PenTest/sqlmap
1
0
Fork 0
mirror of https://github.com/sqlmapproject/sqlmap.git synced 2025-12-07 21:21:33 +00:00
Code Issues Projects Releases Wiki Activity

minor cosmetic update

Browse Source
This commit is contained in:
Miroslav Stampar
2010-10-11 13:52:32 +00:00
parent 43892cddbb
commit 1369529103
6 changed files with 65 additions and 56 deletions
Download Patch File Download Diff File Expand all files Collapse all files

4
plugins/dbms/mssqlserver/fingerprint.py
View File

@@ -194,7 +194,7 @@ class Fingerprint(GenericFingerprint):
query += "LIKE '%Windows NT " + data[0] + "%')>0"
query = agent.forgeCaseStatement(query)
if inject.getValue(query, charsetType=1) == "1":
if inject.getValue(query, charsetType=1, suppressOutput=True) == "1":
kb.osVersion = version
infoMsg += " %s" % kb.osVersion
@@ -221,7 +221,7 @@ class Fingerprint(GenericFingerprint):
query += "LIKE '%Service Pack " + getUnicode(sp) + "%')>0"
query = agent.forgeCaseStatement(query)
if inject.getValue(query, charsetType=1) == "1":
if inject.getValue(query, charsetType=1, suppressOutput=True) == "1":
kb.osSP = sp
break

32
plugins/dbms/mysql/fingerprint.py
View File

@@ -187,7 +187,7 @@ class Fingerprint(GenericFingerprint):
return False
# Determine if it is MySQL >= 5.0.0
if inject.getValue("SELECT %s FROM information_schema.TABLES LIMIT 0, 1" % randInt, charsetType=2) == randInt:
if inject.getValue("SELECT %s FROM information_schema.TABLES LIMIT 0, 1" % randInt, charsetType=2, suppressOutput=True) == randInt:
kb.data.has_information_schema = True
kb.dbmsVersion = [">= 5.0.0"]
@@ -199,28 +199,28 @@ class Fingerprint(GenericFingerprint):
return True
# Check if it is MySQL >= 5.5.0
if inject.getValue("SELECT MID(TO_SECONDS(950501), 1, 1)", unpack=False, charsetType=2) == "6":
if inject.getValue("SELECT MID(TO_SECONDS(950501), 1, 1)", unpack=False, charsetType=2, suppressOutput=True) == "6":
kb.dbmsVersion = [">= 5.5.0"]
# Check if it is MySQL >= 5.1.2 and < 5.5.0
elif inject.getValue("SELECT MID(@@table_open_cache, 1, 1)", unpack=False):
if inject.getValue("SELECT %s FROM information_schema.GLOBAL_STATUS LIMIT 0, 1" % randInt, unpack=False, charsetType=2) == randInt:
if inject.getValue("SELECT %s FROM information_schema.GLOBAL_STATUS LIMIT 0, 1" % randInt, unpack=False, charsetType=2, suppressOutput=True) == randInt:
kb.dbmsVersion = [">= 5.1.12", "< 5.5.0"]
elif inject.getValue("SELECT %s FROM information_schema.PROCESSLIST LIMIT 0, 1" % randInt, unpack=False, charsetType=2) == randInt:
elif inject.getValue("SELECT %s FROM information_schema.PROCESSLIST LIMIT 0, 1" % randInt, unpack=False, charsetType=2, suppressOutput=True) == randInt:
kb.dbmsVersion = [">= 5.1.7", "< 5.1.12"]
elif inject.getValue("SELECT %s FROM information_schema.PARTITIONS LIMIT 0, 1" % randInt, unpack=False, charsetType=2) == randInt:
elif inject.getValue("SELECT %s FROM information_schema.PARTITIONS LIMIT 0, 1" % randInt, unpack=False, charsetType=2, suppressOutput=True) == randInt:
kb.dbmsVersion = ["= 5.1.6"]
elif inject.getValue("SELECT %s FROM information_schema.PLUGINS LIMIT 0, 1" % randInt, unpack=False, charsetType=2) == randInt:
elif inject.getValue("SELECT %s FROM information_schema.PLUGINS LIMIT 0, 1" % randInt, unpack=False, charsetType=2, suppressOutput=True) == randInt:
kb.dbmsVersion = [">= 5.1.5", "< 5.1.6"]
else:
kb.dbmsVersion = [">= 5.1.2", "< 5.1.5"]
# Check if it is MySQL >= 5.0.0 and < 5.1.2
elif inject.getValue("SELECT MID(@@hostname, 1, 1)", unpack=False):
elif inject.getValue("SELECT MID(@@hostname, 1, 1)", unpack=False, suppressOutput=True):
kb.dbmsVersion = [">= 5.0.38", "< 5.1.2"]
elif inject.getValue("SELECT 1 FROM DUAL", charsetType=1) == "1":
elif inject.getValue("SELECT 1 FROM DUAL", charsetType=1, suppressOutput=True) == "1":
kb.dbmsVersion = [">= 5.0.11", "< 5.0.38"]
elif inject.getValue("SELECT DATABASE() LIKE SCHEMA()"):
elif inject.getValue("SELECT DATABASE() LIKE SCHEMA()", suppressOutput=True):
kb.dbmsVersion = [">= 5.0.2", "< 5.0.11"]
else:
kb.dbmsVersion = [">= 5.0.0", "<= 5.0.1"]
@@ -237,24 +237,24 @@ class Fingerprint(GenericFingerprint):
return True
# Check which version of MySQL < 5.0.0 it is
coercibility = inject.getValue("SELECT COERCIBILITY(USER())")
coercibility = inject.getValue("SELECT COERCIBILITY(USER())", suppressOutput=True)
if coercibility == "3":
kb.dbmsVersion = [">= 4.1.11", "< 5.0.0"]
elif coercibility == "2":
kb.dbmsVersion = [">= 4.1.1", "< 4.1.11"]
elif inject.getValue("SELECT CURRENT_USER()"):
elif inject.getValue("SELECT CURRENT_USER()", suppressOutput=True):
kb.dbmsVersion = [">= 4.0.6", "< 4.1.1"]
if inject.getValue("SELECT CHARSET(CURRENT_USER())") == "utf8":
if inject.getValue("SELECT CHARSET(CURRENT_USER())", suppressOutput=True) == "utf8":
kb.dbmsVersion = ["= 4.1.0"]
else:
kb.dbmsVersion = [">= 4.0.6", "< 4.1.0"]
elif inject.getValue("SELECT FOUND_ROWS()", charsetType=1) == "0":
elif inject.getValue("SELECT FOUND_ROWS()", charsetType=1, suppressOutput=True) == "0":
kb.dbmsVersion = [">= 4.0.0", "< 4.0.6"]
elif inject.getValue("SELECT CONNECTION_ID()"):
elif inject.getValue("SELECT CONNECTION_ID()", suppressOutput=True):
kb.dbmsVersion = [">= 3.23.14", "< 4.0.0"]
elif re.search("@[\w\.\-\_]+", inject.getValue("SELECT USER()")):
elif re.search("@[\w\.\-\_]+", inject.getValue("SELECT USER()", suppressOutput=True)):
kb.dbmsVersion = [">= 3.22.11", "< 3.23.14"]
else:
kb.dbmsVersion = ["< 3.22.11"]
@@ -273,7 +273,7 @@ class Fingerprint(GenericFingerprint):
infoMsg = "fingerprinting the back-end DBMS operating system"
logger.info(infoMsg)
datadirSubstr = inject.getValue("SELECT MID(@@datadir, 1, 1)", unpack=False)
datadirSubstr = inject.getValue("SELECT MID(@@datadir, 1, 1)", unpack=False, suppressOutput=True)
if datadirSubstr == "/":
kb.os = "Linux"

