PenTest/sqlmap
1
0
Fork 0
mirror of https://github.com/sqlmapproject/sqlmap.git synced 2025-12-22 15:39:05 +00:00
Code Issues Projects Releases Wiki Activity

Major code refactoring - moved to one location only (getIdentifiedDBMS() in common.py) the retrieval of identified/fingerprinted DBMS.

Browse Source 
Minor bug fixes thanks to previous refactoring too.
This commit is contained in:
Bernardo Damele
2011-01-13 17:36:54 +00:00
parent a1d1f69c3f
commit 2ac8debea0
37 changed files with 342 additions and 314 deletions
Download Patch File Download Diff File Expand all files Collapse all files

6
lib/techniques/blind/inference.py
View File

@@ -16,6 +16,7 @@ from lib.core.common import dataToSessionFile
from lib.core.common import dataToStdout
from lib.core.common import filterControlChars
from lib.core.common import getCharset
from lib.core.common import getIdentifiedDBMS
from lib.core.common import goGoodSamaritan
from lib.core.common import getPartRun
from lib.core.common import popValue
@@ -49,7 +50,6 @@ def bisection(payload, expression, length=None, charsetType=None, firstChar=None
finalValue = ""
asciiTbl = getCharset(charsetType)
timeBasedCompare = (kb.technique in (PAYLOAD.TECHNIQUE.TIME, PAYLOAD.TECHNIQUE.STACKED))
dbms = kb.dbms if kb.dbms else kb.misc.testedDbms
# Set kb.partRun in case "common prediction" feature (a.k.a. "good
# samaritan") is used
@@ -121,7 +121,7 @@ def bisection(payload, expression, length=None, charsetType=None, firstChar=None
hintlock.release()
if hintValue is not None and len(hintValue) >= idx:
if dbms in (DBMS.SQLITE, DBMS.ACCESS, DBMS.MAXDB):
if getIdentifiedDBMS() in (DBMS.SQLITE, DBMS.ACCESS, DBMS.MAXDB):
posValue = hintValue[idx-1]
else:
posValue = ord(hintValue[idx-1])
@@ -454,7 +454,7 @@ def bisection(payload, expression, length=None, charsetType=None, firstChar=None
# check it via equal against the substring-query output
if commonPattern is not None:
# Substring-query containing equals commonPattern
subquery = queries[dbms].substring.query % (expressionUnescaped, 1, len(commonPattern))
subquery = queries[getIdentifiedDBMS()].substring.query % (expressionUnescaped, 1, len(commonPattern))
testValue = unescaper.unescape("'%s'" % commonPattern) if "'" not in commonPattern else unescaper.unescape("%s" % commonPattern, quote=False)
query = agent.prefixQuery(safeStringFormat("AND (%s) = %s", (subquery, testValue)))
query = agent.suffixQuery(query)

3
lib/techniques/brute/use.py
View File

@@ -15,6 +15,7 @@ from lib.core.common import dataToSessionFile
from lib.core.common import dataToStdout
from lib.core.common import filterListValue
from lib.core.common import getFileItems
from lib.core.common import getIdentifiedDBMS
from lib.core.common import getPageTextWordsSet
from lib.core.common import popValue
from lib.core.common import pushValue
@@ -31,7 +32,7 @@ from lib.core.session import safeFormatString
from lib.request import inject
def tableExists(tableFile, regex=None):
tables = getFileItems(tableFile, lowercase=kb.dbms in (DBMS.ACCESS), unique=True)
tables = getFileItems(tableFile, lowercase=getIdentifiedDBMS() in (DBMS.ACCESS), unique=True)
retVal = []
infoMsg = "checking table existence using items from '%s'" % tableFile

3
lib/techniques/error/use.py
View File

@@ -13,6 +13,7 @@ import time
from lib.core.agent import agent
from lib.core.common import dataToStdout
from lib.core.common import extractRegexResult
from lib.core.common import getIdentifiedDBMS
from lib.core.common import initTechnique
from lib.core.common import randomInt
from lib.core.common import replaceNewlineTabs
@@ -44,7 +45,7 @@ def errorUse(expression):
_, _, _, _, _, _, fieldToCastStr = agent.getFields(expression)
nulledCastedField = agent.nullAndCastField(fieldToCastStr)
if kb.dbms == DBMS.MYSQL:
if getIdentifiedDBMS() == DBMS.MYSQL:
nulledCastedField = nulledCastedField.replace("AS CHAR)", "AS CHAR(100))") # fix for that 'Subquery returns more than 1 row'
expression = expression.replace(fieldToCastStr, nulledCastedField, 1)

7
lib/techniques/inband/union/test.py
View File

@@ -12,6 +12,7 @@ import time
from lib.core.agent import agent
from lib.core.common import clearConsoleLine
from lib.core.common import dataToStdout
from lib.core.common import getIdentifiedDBMS
from lib.core.common import getUnicode
from lib.core.common import parseUnionPage
from lib.core.common import randomStr
@@ -62,7 +63,7 @@ def __unionPosition(comment, place, parameter, value, prefix, suffix, dbms, coun
# Perform the request
resultPage, _ = Request.queryPage(payload, place=place, content=True)
if resultPage and " UNION ALL SELECT " not in resultPage and (randQuery not in resultPage or randQuery2 not in resultPage):
if resultPage and " UNION ALL SELECT " not in resultPage and ((randQuery in resultPage and randQuery2 not in resultPage) or (randQuery not in resultPage and randQuery2 in resultPage)):
vector = (position, count, comment, prefix, suffix, conf.uChar, 2)
break
@@ -96,13 +97,13 @@ def __unionTestByCharBruteforce(comment, place, parameter, value, prefix, suffix
query = agent.prefixQuery("UNION ALL SELECT %s" % conf.uChar)
for count in range(conf.uColsStart, conf.uColsStop+1):
if kb.dbms == DBMS.ORACLE and query.endswith(" FROM DUAL"):
if getIdentifiedDBMS() == DBMS.ORACLE and query.endswith(" FROM DUAL"):
query = query[:-len(" FROM DUAL")]
if count:
query += ", %s" % conf.uChar
if kb.dbms == DBMS.ORACLE:
if getIdentifiedDBMS() == DBMS.ORACLE:
query += " FROM DUAL"
status = '%d/%d (%d%s)' % (count, conf.uColsStop, round(100.0*count/conf.uColsStop), '%')

