mirror of
https://github.com/sqlmapproject/sqlmap.git
synced 2024-11-23 01:56:36 +03:00
594 lines
14 KiB
Python
594 lines
14 KiB
Python
#!/usr/bin/env python
|
|
|
|
"""
|
|
Copyright (c) 2006-2019 sqlmap developers (http://sqlmap.org/)
|
|
See the file 'LICENSE' for copying permission
|
|
"""
|
|
|
|
from lib.core.enums import CONTENT_TYPE
|
|
from lib.core.enums import DBMS
|
|
from lib.core.enums import OS
|
|
from lib.core.enums import POST_HINT
|
|
from lib.core.settings import ACCESS_ALIASES
|
|
from lib.core.settings import BLANK
|
|
from lib.core.settings import DB2_ALIASES
|
|
from lib.core.settings import FIREBIRD_ALIASES
|
|
from lib.core.settings import H2_ALIASES
|
|
from lib.core.settings import HSQLDB_ALIASES
|
|
from lib.core.settings import INFORMIX_ALIASES
|
|
from lib.core.settings import MAXDB_ALIASES
|
|
from lib.core.settings import MSSQL_ALIASES
|
|
from lib.core.settings import MYSQL_ALIASES
|
|
from lib.core.settings import NULL
|
|
from lib.core.settings import ORACLE_ALIASES
|
|
from lib.core.settings import PGSQL_ALIASES
|
|
from lib.core.settings import SQLITE_ALIASES
|
|
from lib.core.settings import SYBASE_ALIASES
|
|
|
|
FIREBIRD_TYPES = {
|
|
261: "BLOB",
|
|
14: "CHAR",
|
|
40: "CSTRING",
|
|
11: "D_FLOAT",
|
|
27: "DOUBLE",
|
|
10: "FLOAT",
|
|
16: "INT64",
|
|
8: "INTEGER",
|
|
9: "QUAD",
|
|
7: "SMALLINT",
|
|
12: "DATE",
|
|
13: "TIME",
|
|
35: "TIMESTAMP",
|
|
37: "VARCHAR",
|
|
}
|
|
|
|
INFORMIX_TYPES = {
|
|
0: "CHAR",
|
|
1: "SMALLINT",
|
|
2: "INTEGER",
|
|
3: "FLOAT",
|
|
4: "SMALLFLOAT",
|
|
5: "DECIMAL",
|
|
6: "SERIAL",
|
|
7: "DATE",
|
|
8: "MONEY",
|
|
9: "NULL",
|
|
10: "DATETIME",
|
|
11: "BYTE",
|
|
12: "TEXT",
|
|
13: "VARCHAR",
|
|
14: "INTERVAL",
|
|
15: "NCHAR",
|
|
16: "NVARCHAR",
|
|
17: "INT8",
|
|
18: "SERIAL8",
|
|
19: "SET",
|
|
20: "MULTISET",
|
|
21: "LIST",
|
|
22: "ROW (unnamed)",
|
|
23: "COLLECTION",
|
|
40: "Variable-length opaque type",
|
|
41: "Fixed-length opaque type",
|
|
43: "LVARCHAR",
|
|
45: "BOOLEAN",
|
|
52: "BIGINT",
|
|
53: "BIGSERIAL",
|
|
2061: "IDSSECURITYLABEL",
|
|
4118: "ROW (named)",
|
|
}
|
|
|
|
SYBASE_TYPES = {
|
|
14: "floatn",
|
|
8: "float",
|
|
15: "datetimn",
|
|
12: "datetime",
|
|
23: "real",
|
|
28: "numericn",
|
|
10: "numeric",
|
|
27: "decimaln",
|
|
26: "decimal",
|
|
17: "moneyn",
|
|
11: "money",
|
|
21: "smallmoney",
|
|
