sqlmapproject/sqlmap
1
1
Fork 0
mirror of https://github.com/sqlmapproject/sqlmap.git synced 2025-05-15 05:03:49 +03:00
Code Issues Packages Projects Releases Wiki Activity

coollyy little commits

Browse Source
This commit is contained in:
Miroslav Stampar 2010-12-10 11:32:46 +00:00
parent d71e51e765
commit fe2039f5ba
4 changed files with 21 additions and 16 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

10
lib/core/agent.py
View File

@ -12,6 +12,7 @@ import re
from xml.etree import ElementTree as ET from xml.etree import ElementTree as ET
from lib.core.common import getCompiledRegex from lib.core.common import getCompiledRegex
from lib.core.common import isDBMSVersionAtLeast
from lib.core.common import randomInt from lib.core.common import randomInt
from lib.core.common import randomStr from lib.core.common import randomStr
from lib.core.convert import urlencode from lib.core.convert import urlencode
@ -214,7 +215,14 @@ class Agent:
if "[INFERENCE]" in payload: if "[INFERENCE]" in payload:
if kb.dbms is not None: if kb.dbms is not None:
inferenceQuery = queries[kb.dbms].inference.query inference = queries[kb.dbms].inference
if "dbms_version" in inference:
if isDBMSVersionAtLeast(inference.dbms_version):
inferenceQuery = inference.query
else:
inferenceQuery = inference.query2
else:
inferenceQuery = inference.query
payload = payload.replace("[INFERENCE]", inferenceQuery) payload = payload.replace("[INFERENCE]", inferenceQuery)
elif kb.misc.testedDbms is not None: elif kb.misc.testedDbms is not None:
inferenceQuery = queries[kb.misc.testedDbms].inference.query inferenceQuery = queries[kb.misc.testedDbms].inference.query

6
lib/core/settings.py
View File

@ -46,9 +46,9 @@ DUMP_TAB_MARKER = "__TAB__"
DUMP_START_MARKER = "__START__" DUMP_START_MARKER = "__START__"
DUMP_STOP_MARKER = "__STOP__" DUMP_STOP_MARKER = "__STOP__"
PAYLOAD_DELIMITER = "\x00" PAYLOAD_DELIMITER = "\x00"
CHAR_INFERENCE_MARK = "%c"
MIN_TIME_RESPONSES = 10 MIN_TIME_RESPONSES = 10
# System variables # System variables
IS_WIN = subprocess.mswindows IS_WIN = subprocess.mswindows

13
lib/techniques/blind/inference.py
View File

@ -33,6 +33,7 @@ from lib.core.exception import sqlmapValueException
from lib.core.exception import sqlmapThreadException from lib.core.exception import sqlmapThreadException
from lib.core.exception import unhandledException from lib.core.exception import unhandledException
from lib.core.progress import ProgressBar from lib.core.progress import ProgressBar
from lib.core.settings import CHAR_INFERENCE_MARK
from lib.core.unescaper import unescaper from lib.core.unescaper import unescaper
from lib.request.connect import Connect as Request from lib.request.connect import Connect as Request
@ -170,18 +171,14 @@ def bisection(payload, expression, length=None, charsetType=None, firstChar=None
position = (len(charTbl) >> 1) position = (len(charTbl) >> 1)
posValue = charTbl[position] posValue = charTbl[position]
if dbms in (DBMS.SQLITE, DBMS.MAXDB): if CHAR_INFERENCE_MARK not in payload:
pushValue(posValue) forgedPayload = safeStringFormat(payload, (expressionUnescaped, idx, posValue))
posValue = chr(posValue) if posValue < 128 else unichr(posValue) else:
forgedPayload = safeStringFormat(payload, (expressionUnescaped, idx)).replace(CHAR_INFERENCE_MARK, chr(posValue) if posValue < 128 else unichr(posValue))
forgedPayload = safeStringFormat(payload, (expressionUnescaped, idx, posValue))
queriesCount[0] += 1 queriesCount[0] += 1
result = Request.queryPage(forgedPayload, timeBasedCompare=timeBasedCompare) result = Request.queryPage(forgedPayload, timeBasedCompare=timeBasedCompare)
if dbms in (DBMS.SQLITE, DBMS.MAXDB):
posValue = popValue()
if result: if result:
minValue = posValue minValue = posValue

