PenTest/sqlmap
1
0
Fork 0
mirror of https://github.com/sqlmapproject/sqlmap.git synced 2025-12-06 12:41:30 +00:00
Code Issues Projects Releases Wiki Activity

SVN roll back, DB2 patch will be recommitted after testing:

Browse Source 
$ svn merge https://svn.sqlmap.org/sqlmap/trunk/sqlmap@HEAD https://svn.sqlmap.org/sqlmap/trunk/sqlmap@3847 .
This commit is contained in:
Bernardo Damele
2011-05-06 10:27:43 +00:00
parent 42bca80968
commit aae140080e
17 changed files with 30 additions and 505 deletions
Download Patch File Download Diff File Expand all files Collapse all files

98
plugins/generic/enumeration.py
View File

@@ -43,7 +43,6 @@ from lib.core.dicts import firebirdTypes
from lib.core.dicts import mysqlPrivs
from lib.core.dicts import pgsqlPrivs
from lib.core.dicts import firebirdPrivs
from lib.core.dicts import db2Privs
from lib.core.enums import DBMS
from lib.core.enums import EXPECTED
from lib.core.enums import PAYLOAD
@@ -99,14 +98,8 @@ class Enumeration:
infoMsg = "fetching banner"
logger.info(infoMsg)
# Needed for DB2 versions < 9
if Backend.isDbms(DBMS.DB2) and int(Backend.getVersion().split(".")[0]) < 9:
query = queries[Backend.getIdentifiedDbms()].banner.query2
kb.data.banner = unArrayizeValue(inject.getValue(query, safeCharEncode=False))
else:
query = queries[Backend.getIdentifiedDbms()].banner.query
kb.data.banner = unArrayizeValue(inject.getValue(query, safeCharEncode=False))
query = queries[Backend.getIdentifiedDbms()].banner.query
kb.data.banner = unArrayizeValue(inject.getValue(query, safeCharEncode=False))
bannerParser(kb.data.banner)
if conf.os and conf.os == "windows":
@@ -198,7 +191,7 @@ class Enumeration:
errMsg = "unable to retrieve the number of database users"
raise sqlmapNoneDataException, errMsg
if Backend.getIdentifiedDbms() in (DBMS.ORACLE, DBMS.DB2):
if Backend.isDbms(DBMS.ORACLE):
plusOne = True
else:
plusOne = False
@@ -426,7 +419,7 @@ class Enumeration:
logger.info(infoMsg)
if conf.user and Backend.getIdentifiedDbms() in (DBMS.ORACLE, DBMS.DB2):
if conf.user and Backend.isDbms(DBMS.ORACLE):
conf.user = conf.user.upper()
if conf.user:
@@ -566,7 +559,7 @@ class Enumeration:
privileges = set()
if Backend.getIdentifiedDbms() in (DBMS.ORACLE, DBMS.DB2):
if Backend.isDbms(DBMS.ORACLE):
plusOne = True
else:
plusOne = False
@@ -624,25 +617,6 @@ class Enumeration:
elif Backend.isDbms(DBMS.FIREBIRD):
privileges.add(firebirdPrivs[privilege.strip()])
# In DB2 we get Y or G if the privilege is
# True, N otherwise
elif Backend.isDbms(DBMS.DB2):
privs = privilege.split(",")
privilege = privs[0]
privs = privs[1]
privs = list(privs.strip())
i = 1
for priv in privs:
if priv.upper() in ("Y", "G"):
for position, db2Priv in db2Privs.items():
if position == i:
privilege += ", " + db2Priv
i += 1
privileges.add(privilege)
if self.__isAdminFromPrivileges(privileges):
areAdmins.add(user)
@@ -691,12 +665,6 @@ class Enumeration:
warnMsg += "names on other DBMSes"
logger.warn(warnMsg)
if Backend.isDbms(DBMS.DB2):
warnMsg = "schema names are going to be used on DB2 "
warnMsg += "for enumeration as the counterpart to database "
warnMsg += "names on other DBMSes"