31
lib/techniques/inband/union/use.py
View File

@@ -14,6 +14,7 @@ from lib.core.agent import agent
from lib.core.common import calculateDeltaSeconds
from lib.core.common import clearConsoleLine
from lib.core.common import dataToStdout
from lib.core.common import getIdentifiedDBMS
from lib.core.common import getUnicode
from lib.core.common import initTechnique
from lib.core.common import parseUnionPage
@@ -65,12 +66,12 @@ def unionUse(expression, direct=False, unescape=True, resetCounter=False, nullCh
# NOTE: I assume that only queries that get data from a table can
# return multiple entries
if " FROM " in expression and "EXISTS(" not in expression:
limitRegExp = re.search(queries[kb.dbms].limitregexp.query, expression, re.I)
limitRegExp = re.search(queries[getIdentifiedDBMS()].limitregexp.query, expression, re.I)
if limitRegExp:
if kb.dbms in ( DBMS.MYSQL, DBMS.PGSQL ):
limitGroupStart = queries[kb.dbms].limitgroupstart.query
limitGroupStop = queries[kb.dbms].limitgroupstop.query
if getIdentifiedDBMS() in ( DBMS.MYSQL, DBMS.PGSQL ):
limitGroupStart = queries[getIdentifiedDBMS()].limitgroupstart.query
limitGroupStop = queries[getIdentifiedDBMS()].limitgroupstop.query
if limitGroupStart.isdigit():
startLimit = int(limitRegExp.group(int(limitGroupStart)))
@@ -78,9 +79,9 @@ def unionUse(expression, direct=False, unescape=True, resetCounter=False, nullCh
stopLimit = limitRegExp.group(int(limitGroupStop))
limitCond = int(stopLimit) > 1
elif kb.dbms in (DBMS.MSSQL, DBMS.SYBASE):
limitGroupStart = queries[kb.dbms].limitgroupstart.query
limitGroupStop = queries[kb.dbms].limitgroupstop.query
elif getIdentifiedDBMS() in (DBMS.MSSQL, DBMS.SYBASE):
limitGroupStart = queries[getIdentifiedDBMS()].limitgroupstart.query
limitGroupStop = queries[getIdentifiedDBMS()].limitgroupstop.query
if limitGroupStart.isdigit():
startLimit = int(limitRegExp.group(int(limitGroupStart)))
@@ -88,7 +89,7 @@ def unionUse(expression, direct=False, unescape=True, resetCounter=False, nullCh
stopLimit = limitRegExp.group(int(limitGroupStop))
limitCond = int(stopLimit) > 1
elif kb.dbms == DBMS.ORACLE:
elif getIdentifiedDBMS() == DBMS.ORACLE:
limitCond = False
else:
limitCond = True
@@ -102,12 +103,12 @@ def unionUse(expression, direct=False, unescape=True, resetCounter=False, nullCh
# From now on we need only the expression until the " LIMIT "
# (or similar, depending on the back-end DBMS) word
if kb.dbms in ( DBMS.MYSQL, DBMS.PGSQL ):
if getIdentifiedDBMS() in ( DBMS.MYSQL, DBMS.PGSQL ):
stopLimit += startLimit
untilLimitChar = expression.index(queries[kb.dbms].limitstring.query)
untilLimitChar = expression.index(queries[getIdentifiedDBMS()].limitstring.query)
expression = expression[:untilLimitChar]
elif kb.dbms in (DBMS.MSSQL, DBMS.SYBASE):
elif getIdentifiedDBMS() in (DBMS.MSSQL, DBMS.SYBASE):
stopLimit += startLimit
elif dump:
if conf.limitStart:
@@ -116,14 +117,14 @@ def unionUse(expression, direct=False, unescape=True, resetCounter=False, nullCh
stopLimit = conf.limitStop
if not stopLimit or stopLimit <= 1:
if kb.dbms == DBMS.ORACLE and expression.endswith("FROM DUAL"):
if getIdentifiedDBMS() == DBMS.ORACLE and expression.endswith("FROM DUAL"):
test = False
else:
test = True
if test:
# Count the number of SQL query entries output
countFirstField = queries[kb.dbms].count.query % expressionFieldsList[0]
countFirstField = queries[getIdentifiedDBMS()].count.query % expressionFieldsList[0]
countedExpression = origExpr.replace(expressionFields, countFirstField, 1)
if re.search(" ORDER BY ", expression, re.I):
@@ -171,9 +172,9 @@ def unionUse(expression, direct=False, unescape=True, resetCounter=False, nullCh
try:
for num in xrange(startLimit, stopLimit):
if kb.dbms in (DBMS.MSSQL, DBMS.SYBASE):
if getIdentifiedDBMS() in (DBMS.MSSQL, DBMS.SYBASE):
field = expressionFieldsList[0]
elif kb.dbms == DBMS.ORACLE:
elif getIdentifiedDBMS() == DBMS.ORACLE:
field = expressionFieldsList
else:
field = None