Minor enhancement to show the DBMS operating system (if fingerprinted)

also when only -b option is provided since it's an information that sqlmap get parsing the DBMS banner. Got rid completely of useless passive fuzzing.
2025-12-06 20:51:31 +00:00 · 2008-11-17 11:22:03 +00:00
parent 7d7170fc97
commit 66fb3c3033
7 changed files with 99 additions and 149 deletions
--- a/plugins/dbms/postgresql.py
+++ b/plugins/dbms/postgresql.py
@@ -40,7 +40,6 @@ from lib.core.settings import PGSQL_SYSTEM_DBS
 from lib.core.unescaper import unescaper
 from lib.parse.banner import bannerParser
 from lib.request import inject
-#from lib.utils.fuzzer import passiveFuzzing

 from plugins.generic.enumeration import Enumeration
 from plugins.generic.filesystem import Filesystem
@@ -118,7 +117,18 @@ class PostgreSQLMap(Fingerprint, Enumeration, Filesystem, Takeover):


    def getFingerprint(self):
-        value  = "back-end DBMS: "
+        value      = ""
+        info       = None
+        formatInfo = None
+
+        if self.banner:
+            info       = bannerParser(self.banner)
+            formatInfo = formatOSfp(info)
+
+        if formatInfo:
+            value += "%s\n" % formatInfo
+
+        value += "back-end DBMS: "

        if not conf.extensiveFp:
            value += "PostgreSQL"
@@ -129,23 +139,16 @@ class PostgreSQLMap(Fingerprint, Enumeration, Filesystem, Takeover):
        formatInfo  = None
        value      += "active fingerprint: %s" % actVer

-        if self.banner:
-            info       = bannerParser(self.banner)
-            formatInfo = formatOSfp(info)
-
+        if info:
            banVer = info['version']
            banVer = formatDBMSfp([banVer])
            value += "\n%sbanner parsing fingerprint: %s" % (blank, banVer)

-        #passiveFuzzing()
        htmlErrorFp = getHtmlErrorFp()

        if htmlErrorFp:
            value += "\n%shtml error message fingerprint: %s" % (blank, htmlErrorFp)

-        if formatInfo:
-            value += "\n%s" % formatInfo
-
        return value


@@ -157,6 +160,9 @@ class PostgreSQLMap(Fingerprint, Enumeration, Filesystem, Takeover):
        if conf.dbms in PGSQL_ALIASES:
            setDbms("PostgreSQL")

+            if conf.getBanner:
+                self.banner = inject.getValue("VERSION()")
+
            if not conf.extensiveFp:
                return True

@@ -180,6 +186,9 @@ class PostgreSQLMap(Fingerprint, Enumeration, Filesystem, Takeover):

            setDbms("PostgreSQL")

+            if conf.getBanner:
+                self.banner = inject.getValue("VERSION()")
+
            if not conf.extensiveFp:
                return True

@@ -215,9 +224,6 @@ class PostgreSQLMap(Fingerprint, Enumeration, Filesystem, Takeover):
            else:
                kb.dbmsVersion = ["< 6.2.0"]

-            if conf.getBanner:
-                self.banner = inject.getValue("VERSION()")
-
            return True
        else:
            warnMsg = "the back-end DMBS is not PostgreSQL"