logger.warn(warnMsg)
infoMsg = "fetching database (schema) names"
else:
infoMsg = "fetching database names"
@@ -729,7 +697,7 @@ class Enumeration:
errMsg = "unable to retrieve the number of databases"
logger.error(errMsg)
else:
if Backend.getIdentifiedDbms() in (DBMS.ORACLE, DBMS.DB2):
if Backend.isDbms(DBMS.ORACLE):
plusOne = True
else:
plusOne = False
@@ -790,7 +758,7 @@ class Enumeration:
if conf.db == "CD":
conf.db = self.getCurrentDb()
if conf.db and Backend.getIdentifiedDbms() in (DBMS.ORACLE, DBMS.DB2):
if conf.db and Backend.isDbms(DBMS.ORACLE):
conf.db = conf.db.upper()
if conf.db:
@@ -902,7 +870,7 @@ class Enumeration:
tables = []
if Backend.getIdentifiedDbms() in (DBMS.ORACLE, DBMS.DB2):
if Backend.isDbms(DBMS.ORACLE):
plusOne = True
else:
plusOne = False
@@ -946,14 +914,10 @@ class Enumeration:
warnMsg += "table(s) columns"
logger.warn(warnMsg)
# In DB2 we use the current user as default schema (db)
if Backend.isDbms(DBMS.DB2):
conf.db = self.getCurrentUser()
else:
conf.db = self.getCurrentDb()
conf.db = self.getCurrentDb()
elif conf.db is not None:
if Backend.getIdentifiedDbms() in (DBMS.ORACLE, DBMS.DB2):
if Backend.isDbms(DBMS.ORACLE):
conf.db = conf.db.upper()
if ',' in conf.db:
@@ -964,7 +928,7 @@ class Enumeration:
conf.db = safeSQLIdentificatorNaming(conf.db)
if conf.col:
if Backend.getIdentifiedDbms() in (DBMS.ORACLE, DBMS.DB2):
if Backend.isDbms(DBMS.ORACLE):
conf.col = conf.col.upper()
colList = conf.col.split(",")
@@ -975,7 +939,7 @@ class Enumeration:
colList[colList.index(col)] = safeSQLIdentificatorNaming(col)
if conf.tbl:
if Backend.getIdentifiedDbms() in (DBMS.ORACLE, DBMS.DB2):
if Backend.isDbms(DBMS.ORACLE):
conf.tbl = conf.tbl.upper()
tblList = conf.tbl.split(",")
@@ -1141,7 +1105,7 @@ class Enumeration:
query = rootQuery.blind.count % (unsafeSQLIdentificatorNaming(tbl), unsafeSQLIdentificatorNaming(conf.db))
query += condQuery
elif Backend.getIdentifiedDbms() in (DBMS.ORACLE, DBMS.DB2):
elif Backend.isDbms(DBMS.ORACLE):
query = rootQuery.blind.count % unsafeSQLIdentificatorNaming(tbl.upper())
query += condQuery
@@ -1180,7 +1144,7 @@ class Enumeration:
query = rootQuery.blind.query % (unsafeSQLIdentificatorNaming(tbl), unsafeSQLIdentificatorNaming(conf.db))
query += condQuery
field = None
elif Backend.getIdentifiedDbms() in (DBMS.ORACLE, DBMS.DB2):
elif Backend.isDbms(DBMS.ORACLE):
query = rootQuery.blind.query % unsafeSQLIdentificatorNaming(tbl.upper())
query += condQuery
field = None
@@ -1202,7 +1166,7 @@ class Enumeration:
if not onlyColNames:
if Backend.getIdentifiedDbms() in ( DBMS.MYSQL, DBMS.PGSQL ):
query = rootQuery.blind.query2 % (unsafeSQLIdentificatorNaming(tbl), column, unsafeSQLIdentificatorNaming(conf.db))
elif Backend.getIdentifiedDbms() in (DBMS.ORACLE, DBMS.DB2):
elif Backend.isDbms(DBMS.ORACLE):
query = rootQuery.blind.query2 % (unsafeSQLIdentificatorNaming(tbl.upper()), column)
elif Backend.isDbms(DBMS.MSSQL):
query = rootQuery.blind.query2 % (conf.db, conf.db, conf.db,
@@ -1302,11 +1266,7 @@ class Enumeration:
warnMsg += "number of entries for table '%s'" % conf.tbl
logger.warn(warnMsg)