22: "smalldatetime",
|
|
13: "intn",
|
|
7: "int",
|
|
6: "smallint",
|
|
5: "tinyint",
|
|
16: "bit",
|
|
2: "varchar",
|
|
18: "sysname",
|
|
25: "nvarchar",
|
|
1: "char",
|
|
24: "nchar",
|
|
4: "varbinary",
|
|
80: "timestamp",
|
|
3: "binary",
|
|
19: "text",
|
|
20: "image",
|
|
}
|
|
|
|
MYSQL_PRIVS = {
|
|
1: "select_priv",
|
|
2: "insert_priv",
|
|
3: "update_priv",
|
|
4: "delete_priv",
|
|
5: "create_priv",
|
|
6: "drop_priv",
|
|
7: "reload_priv",
|
|
8: "shutdown_priv",
|
|
9: "process_priv",
|
|
10: "file_priv",
|
|
11: "grant_priv",
|
|
12: "references_priv",
|
|
13: "index_priv",
|
|
14: "alter_priv",
|
|
15: "show_db_priv",
|
|
16: "super_priv",
|
|
17: "create_tmp_table_priv",
|
|
18: "lock_tables_priv",
|
|
19: "execute_priv",
|
|
20: "repl_slave_priv",
|
|
21: "repl_client_priv",
|
|
22: "create_view_priv",
|
|
23: "show_view_priv",
|
|
24: "create_routine_priv",
|
|
25: "alter_routine_priv",
|
|
26: "create_user_priv",
|
|
}
|
|
|
|
PGSQL_PRIVS = {
|
|
1: "createdb",
|
|
2: "super",
|
|
3: "catupd",
|
|
}
|
|
|
|
# Reference(s): http://stackoverflow.com/a/17672504
|
|
# http://docwiki.embarcadero.com/InterBase/XE7/en/RDB$USER_PRIVILEGES
|
|
|
|
FIREBIRD_PRIVS = {
|
|
"S": "SELECT",
|
|
"I": "INSERT",
|
|
"U": "UPDATE",
|
|
"D": "DELETE",
|
|
"R": "REFERENCE",
|
|
"X": "EXECUTE",
|
|
"A": "ALL",
|
|
"M": "MEMBER",
|
|
"T": "DECRYPT",
|
|
"E": "ENCRYPT",
|
|
"B": "SUBSCRIBE",
|
|
}
|
|
|
|
# Reference(s): https://www.ibm.com/support/knowledgecenter/SSGU8G_12.1.0/com.ibm.sqls.doc/ids_sqs_0147.htm
|
|
# https://www.ibm.com/support/knowledgecenter/SSGU8G_11.70.0/com.ibm.sqlr.doc/ids_sqr_077.htm
|
|
|
|
INFORMIX_PRIVS = {
|
|
"D": "DBA (all privileges)",
|
|
"R": "RESOURCE (create UDRs, UDTs, permanent tables and indexes)",
|
|
"C": "CONNECT (work with existing tables)",
|
|
"G": "ROLE",
|
|
"U": "DEFAULT (implicit connection)",
|
|
}
|
|
|
|
DB2_PRIVS = {
|
|
1: "CONTROLAUTH",
|
|
2: "ALTERAUTH",
|
|
3: "DELETEAUTH",
|
|
4: "INDEXAUTH",
|
|
5: "INSERTAUTH",
|
|
6: "REFAUTH",
|
|
7: "SELECTAUTH",
|
|
8: "UPDATEAUTH",
|
|
}
|
|
|
|
DUMP_REPLACEMENTS = {" ": NULL, "": BLANK}
|
|
|
|
DBMS_DICT = {
|
|
DBMS.MSSQL: (MSSQL_ALIASES, "python-pymssql", "https://github.com/pymssql/pymssql", "mssql+pymssql"),
|
|
DBMS.MYSQL: (MYSQL_ALIASES, "python-pymysql", "https://github.com/PyMySQL/PyMySQL", "mysql"),
|
|
