|
||||||
# Regular expressions used for parsing error messages (--parse-errors)
|
# Regular expressions used for parsing error messages (--parse-errors)
|
||||||
ERROR_PARSING_REGEXES = (
|
ERROR_PARSING_REGEXES = (
|
||||||
r"<b>[^<]*(fatal|error|warning|exception)[^<]*</b>:?\s*(?P<result>.+?)<br\s*/?\s*>",
|
r"<b>[^<]*(fatal|error|warning|exception)[^<]*</b>:?\s*(?P<result>.+?)<br\s*/?\s*>",
|
||||||
|
|
|
@ -65,19 +65,17 @@ def direct(query, content=True):
|
||||||
if not output:
|
if not output:
|
||||||
return output
|
return output
|
||||||
elif content:
|
elif content:
|
||||||
if conf.hostname not in kb.resumedQueries or ( conf.hostname in kb.resumedQueries and query not in kb.resumedQueries[conf.hostname] ):
|
#if conf.hostname not in kb.resumedQueries or ( conf.hostname in kb.resumedQueries and query not in kb.resumedQueries[conf.hostname] ):
|
||||||
dataToSessionFile("[%s][%s][%s][%s][%s]\n" % (conf.hostname, kb.injection.place, conf.parameters[kb.injection.place], query, base64pickle(output)))
|
#dataToSessionFile("[%s][%s][%s][%s][%s]\n" % (conf.hostname, kb.injection.place, conf.parameters[kb.injection.place], query, base64pickle(output)))
|
||||||
|
|
||||||
if len(output) == 1:
|
if output and isinstance(output, (list, tuple)):
|
||||||
if len(output[0]) == 1:
|
if len(output[0]) == 1:
|
||||||
out = list(output)[0][0]
|
if len(output) > 1:
|
||||||
if isinstance(out, str):
|
output = map(lambda _: _[0], output)
|
||||||
out = utf8decode(out)
|
else:
|
||||||
return getUnicode(out, UNICODE_ENCODING)
|
output = output[0][0]
|
||||||
else:
|
|
||||||
return list(output)
|
return getUnicode(output, noneToNull=True)
|
||||||
else:
|
|
||||||
return output
|
|
||||||
else:
|
else:
|
||||||
for line in output:
|
for line in output:
|
||||||
if line[0] in (1, -1):
|
if line[0] in (1, -1):
|
||||||
|
|
|
@ -78,8 +78,6 @@ class Enumeration(GenericEnumeration):
|
||||||
rootQuery = queries[Backend.getIdentifiedDbms()].tables
|
rootQuery = queries[Backend.getIdentifiedDbms()].tables
|
||||||
|
|
||||||
for db in dbs:
|
for db in dbs:
|
||||||
db = unArrayizeValue(db)
|
|
||||||
|
|
||||||
randStr = randomStr()
|
randStr = randomStr()
|
||||||
query = rootQuery.inband.query % (("'%s'" % db) if db != "USER" else 'USER')
|
query = rootQuery.inband.query % (("'%s'" % db) if db != "USER" else 'USER')
|
||||||
retVal = self.__pivotDumpTable("(%s) AS %s" % (query, randStr), ['%s.tablename' % randStr], blind=True)
|
retVal = self.__pivotDumpTable("(%s) AS %s" % (query, randStr), ['%s.tablename' % randStr], blind=True)
|
||||||
|
|
|
@ -89,8 +89,6 @@ class Enumeration(GenericEnumeration):
|
||||||
|
|
||||||
if any(isTechniqueAvailable(_) for _ in (PAYLOAD.TECHNIQUE.UNION, PAYLOAD.TECHNIQUE.ERROR)) or conf.direct:
|
if any(isTechniqueAvailable(_) for _ in (PAYLOAD.TECHNIQUE.UNION, PAYLOAD.TECHNIQUE.ERROR)) or conf.direct:
|
||||||
for db in dbs:
|
for db in dbs:
|
||||||
db = unArrayizeValue(db)
|
|
||||||
|
|
||||||
if conf.excludeSysDbs and db in self.excludeDbsList:
|
if conf.excludeSysDbs and db in self.excludeDbsList:
|
||||||
infoMsg = "skipping system database '%s'" % db
|
infoMsg = "skipping system database '%s'" % db
|
||||||
logger.info(infoMsg)
|
logger.info(infoMsg)
|
||||||
|
@ -172,9 +170,6 @@ class Enumeration(GenericEnumeration):
|
||||||
enumDbs = kb.data.cachedDbs
|
enumDbs = kb.data.cachedDbs
|
||||||
|
|
||||||
for db in enumDbs:
|
for db in enumDbs:
|
||||||
if isinstance(db, list):
|
|
||||||
db = db[0]
|
|
||||||
|
|
||||||
db = safeSQLIdentificatorNaming(db)
|
db = safeSQLIdentificatorNaming(db)
|
||||||
foundTbls[db] = []
|
foundTbls[db] = []
|
||||||
|
|
||||||
|
|
|
@ -139,8 +139,6 @@ class Enumeration(GenericEnumeration):
|
||||||
rootQuery = queries[Backend.getIdentifiedDbms()].tables
|
rootQuery = queries[Backend.getIdentifiedDbms()].tables
|
||||||
|
|
||||||
for db in dbs:
|
for db in dbs:
|
||||||
db = unArrayizeValue(db)
|
|
||||||
|
|
||||||
for blind in blinds:
|
for blind in blinds:
|
||||||
randStr = randomStr()
|
randStr = randomStr()
|
||||||
query = rootQuery.inband.query % db
|
query = rootQuery.inband.query % db
|
||||||
|
|
|
@ -897,7 +897,7 @@ class Enumeration:
|
||||||
value = map(lambda x: (dbs[0], x), value)
|
value = map(lambda x: (dbs[0], x), value)
|
||||||
|
|
||||||
for db, table in filterPairValues(value):
|
for db, table in filterPairValues(value):
|
||||||
db = safeSQLIdentificatorNaming(unArrayizeValue(db))
|
db = safeSQLIdentificatorNaming(db)
|
||||||
table = safeSQLIdentificatorNaming(table, True)
|
table = safeSQLIdentificatorNaming(table, True)
|
||||||
|
|
||||||
if not kb.data.cachedTables.has_key(db):
|
if not kb.data.cachedTables.has_key(db):
|
||||||
|
@ -1654,6 +1654,10 @@ class Enumeration:
|
||||||
else:
|
else:
|
||||||
colEntry = entry[index] if index < len(entry) else u''
|
colEntry = entry[index] if index < len(entry) else u''
|
||||||
|
|
||||||
|
if colEntry is None:
|
||||||
|
import pdb
|
||||||
|
pdb.set_trace()
|
||||||
|
|
||||||
colEntryLen = len(getUnicode(colEntry))
|
colEntryLen = len(getUnicode(colEntry))
|
||||||
maxLen = max(colLen, colEntryLen)
|
maxLen = max(colLen, colEntryLen)
|
||||||
|
|
||||||
|
|
Loading…
Reference in New Issue
Block a user