# In DB2 we use the current user as default schema (db)
if Backend.isDbms(DBMS.DB2):
conf.db = self.getCurrentUser()
else:
conf.db = self.getCurrentDb()
conf.db = self.getCurrentDb()
self.forceDbmsEnum()
@@ -1459,11 +1419,7 @@ class Enumeration:
warnMsg += "'%s' entries" % conf.tbl
logger.warn(warnMsg)
# In DB2 we use the current user as default schema (db)
if Backend.isDbms(DBMS.DB2):
conf.db = self.getCurrentUser()
else:
conf.db = self.getCurrentDb()
conf.db = self.getCurrentDb()
rootQuery = queries[Backend.getIdentifiedDbms()].dump_table
@@ -1585,7 +1541,7 @@ class Enumeration:
infoMsg += "on database '%s'" % conf.db
logger.info(infoMsg)
if Backend.getIdentifiedDbms() in (DBMS.ORACLE, DBMS.DB2):
if Backend.isDbms(DBMS.ORACLE):
query = rootQuery.blind.count % (conf.tbl.upper() if not conf.db else ("%s.%s" % (conf.db.upper(), conf.tbl.upper())))
elif Backend.getIdentifiedDbms() in (DBMS.SQLITE, DBMS.ACCESS, DBMS.FIREBIRD):
query = rootQuery.blind.count % conf.tbl
@@ -1625,7 +1581,7 @@ class Enumeration:
entries, lengths = retVal
else:
if Backend.getIdentifiedDbms() in (DBMS.ORACLE, DBMS.DB2):
if Backend.isDbms(DBMS.ORACLE):
plusOne = True
else:
plusOne = False
@@ -1642,7 +1598,7 @@ class Enumeration:
if Backend.getIdentifiedDbms() in ( DBMS.MYSQL, DBMS.PGSQL ):
query = rootQuery.blind.query % (column, conf.db,
conf.tbl, index)
elif Backend.getIdentifiedDbms() in (DBMS.ORACLE, DBMS.DB2):
elif Backend.isDbms(DBMS.ORACLE):
query = rootQuery.blind.query % (column, column,
conf.tbl.upper() if not conf.db else ("%s.%s" % (conf.db.upper(), conf.tbl.upper())),
index)
@@ -1818,9 +1774,6 @@ class Enumeration:
for db in dbList:
db = safeSQLIdentificatorNaming(db)
if Backend.isDbms(DBMS.DB2):
db = db.upper()
infoMsg = "searching database"
if dbConsider == "1":
infoMsg += "s like"
@@ -1886,8 +1839,6 @@ class Enumeration:
query = rootQuery.blind.query
query += dbQuery
query += exclDbsQuery
if Backend.isDbms(DBMS.DB2):
query += ") AS foobar"
query = agent.limitQuery(index, query, dbCond)
value = inject.getValue(query, inband=False, error=False)
@@ -1933,7 +1884,7 @@ class Enumeration:
for tbl in tblList:
tbl = safeSQLIdentificatorNaming(tbl, True)
if Backend.getIdentifiedDbms() in (DBMS.ORACLE, DBMS.DB2):
if Backend.isDbms(DBMS.ORACLE):
tbl = tbl.upper()
infoMsg = "searching table"
@@ -2000,8 +1951,6 @@ class Enumeration:
query = rootQuery.blind.query
query += tblQuery
query += exclDbsQuery
if Backend.getIdentifiedDbms() == DBMS.DB2:
query += ") AS foobar"
query = agent.limitQuery(index, query)
foundDb = inject.getValue(query, inband=False, error=False)
foundDb = safeSQLIdentificatorNaming(foundDb)
@@ -2099,9 +2048,6 @@ class Enumeration:
for column in colList:
column = safeSQLIdentificatorNaming(column)
if Backend.isDbms(DBMS.DB2):
column = column.upper()
infoMsg = "searching column"
if colConsider == "1":
infoMsg += "s like"
@@ -2186,8 +2132,6 @@ class Enumeration:
query = rootQuery.blind.query
query += colQuery
query += exclDbsQuery
if Backend.isDbms(DBMS.DB2):
query += ") AS foobar"
query = agent.limitQuery(index, query)
db = inject.getValue(query, inband=False, error=False)
db = safeSQLIdentificatorNaming(db)