DBMS.PGSQL: (PGSQL_ALIASES, "python-psycopg2", "http://initd.org/psycopg/", "postgresql"),
|
|
DBMS.ORACLE: (ORACLE_ALIASES, "python cx_Oracle", "https://oracle.github.io/python-cx_Oracle/", "oracle"),
|
|
DBMS.SQLITE: (SQLITE_ALIASES, "python-sqlite", "https://docs.python.org/2/library/sqlite3.html", "sqlite"),
|
|
DBMS.ACCESS: (ACCESS_ALIASES, "python-pyodbc", "https://github.com/mkleehammer/pyodbc", "access"),
|
|
DBMS.FIREBIRD: (FIREBIRD_ALIASES, "python-kinterbasdb", "http://kinterbasdb.sourceforge.net/", "firebird"),
|
|
DBMS.MAXDB: (MAXDB_ALIASES, None, None, "maxdb"),
|
|
DBMS.SYBASE: (SYBASE_ALIASES, "python-pymssql", "https://github.com/pymssql/pymssql", "sybase"),
|
|
DBMS.DB2: (DB2_ALIASES, "python ibm-db", "https://github.com/ibmdb/python-ibmdb", "ibm_db_sa"),
|
|
DBMS.HSQLDB: (HSQLDB_ALIASES, "python jaydebeapi & python-jpype", "https://pypi.python.org/pypi/JayDeBeApi/ & http://jpype.sourceforge.net/", None),
|
|
DBMS.H2: (H2_ALIASES, None, None, None),
|
|
DBMS.INFORMIX: (INFORMIX_ALIASES, "python ibm-db", "https://github.com/ibmdb/python-ibmdb", "ibm_db_sa"),
|
|
}
|
|
|
|
FROM_DUMMY_TABLE = {
|
|
DBMS.ORACLE: " FROM DUAL",
|
|
DBMS.ACCESS: " FROM MSysAccessObjects",
|
|
DBMS.FIREBIRD: " FROM RDB$DATABASE",
|
|
DBMS.MAXDB: " FROM VERSIONS",
|
|
DBMS.DB2: " FROM SYSIBM.SYSDUMMY1",
|
|
DBMS.HSQLDB: " FROM INFORMATION_SCHEMA.SYSTEM_USERS",
|
|
DBMS.INFORMIX: " FROM SYSMASTER:SYSDUAL"
|
|
}
|
|
|
|
SQL_STATEMENTS = {
|
|
"SQL SELECT statement": (
|
|
"select ",
|
|
"show ",
|
|
" top ",
|
|
" distinct ",
|
|
" from ",
|
|
" from dual",
|
|
" where ",
|
|
" group by ",
|
|
" order by ",
|
|
" having ",
|
|
" limit ",
|
|
" offset ",
|
|
" union all ",
|
|
" rownum as ",
|
|
"(case ",
|
|
),
|
|
|
|
"SQL data definition": (
|
|
"create ",
|
|
"declare ",
|
|
"drop ",
|
|
"truncate ",
|
|
"alter ",
|
|
),
|
|
|
|
"SQL data manipulation": (
|
|
"bulk ",
|
|
"insert ",
|
|
"update ",
|
|
"delete ",
|
|
"merge ",
|
|
"load ",
|
|
),
|
|
|
|
"SQL data control": (
|
|
"grant ",
|
|
"revoke ",
|
|
),
|
|
|
|
"SQL data execution": (
|
|
"exec ",
|
|
"execute ",
|
|
"values ",
|
|
"call ",
|
|
),
|
|
|
|
"SQL transaction": (
|
|
"start transaction ",
|
|
"begin work ",
|
|
"begin transaction ",
|
|
"commit ",
|
|
"rollback ",
|
|
),
|
|
|
|
"SQL administration": (
|
|
"set ",
|
|
),
|
|
}
|
|
|
|
POST_HINT_CONTENT_TYPES = {
|
|
POST_HINT.JSON: "application/json",
|
