coollyy little commits

This commit is contained in:
Miroslav Stampar 2010-12-10 11:32:46 +00:00
parent d71e51e765
commit fe2039f5ba
4 changed files with 21 additions and 16 deletions

View File

@ -12,6 +12,7 @@ import re
from xml.etree import ElementTree as ET
from lib.core.common import getCompiledRegex
from lib.core.common import isDBMSVersionAtLeast
from lib.core.common import randomInt
from lib.core.common import randomStr
from lib.core.convert import urlencode
@ -214,7 +215,14 @@ class Agent:
if "[INFERENCE]" in payload:
if kb.dbms is not None:
inferenceQuery = queries[kb.dbms].inference.query
inference = queries[kb.dbms].inference
if "dbms_version" in inference:
if isDBMSVersionAtLeast(inference.dbms_version):
inferenceQuery = inference.query
else:
inferenceQuery = inference.query2
else:
inferenceQuery = inference.query
payload = payload.replace("[INFERENCE]", inferenceQuery)
elif kb.misc.testedDbms is not None:
inferenceQuery = queries[kb.misc.testedDbms].inference.query

View File

@ -46,9 +46,9 @@ DUMP_TAB_MARKER = "__TAB__"
DUMP_START_MARKER = "__START__"
DUMP_STOP_MARKER = "__STOP__"
PAYLOAD_DELIMITER = "\x00"
MIN_TIME_RESPONSES = 10
PAYLOAD_DELIMITER = "\x00"
CHAR_INFERENCE_MARK = "%c"
MIN_TIME_RESPONSES = 10
# System variables
IS_WIN = subprocess.mswindows

View File

@ -33,6 +33,7 @@ from lib.core.exception import sqlmapValueException
from lib.core.exception import sqlmapThreadException
from lib.core.exception import unhandledException
from lib.core.progress import ProgressBar
from lib.core.settings import CHAR_INFERENCE_MARK
from lib.core.unescaper import unescaper
from lib.request.connect import Connect as Request
@ -141,7 +142,7 @@ def bisection(payload, expression, length=None, charsetType=None, firstChar=None
continuousOrder means that distance between each two neighbour's
numerical values is exactly 1
"""
result = tryHint(idx)
if result:
@ -170,18 +171,14 @@ def bisection(payload, expression, length=None, charsetType=None, firstChar=None
position = (len(charTbl) >> 1)
posValue = charTbl[position]
if dbms in (DBMS.SQLITE, DBMS.MAXDB):
pushValue(posValue)
posValue = chr(posValue) if posValue < 128 else unichr(posValue)
forgedPayload = safeStringFormat(payload, (expressionUnescaped, idx, posValue))
if CHAR_INFERENCE_MARK not in payload:
forgedPayload = safeStringFormat(payload, (expressionUnescaped, idx, posValue))
else:
forgedPayload = safeStringFormat(payload, (expressionUnescaped, idx)).replace(CHAR_INFERENCE_MARK, chr(posValue) if posValue < 128 else unichr(posValue))
queriesCount[0] += 1
result = Request.queryPage(forgedPayload, timeBasedCompare=timeBasedCompare)
if dbms in (DBMS.SQLITE, DBMS.MAXDB):
posValue = popValue()
if result:
minValue = posValue

View File

@ -303,7 +303,7 @@
<timedelay query="SELECT LIKE('ABCDEFG', UPPER(HEX(RANDOMBLOB(1000000%d))))" dbms_version="&gt;=3.0"/>
<substring query="SUBSTR((%s), %d, %d)"/>
<case query="SELECT (CASE WHEN (%s) THEN 1 ELSE 0 END)"/>
<inference query="SUBSTR((%s), %d, 1) > '%s'"/>
<inference query="SUBSTR((%s), %d, 1) > '%c'"/>
<banner query="SELECT SQLITE_VERSION()"/>
<current_user/>
<current_db/>
@ -386,7 +386,7 @@
<inband query="SELECT DISTINCT RDB$USER FROM RDB$USER_PRIVILEGES"/>
<blind query="SELECT FIRST 1 SKIP %d DISTINCT(RDB$USER) FROM RDB$USER_PRIVILEGES" count="SELECT COUNT(DISTINCT(RDB$USER)) FROM RDB$USER_PRIVILEGES"/>
</users>
<inference query="ASCII_VAL(SUBSTRING((%s) FROM %d FOR 1)) > %d" dbms_version="&gt;=2.1"/>
<inference query="ASCII_VAL(SUBSTRING((%s) FROM %d FOR 1)) > %d" dbms_version="&gt;=2.1" query2="SUBSTRING((%s) FROM %d FOR 1) > '%c'"/>
<is_dba query="CURRENT_USER='SYSDBA'"/>
<tables>
<inband query="SELECT RDB$RELATION_NAME FROM RDB$RELATIONS WHERE RDB$VIEW_BLR IS NULL AND (RDB$SYSTEM_FLAG IS NULL OR RDB$SYSTEM_FLAG = 0)"/>
@ -429,7 +429,7 @@
<current_db query="SELECT DATABASE() FROM DUAL"/>
<order query="ORDER BY %s ASC"/>
<case query="SELECT (CASE WHEN (%s) THEN 1 ELSE 0 END)"/>
<inference query="SUBSTR((%s), %d, 1) > '%s'"/>
<inference query="SUBSTR((%s), %d, 1) > '%c'"/>
<delimiter query=","/>
<substring query="SUBSTR((%s), %d, %d)"/>
<users>