mirror of
https://github.com/sqlmapproject/sqlmap.git
synced 2026-02-13 17:06:34 +00:00
Major code refactoring - moved to one location only (getIdentifiedDBMS() in common.py) the retrieval of identified/fingerprinted DBMS.
Minor bug fixes thanks to previous refactoring too.
This commit is contained in:
Bernardo Damele
@@ -8,6 +8,7 @@ See the file 'doc/COPYING' for copying permission
|
||||
"""
|
||||
|
||||
from lib.core.common import dataToStdout
|
||||
from lib.core.common import getIdentifiedDBMS
|
||||
from lib.core.common import isTechniqueAvailable
|
||||
from lib.core.common import readInput
|
||||
from lib.core.data import conf
|
||||
@@ -40,10 +41,10 @@ class Abstraction(Web, UDF, xp_cmdshell):
|
||||
if self.webBackdoorUrl and not isTechniqueAvailable(PAYLOAD.TECHNIQUE.STACKED):
|
||||
self.webBackdoorRunCmd(cmd)
|
||||
|
||||
elif kb.dbms in ( DBMS.MYSQL, DBMS.PGSQL ):
|
||||
elif getIdentifiedDBMS() in ( DBMS.MYSQL, DBMS.PGSQL ):
|
||||
self.udfExecCmd(cmd, silent=silent)
|
||||
|
||||
elif kb.dbms == DBMS.MSSQL:
|
||||
elif getIdentifiedDBMS() == DBMS.MSSQL:
|
||||
self.xpCmdshellExecCmd(cmd, silent=silent)
|
||||
|
||||
else:
|
||||
@@ -54,10 +55,10 @@ class Abstraction(Web, UDF, xp_cmdshell):
|
||||
if self.webBackdoorUrl and not isTechniqueAvailable(PAYLOAD.TECHNIQUE.STACKED):
|
||||
return self.webBackdoorRunCmd(cmd)
|
||||
|
||||
elif kb.dbms in ( DBMS.MYSQL, DBMS.PGSQL ):
|
||||
elif getIdentifiedDBMS() in ( DBMS.MYSQL, DBMS.PGSQL ):
|
||||
return self.udfEvalCmd(cmd, first, last)
|
||||
|
||||
elif kb.dbms == DBMS.MSSQL:
|
||||
elif getIdentifiedDBMS() == DBMS.MSSQL:
|
||||
return self.xpCmdshellEvalCmd(cmd, first, last)
|
||||
|
||||
else:
|
||||
@@ -92,13 +93,13 @@ class Abstraction(Web, UDF, xp_cmdshell):
|
||||
logger.info(infoMsg)
|
||||
|
||||
else:
|
||||
if kb.dbms in ( DBMS.MYSQL, DBMS.PGSQL ):
|
||||
if getIdentifiedDBMS() in ( DBMS.MYSQL, DBMS.PGSQL ):
|
||||
infoMsg = "going to use injected sys_eval and sys_exec "
|
||||
infoMsg += "user-defined functions for operating system "
|
||||
infoMsg += "command execution"
|
||||
logger.info(infoMsg)
|
||||
|
||||
elif kb.dbms == DBMS.MSSQL:
|
||||
elif getIdentifiedDBMS() == DBMS.MSSQL:
|
||||
infoMsg = "going to use xp_cmdshell extended procedure for "
|
||||
infoMsg += "operating system command execution"
|
||||