|
POST_HINT.JSON_LIKE: "application/json",
|
|
POST_HINT.MULTIPART: "multipart/form-data",
|
|
POST_HINT.SOAP: "application/soap+xml",
|
|
POST_HINT.XML: "application/xml",
|
|
POST_HINT.ARRAY_LIKE: "application/x-www-form-urlencoded; charset=utf-8",
|
|
}
|
|
|
|
OBSOLETE_OPTIONS = {
|
|
"--replicate": "use '--dump-format=SQLITE' instead",
|
|
"--no-unescape": "use '--no-escape' instead",
|
|
"--binary": "use '--binary-fields' instead",
|
|
"--auth-private": "use '--auth-file' instead",
|
|
"--ignore-401": "use '--ignore-code' instead",
|
|
"--second-order": "use '--second-url' instead",
|
|
"--purge-output": "use '--purge' instead",
|
|
"--check-payload": None,
|
|
"--check-waf": None,
|
|
"--pickled-options": "use '--api -c ...' instead",
|
|
}
|
|
|
|
DEPRECATED_OPTIONS = {
|
|
"--identify-waf": "functionality being done automatically",
|
|
}
|
|
|
|
DUMP_DATA_PREPROCESS = {
|
|
DBMS.ORACLE: {"XMLTYPE": "(%s).getStringVal()"}, # Reference: https://www.tibcommunity.com/docs/DOC-3643
|
|
DBMS.MSSQL: {"IMAGE": "CONVERT(VARBINARY(MAX),%s)"},
|
|
}
|
|
|
|
DEFAULT_DOC_ROOTS = {
|
|
OS.WINDOWS: ("C:/xampp/htdocs/", "C:/wamp/www/", "C:/Inetpub/wwwroot/"),
|
|
OS.LINUX: ("/var/www/", "/var/www/html", "/var/www/htdocs", "/usr/local/apache2/htdocs", "/usr/local/www/data", "/var/apache2/htdocs", "/var/www/nginx-default", "/srv/www/htdocs") # Reference: https://wiki.apache.org/httpd/DistrosDefaultLayout
|
|
}
|
|
|
|
PART_RUN_CONTENT_TYPES = {
|
|
"checkDbms": CONTENT_TYPE.TECHNIQUES,
|
|
"getFingerprint": CONTENT_TYPE.DBMS_FINGERPRINT,
|
|
"getBanner": CONTENT_TYPE.BANNER,
|
|
"getCurrentUser": CONTENT_TYPE.CURRENT_USER,
|
|
"getCurrentDb": CONTENT_TYPE.CURRENT_DB,
|
|
"getHostname": CONTENT_TYPE.HOSTNAME,
|
|
"isDba": CONTENT_TYPE.IS_DBA,
|
|
"getUsers": CONTENT_TYPE.USERS,
|
|
"getPasswordHashes": CONTENT_TYPE.PASSWORDS,
|
|
"getPrivileges": CONTENT_TYPE.PRIVILEGES,
|
|
"getRoles": CONTENT_TYPE.ROLES,
|
|
"getDbs": CONTENT_TYPE.DBS,
|
|
"getTables": CONTENT_TYPE.TABLES,
|
|
"getColumns": CONTENT_TYPE.COLUMNS,
|
|
"getSchema": CONTENT_TYPE.SCHEMA,
|
|
"getCount": CONTENT_TYPE.COUNT,
|
|
"dumpTable": CONTENT_TYPE.DUMP_TABLE,
|
|
"search": CONTENT_TYPE.SEARCH,
|
|
"sqlQuery": CONTENT_TYPE.SQL_QUERY,
|
|
"tableExists": CONTENT_TYPE.COMMON_TABLES,
|
|
"columnExists": CONTENT_TYPE.COMMON_COLUMNS,
|
|
"readFile": CONTENT_TYPE.FILE_READ,
|
|