6
xml/queries.xml
View File

@ -303,7 +303,7 @@
<timedelay query="SELECT LIKE('ABCDEFG', UPPER(HEX(RANDOMBLOB(1000000%d))))" dbms_version="&gt;=3.0"/> <timedelay query="SELECT LIKE('ABCDEFG', UPPER(HEX(RANDOMBLOB(1000000%d))))" dbms_version="&gt;=3.0"/>
<substring query="SUBSTR((%s), %d, %d)"/> <substring query="SUBSTR((%s), %d, %d)"/>
<case query="SELECT (CASE WHEN (%s) THEN 1 ELSE 0 END)"/> <case query="SELECT (CASE WHEN (%s) THEN 1 ELSE 0 END)"/>
<inference query="SUBSTR((%s), %d, 1) > '%s'"/> <inference query="SUBSTR((%s), %d, 1) > '%c'"/>
<banner query="SELECT SQLITE_VERSION()"/> <banner query="SELECT SQLITE_VERSION()"/>
<current_user/> <current_user/>
<current_db/> <current_db/>
@ -386,7 +386,7 @@
<inband query="SELECT DISTINCT RDB$USER FROM RDB$USER_PRIVILEGES"/> <inband query="SELECT DISTINCT RDB$USER FROM RDB$USER_PRIVILEGES"/>
<blind query="SELECT FIRST 1 SKIP %d DISTINCT(RDB$USER) FROM RDB$USER_PRIVILEGES" count="SELECT COUNT(DISTINCT(RDB$USER)) FROM RDB$USER_PRIVILEGES"/> <blind query="SELECT FIRST 1 SKIP %d DISTINCT(RDB$USER) FROM RDB$USER_PRIVILEGES" count="SELECT COUNT(DISTINCT(RDB$USER)) FROM RDB$USER_PRIVILEGES"/>
</users> </users>
<inference query="ASCII_VAL(SUBSTRING((%s) FROM %d FOR 1)) > %d" dbms_version="&gt;=2.1"/> <inference query="ASCII_VAL(SUBSTRING((%s) FROM %d FOR 1)) > %d" dbms_version="&gt;=2.1" query2="SUBSTRING((%s) FROM %d FOR 1) > '%c'"/>
<is_dba query="CURRENT_USER='SYSDBA'"/> <is_dba query="CURRENT_USER='SYSDBA'"/>
<tables> <tables>
<inband query="SELECT RDB$RELATION_NAME FROM RDB$RELATIONS WHERE RDB$VIEW_BLR IS NULL AND (RDB$SYSTEM_FLAG IS NULL OR RDB$SYSTEM_FLAG = 0)"/> <inband query="SELECT RDB$RELATION_NAME FROM RDB$RELATIONS WHERE RDB$VIEW_BLR IS NULL AND (RDB$SYSTEM_FLAG IS NULL OR RDB$SYSTEM_FLAG = 0)"/>
@ -429,7 +429,7 @@
<current_db query="SELECT DATABASE() FROM DUAL"/> <current_db query="SELECT DATABASE() FROM DUAL"/>
<order query="ORDER BY %s ASC"/> <order query="ORDER BY %s ASC"/>
<case query="SELECT (CASE WHEN (%s) THEN 1 ELSE 0 END)"/> <case query="SELECT (CASE WHEN (%s) THEN 1 ELSE 0 END)"/>
<inference query="SUBSTR((%s), %d, 1) > '%s'"/> <inference query="SUBSTR((%s), %d, 1) > '%c'"/>
<delimiter query=","/> <delimiter query=","/>
<substring query="SUBSTR((%s), %d, %d)"/> <substring query="SUBSTR((%s), %d, %d)"/>
<users> <users>