logger.info(infoMsg)
|
||||
@@ -150,9 +151,9 @@ class Abstraction(Web, UDF, xp_cmdshell):
|
||||
warnMsg += "the session user is not a database administrator"
|
||||
logger.warn(warnMsg)
|
||||
|
||||
if kb.dbms in ( DBMS.MYSQL, DBMS.PGSQL ):
|
||||
if getIdentifiedDBMS() in ( DBMS.MYSQL, DBMS.PGSQL ):
|
||||
self.udfInjectSys()
|
||||
elif kb.dbms == DBMS.MSSQL:
|
||||
elif getIdentifiedDBMS() == DBMS.MSSQL:
|
||||
if mandatory:
|
||||
self.xpCmdshellInit()
|
||||
else:
|
||||
|
||||
@@ -19,6 +19,7 @@ from subprocess import PIPE
|
||||
from subprocess import Popen as execute
|
||||
|
||||
from lib.core.common import dataToStdout
|
||||
from lib.core.common import getIdentifiedDBMS
|
||||
from lib.core.common import getLocalIP
|
||||
from lib.core.common import getRemoteIP
|
||||
from lib.core.common import getUnicode
|
||||
@@ -186,13 +187,13 @@ class Metasploit:
|
||||
if __payloadStr == "windows/vncinject":
|
||||
choose = False
|
||||
|
||||
if kb.dbms == DBMS.MYSQL:
|
||||
if getIdentifiedDBMS() == DBMS.MYSQL:
|
||||
debugMsg = "by default MySQL on Windows runs as SYSTEM "
|
||||
debugMsg += "user, it is likely that the the VNC "
|
||||
debugMsg += "injection will be successful"
|
||||
logger.debug(debugMsg)
|
||||
|
||||
elif kb.dbms == DBMS.PGSQL:
|
||||
elif getIdentifiedDBMS() == DBMS.PGSQL:
|
||||
choose = True
|
||||
|
||||
warnMsg = "by default PostgreSQL on Windows runs as "
|
||||
@@ -200,7 +201,7 @@ class Metasploit:
|
||||
warnMsg += "injection will be successful"
|
||||
logger.warn(warnMsg)
|
||||
|
||||
elif kb.dbms == DBMS.MSSQL and kb.dbmsVersion[0] in ( "2005", "2008" ):
|
||||
elif getIdentifiedDBMS() == DBMS.MSSQL and kb.dbmsVersion[0] in ( "2005", "2008" ):
|
||||
choose = True
|
||||
|
||||
warnMsg = "it is unlikely that the VNC injection will be "
|
||||
@@ -229,12 +230,12 @@ class Metasploit:
|
||||
break
|
||||
|
||||
elif choice == "1":
|
||||
if kb.dbms == DBMS.PGSQL:
|
||||
if getIdentifiedDBMS() == DBMS.PGSQL:
|
||||
logger.warn("beware that the VNC injection might not work")
|
||||
|
||||
break
|
||||
|
||||
elif kb.dbms == DBMS.MSSQL and kb.dbmsVersion[0] in ( "2005", "2008" ):
|
||||
elif getIdentifiedDBMS() == DBMS.MSSQL and kb.dbmsVersion[0] in ( "2005", "2008" ):
|
||||
break
|
||||
|
||||
elif not choice.isdigit():
|
||||
@@ -554,7 +555,7 @@ class Metasploit:
|
||||
# This is useful for sqlmap because on PostgreSQL it is not
|
||||
# possible to write files bigger than 8192 bytes abusing the
|
||||
# lo_export() feature implemented in sqlmap.
|
||||
if kb.dbms == DBMS.PGSQL:
|
||||
if getIdentifiedDBMS() == DBMS.PGSQL:
|
||||
self.__fileFormat = "exe-small"
|
||||
else:
|
||||
self.__fileFormat = "exe"
|
||||
@@ -656,7 +657,7 @@ class Metasploit:
|
||||
self.__forgeMsfConsoleResource()
|
||||
self.__forgeMsfConsoleCmd()
|
||||
|
||||
if kb.dbms in ( DBMS.MYSQL, DBMS.PGSQL ):
|
||||
if getIdentifiedDBMS() in ( DBMS.MYSQL, DBMS.PGSQL ):
|
||||
self.uncPath = "\\\\\\\\%s\\\\%s" % (self.lhostStr, self.__randFile)
|
||||
else:
|
||||
self.uncPath = "\\\\%s\\%s" % (self.lhostStr, self.__randFile)
|
||||
|
||||
@@ -11,6 +11,7 @@ import os
|
||||
|
||||
from lib.core.agent import agent
|
||||
from lib.core.common import dataToStdout
|
||||
from lib.core.common import getIdentifiedDBMS
|
||||
from lib.core.common import isTechniqueAvailable
|
||||
from lib.core.common import readInput
|
||||
from lib.core.data import conf
|
||||
@@ -50,7 +51,7 @@ class UDF:
|
||||
def __checkExistUdf(self, udf):
|
||||
logger.info("checking if UDF '%s' already exist" % udf)
|
||||
|
||||
query = agent.forgeCaseStatement(queries[kb.dbms].check_udf.query % (udf, udf))
|
||||
query = agent.forgeCaseStatement(queries[getIdentifiedDBMS()].check_udf.query % (udf, udf))
|
||||
exists = inject.getValue(query, resumeValue=False, unpack=False, charsetType=2)
|
||||
|
||||
if exists == "1":
|
||||
@@ -103,7 +104,7 @@ class UDF:
|
||||
return output
|
||||
|
||||
def udfCheckNeeded(self):
|
||||
if ( not conf.rFile or ( conf.rFile and kb.dbms != DBMS.PGSQL ) ) and "sys_fileread" in self.sysUdfs:
|
||||
if ( not conf.rFile or ( conf.rFile and getIdentifiedDBMS() != DBMS.PGSQL ) ) and "sys_fileread" in self.sysUdfs:
|
||||
self.sysUdfs.pop("sys_fileread")
|
||||
|
||||
if not conf.osPwn:
|
||||
@@ -142,9 +143,9 @@ class UDF:
|
||||
if udf in self.udfToCreate and udf not in self.createdUdf:
|
||||
self.udfCreateFromSharedLib(udf, inpRet)
|
||||
|
||||
if kb.dbms == DBMS.MYSQL:
|
||||
if getIdentifiedDBMS() == DBMS.MYSQL:
|
||||
supportTblType = "longtext"
|
||||
elif kb.dbms == DBMS.PGSQL:
|
||||
elif getIdentifiedDBMS() == DBMS.PGSQL:
|
||||
supportTblType = "text"
|
||||
|
||||
self.udfCreateSupportTbl(supportTblType)
|
||||
@@ -155,8 +156,8 @@ class UDF:
|
||||
self.udfInjectCore(self.sysUdfs)
|
||||
|
||||
def udfInjectCustom(self):
|
||||
if kb.dbms not in ( DBMS.MYSQL, DBMS.PGSQL ):
|
||||
errMsg = "UDF injection feature is not yet implemented on %s" % kb.dbms
|
||||
if getIdentifiedDBMS() not in ( DBMS.MYSQL, DBMS.PGSQL ):
|
||||
errMsg = "UDF injection feature is not yet implemented on %s" % getIdentifiedDBMS()
|
||||
raise sqlmapUnsupportedFeatureException(errMsg)
|
||||
|
||||
if not isTechniqueAvailable(PAYLOAD.TECHNIQUE.STACKED) and not conf.direct:
|
||||
@@ -235,9 +236,9 @@ class UDF:
|
||||
else:
|
||||
logger.warn("you need to specify the name of the UDF")
|
||||
|
||||
if kb.dbms == DBMS.MYSQL:
|
||||
if getIdentifiedDBMS() == DBMS.MYSQL:
|
||||
defaultType = "string"
|
||||
elif kb.dbms == DBMS.PGSQL:
|
||||
elif getIdentifiedDBMS() == DBMS.PGSQL:
|
||||
defaultType = "text"
|
||||
|
||||
self.udfs[udfName]["input"] = []
|
||||
|
||||
Reference in New Issue
Block a user