"writeFile": CONTENT_TYPE.FILE_WRITE,
|
|
"osCmd": CONTENT_TYPE.OS_CMD,
|
|
"regRead": CONTENT_TYPE.REG_READ
|
|
}
|
|
|
|
# Reference: http://www.w3.org/TR/1999/REC-html401-19991224/sgml/entities.html
|
|
|
|
HTML_ENTITIES = {
|
|
"quot": 34,
|
|
"amp": 38,
|
|
"lt": 60,
|
|
"gt": 62,
|
|
"nbsp": 160,
|
|
"iexcl": 161,
|
|
"cent": 162,
|
|
"pound": 163,
|
|
"curren": 164,
|
|
"yen": 165,
|
|
"brvbar": 166,
|
|
"sect": 167,
|
|
"uml": 168,
|
|
"copy": 169,
|
|
"ordf": 170,
|
|
"laquo": 171,
|
|
"not": 172,
|
|
"shy": 173,
|
|
"reg": 174,
|
|
"macr": 175,
|
|
"deg": 176,
|
|
"plusmn": 177,
|
|
"sup2": 178,
|
|
"sup3": 179,
|
|
"acute": 180,
|
|
"micro": 181,
|
|
"para": 182,
|
|
"middot": 183,
|
|
"cedil": 184,
|
|
"sup1": 185,
|
|
"ordm": 186,
|
|
"raquo": 187,
|
|
"frac14": 188,
|
|
"frac12": 189,
|
|
"frac34": 190,
|
|
"iquest": 191,
|
|
"Agrave": 192,
|
|
"Aacute": 193,
|
|
"Acirc": 194,
|
|
"Atilde": 195,
|
|
"Auml": 196,
|
|
"Aring": 197,
|
|
"AElig": 198,
|
|
"Ccedil": 199,
|
|
"Egrave": 200,
|
|
"Eacute": 201,
|
|
"Ecirc": 202,
|
|
"Euml": 203,
|
|
"Igrave": 204,
|
|
"Iacute": 205,
|
|
"Icirc": 206,
|
|
"Iuml": 207,
|
|
"ETH": 208,
|
|
"Ntilde": 209,
|
|
"Ograve": 210,
|
|
"Oacute": 211,
|
|
"Ocirc": 212,
|
|
"Otilde": 213,
|
|
"Ouml": 214,
|
|
"times": 215,
|
|
"Oslash": 216,
|
|
"Ugrave": 217,
|
|
"Uacute": 218,
|
|
"Ucirc": 219,
|
|
"Uuml": 220,
|
|
"Yacute": 221,
|
|
"THORN": 222,
|
|
"szlig": 223,
|
|
"agrave": 224,
|
|
"aacute": 225,
|
|
"acirc": 226,
|
|
"atilde": 227,
|
|
"auml": 228,
|
|
"aring": 229,
|
|
"aelig": 230,
|
|
"ccedil": 231,
|
|
"egrave": 232,
|
|
"eacute": 233,
|
|
"ecirc": 234,
|
|
"euml": 235,
|
|
"igrave": 236,
|
|
"iacute": 237,
|
|
"icirc": 238,
|
|
"iuml": 239,
|
|
"eth": 240,
|
|
"ntilde": 241,
|
|
"ograve": 242,
|
|
"oacute": 243,
|
|
"ocirc": 244,
|
|
"otilde": 245,
|
|
"ouml": 246,
|
|
"divide": 247,
|
|
"oslash": 248,
|
|
"ugrave": 249,
|
|
"uacute": 250,
|
|
"ucirc": 251,
|
|
"uuml": 252,
|
|
"yacute": 253,
|
|
"thorn": 254,
|
|
"yuml": 255,
|
|
"OElig": 338,
|
|
"oelig": 339,
|
|
"Scaron": 352,
|
|
"fnof": 402,
|
|
"scaron": 353,
|
|
"Yuml": 376,
|
|
"circ": 710,
|
|
"tilde": 732,
|
|
"Alpha": 913,
|
|
"Beta": 914,
|
|
"Gamma": 915,
|
|
"Delta": 916,
|
|
"Epsilon": 917,
|
|
"Zeta": 918,
|
|
"Eta": 919,
|
|
"Theta": 920,
|
|
"Iota": 921,
|
|
"Kappa": 922,
|
|
"Lambda": 923,
|
|
"Mu": 924,
|
|
"Nu": 925,