2
plugins/dbms/oracle/fingerprint.py
View File

@@ -123,7 +123,7 @@ class Fingerprint(GenericFingerprint):
return True
query = "SELECT SUBSTR((VERSION), 1, 2) FROM SYS.PRODUCT_COMPONENT_VERSION WHERE ROWNUM=1"
version = inject.getValue(query, unpack=False)
version = inject.getValue(query, unpack=False, suppressOutput=True)
if re.search("^11", version):
kb.dbmsVersion = ["11i"]

26
plugins/dbms/postgresql/fingerprint.py
View File

@@ -123,33 +123,33 @@ class Fingerprint(GenericFingerprint):
if not conf.extensiveFp:
return True
if inject.getValue("SELECT DIV(6, 3)", unpack=False, charsetType=2) == "2":
if inject.getValue("SELECT DIV(6, 3)", unpack=False, charsetType=2, suppressOutput=True) == "2":
kb.dbmsVersion = [">= 8.4.0"]
elif inject.getValue("SELECT SUBSTR(TRANSACTION_TIMESTAMP()::text, 1, 1)", unpack=False, charsetType=2) in ( "1", "2" ) and not inject.getValue("SELECT SUBSTR(TRANSACTION_TIMESTAMP(), 1, 1)", unpack=False, charsetType=2) in ( "1", "2" ):
elif inject.getValue("SELECT SUBSTR(TRANSACTION_TIMESTAMP()::text, 1, 1)", unpack=False, charsetType=2, suppressOutput=True) in ( "1", "2" ) and not inject.getValue("SELECT SUBSTR(TRANSACTION_TIMESTAMP(), 1, 1)", unpack=False, charsetType=2, suppressOutput=True) in ( "1", "2" ):
kb.dbmsVersion = [">= 8.3.0", "< 8.4"]
elif inject.getValue("SELECT SUBSTR(TRANSACTION_TIMESTAMP(), 1, 1)", unpack=False, charsetType=2):
elif inject.getValue("SELECT SUBSTR(TRANSACTION_TIMESTAMP(), 1, 1)", unpack=False, charsetType=2, suppressOutput=True):
kb.dbmsVersion = [">= 8.2.0", "< 8.3.0"]
elif inject.getValue("SELECT GREATEST(5, 9, 1)", unpack=False, charsetType=2) == "9":
elif inject.getValue("SELECT GREATEST(5, 9, 1)", unpack=False, charsetType=2, suppressOutput=True) == "9":
kb.dbmsVersion = [">= 8.1.0", "< 8.2.0"]
elif inject.getValue("SELECT WIDTH_BUCKET(5.35, 0.024, 10.06, 5)", unpack=False, charsetType=2) == "3":
elif inject.getValue("SELECT WIDTH_BUCKET(5.35, 0.024, 10.06, 5)", unpack=False, charsetType=2, suppressOutput=True) == "3":
kb.dbmsVersion = [">= 8.0.0", "< 8.1.0"]
elif inject.getValue("SELECT SUBSTR(MD5('sqlmap'), 1, 1)", unpack=False):
elif inject.getValue("SELECT SUBSTR(MD5('sqlmap'), 1, 1)", unpack=False, suppressOutput=True):
kb.dbmsVersion = [">= 7.4.0", "< 8.0.0"]
elif inject.getValue("SELECT SUBSTR(CURRENT_SCHEMA(), 1, 1)", unpack=False) == "p":
elif inject.getValue("SELECT SUBSTR(CURRENT_SCHEMA(), 1, 1)", unpack=False, suppressOutput=True) == "p":
kb.dbmsVersion = [">= 7.3.0", "< 7.4.0"]
elif inject.getValue("SELECT BIT_LENGTH(1)") == "8":
kb.dbmsVersion = [">= 7.2.0", "< 7.3.0"]
elif inject.getValue("SELECT SUBSTR(QUOTE_LITERAL('a'), 2, 1)", unpack=False) == "a":
elif inject.getValue("SELECT SUBSTR(QUOTE_LITERAL('a'), 2, 1)", unpack=False, suppressOutput=True) == "a":
kb.dbmsVersion = [">= 7.1.0", "< 7.2.0"]
elif inject.getValue("SELECT POW(2, 3)", unpack=False, charsetType=2) == "8":
elif inject.getValue("SELECT POW(2, 3)", unpack=False, charsetType=2, suppressOutput=True) == "8":
kb.dbmsVersion = [">= 7.0.0", "< 7.1.0"]
elif inject.getValue("SELECT MAX('a')") == "a":
kb.dbmsVersion = [">= 6.5.0", "< 6.5.3"]
elif re.search("([\d\.]+)", inject.getValue("SELECT SUBSTR(VERSION(), 12, 5)", unpack=False)):
elif re.search("([\d\.]+)", inject.getValue("SELECT SUBSTR(VERSION(), 12, 5)", unpack=False, suppressOutput=True)):
kb.dbmsVersion = [">= 6.4.0", "< 6.5.0"]
elif inject.getValue("SELECT SUBSTR(CURRENT_DATE, 1, 1)", unpack=False, charsetType=2) == "2":
elif inject.getValue("SELECT SUBSTR(CURRENT_DATE, 1, 1)", unpack=False, charsetType=2, suppressOutput=True) == "2":
kb.dbmsVersion = [">= 6.3.0", "< 6.4.0"]
elif inject.getValue("SELECT SUBSTRING('sqlmap', 1, 1)", unpack=False) == "s":
elif inject.getValue("SELECT SUBSTRING('sqlmap', 1, 1)", unpack=False, suppressOutput=True) == "s":
kb.dbmsVersion = [">= 6.2.0", "< 6.3.0"]
else:
kb.dbmsVersion = ["< 6.2.0"]
@@ -180,7 +180,7 @@ class Fingerprint(GenericFingerprint):
query += "LIKE '%" + osPattern + "%')>0"
query = agent.forgeCaseStatement(query)
if inject.getValue(query, charsetType=1) == "1":
if inject.getValue(query, charsetType=1, suppressOutput=True) == "1":
kb.os = "Windows"
break

2
plugins/dbms/sqlite/fingerprint.py
View File

@@ -117,7 +117,7 @@ class Fingerprint(GenericFingerprint):
if not conf.extensiveFp:
return True
version = inject.getValue("SELECT SUBSTR((SQLITE_VERSION()), 1, 1)", unpack=False, charsetType=2)
version = inject.getValue("SELECT SUBSTR((SQLITE_VERSION()), 1, 1)", unpack=False, charsetType=2, suppressOutput=True)
kb.dbmsVersion = [ version ]
return True