|
|
"Xi": 926,
|
|
"Omicron": 927,
|
|
"Pi": 928,
|
|
"Rho": 929,
|
|
"Sigma": 931,
|
|
"Tau": 932,
|
|
"Upsilon": 933,
|
|
"Phi": 934,
|
|
"Chi": 935,
|
|
"Psi": 936,
|
|
"Omega": 937,
|
|
"alpha": 945,
|
|
"beta": 946,
|
|
"gamma": 947,
|
|
"delta": 948,
|
|
"epsilon": 949,
|
|
"zeta": 950,
|
|
"eta": 951,
|
|
"theta": 952,
|
|
"iota": 953,
|
|
"kappa": 954,
|
|
"lambda": 955,
|
|
"mu": 956,
|
|
"nu": 957,
|
|
"xi": 958,
|
|
"omicron": 959,
|
|
"pi": 960,
|
|
"rho": 961,
|
|
"sigmaf": 962,
|
|
"sigma": 963,
|
|
"tau": 964,
|
|
"upsilon": 965,
|
|
"phi": 966,
|
|
"chi": 967,
|
|
"psi": 968,
|
|
"omega": 969,
|
|
"thetasym": 977,
|
|
"upsih": 978,
|
|
"piv": 982,
|
|
"bull": 8226,
|
|
"hellip": 8230,
|
|
"prime": 8242,
|
|
"Prime": 8243,
|
|
"oline": 8254,
|
|
"frasl": 8260,
|
|
"ensp": 8194,
|
|
"emsp": 8195,
|
|
"thinsp": 8201,
|
|
"zwnj": 8204,
|
|
"zwj": 8205,
|
|
"lrm": 8206,
|
|
"rlm": 8207,
|
|
"ndash": 8211,
|
|
"mdash": 8212,
|
|
"lsquo": 8216,
|
|
"rsquo": 8217,
|
|
"sbquo": 8218,
|
|
"ldquo": 8220,
|
|
"rdquo": 8221,
|
|
"bdquo": 8222,
|
|
"dagger": 8224,
|
|
"Dagger": 8225,
|
|
"permil": 8240,
|
|
"lsaquo": 8249,
|
|
"rsaquo": 8250,
|
|
"euro": 8364,
|
|
"weierp": 8472,
|
|
"image": 8465,
|
|
"real": 8476,
|
|
"trade": 8482,
|
|
"alefsym": 8501,
|
|
"larr": 8592,
|
|
"uarr": 8593,
|
|
"rarr": 8594,
|
|
"darr": 8595,
|
|
"harr": 8596,
|
|
"crarr": 8629,
|
|
"lArr": 8656,
|
|
"uArr": 8657,
|
|
"rArr": 8658,
|
|
"dArr": 8659,
|
|
"hArr": 8660,
|
|
"forall": 8704,
|
|
"part": 8706,
|
|
"exist": 8707,
|
|
"empty": 8709,
|
|
"nabla": 8711,
|
|
"isin": 8712,
|
|
"notin": 8713,
|
|
"ni": 8715,
|
|
"prod": 8719,
|
|
"sum": 8721,
|
|
"minus": 8722,
|
|
"lowast": 8727,
|
|
"radic": 8730,
|
|
"prop": 8733,
|
|
"infin": 8734,
|
|
"ang": 8736,
|
|
"and": 8743,
|
|
"or": 8744,
|
|
"cap": 8745,
|
|
"cup": 8746,
|
|
"int": 8747,
|
|
"there4": 8756,
|
|
"sim": 8764,
|
|
"cong": 8773,
|
|
"asymp": 8776,
|
|
"ne": 8800,
|
|
"equiv": 8801,
|
|
"le": 8804,
|
|
"ge": 8805,
|
|
"sub": 8834,
|
|
"sup": 8835,
|
|
"nsub": 8836,
|
|
"sube": 8838,
|
|
"supe": 8839,
|
|
"oplus": 8853,
|
|
"otimes": 8855,
|
|
"perp": 8869,
|
|
"sdot": 8901,
|
|
"lceil": 8968,
|
|
"rceil": 8969,
|
|
"lfloor": 8970,
|
|
"rfloor": 8971,
|
|
"lang": 9001,
|
|
"rang": 9002,
|
|
"loz": 9674,
|
|
"spades": 9824,
|
|
"clubs": 9827,
|
|
"hearts": 9829,
|
|
"diams": 9830
|
|
}
|