PenTest/sqlmap
1
0
Fork 0
mirror of https://github.com/sqlmapproject/sqlmap.git synced 2025-12-06 12:41:30 +00:00
Code Issues Projects Releases Wiki Activity

refactoring, cleanup and improvement

Browse Source
This commit is contained in:
Miroslav Stampar
2011-03-29 21:54:15 +00:00
parent adfbfef8c1
commit b6af80bab3
7 changed files with 135 additions and 134 deletions
Download Patch File Download Diff File Expand all files Collapse all files

158
plugins/generic/enumeration.py
View File

@@ -29,8 +29,10 @@ from lib.core.common import pushValue
from lib.core.common import randomStr
from lib.core.common import readInput
from lib.core.common import safeStringFormat
from lib.core.common import safeSQLIdentificatorNaming
from lib.core.common import strToHex
from lib.core.common import unArrayizeValue
from lib.core.common import unsafeSQLIdentificatorNaming
from lib.core.convert import utf8decode
from lib.core.data import conf
from lib.core.data import kb
@@ -750,7 +752,7 @@ class Enumeration:
else:
return tables
conf.db = self.__safeSQLIdentificatorNaming(conf.db)
conf.db = safeSQLIdentificatorNaming(conf.db)
if bruteForce:
resumeAvailable = False
@@ -807,12 +809,12 @@ class Enumeration:
if "," in conf.db:
dbs = conf.db.split(",")
query += " WHERE "
query += " OR ".join("%s = '%s'" % (condition, self.__unsafeSQLIdentificatorNaming(db)) for db in dbs)
query += " OR ".join("%s = '%s'" % (condition, unsafeSQLIdentificatorNaming(db)) for db in dbs)
else:
query += " WHERE %s='%s'" % (condition, self.__unsafeSQLIdentificatorNaming(conf.db))
query += " WHERE %s='%s'" % (condition, unsafeSQLIdentificatorNaming(conf.db))
elif conf.excludeSysDbs:
query += " WHERE "
query += " AND ".join("%s != '%s'" % (condition, self.__unsafeSQLIdentificatorNaming(db)) for db in self.excludeDbsList)
query += " AND ".join("%s != '%s'" % (condition, unsafeSQLIdentificatorNaming(db)) for db in self.excludeDbsList)
infoMsg = "skipping system databases '%s'" % ", ".join(db for db in self.excludeDbsList)
logger.info(infoMsg)
@@ -835,8 +837,8 @@ class Enumeration:
value = newValue
for db, table in value:
db = self.__safeSQLIdentificatorNaming(db)
table = self.__safeSQLIdentificatorNaming(table, True)
db = safeSQLIdentificatorNaming(db)
table = safeSQLIdentificatorNaming(table, True)
if not kb.data.cachedTables.has_key(db):
kb.data.cachedTables[db] = [table]
else:
@@ -857,7 +859,7 @@ class Enumeration:
if Backend.getIdentifiedDbms() in (DBMS.SQLITE, DBMS.FIREBIRD, DBMS.MAXDB, DBMS.ACCESS):
query = rootQuery.blind.count
else:
query = rootQuery.blind.count % self.__unsafeSQLIdentificatorNaming(db)
query = rootQuery.blind.count % unsafeSQLIdentificatorNaming(db)
count = inject.getValue(query, inband=False, error=False, expected=EXPECTED.INT, charsetType=2)
if not isNumPosStrValue(count):
@@ -882,10 +884,10 @@ class Enumeration:
elif Backend.getIdentifiedDbms() in (DBMS.SQLITE, DBMS.FIREBIRD):
query = rootQuery.blind.query % index
else:
query = rootQuery.blind.query % (self.__unsafeSQLIdentificatorNaming(db), index)
query = rootQuery.blind.query % (unsafeSQLIdentificatorNaming(db), index)
table = inject.getValue(query, inband=False, error=False)
kb.hintValue = table
table = self.__safeSQLIdentificatorNaming(table, True)
table = safeSQLIdentificatorNaming(table, True)
tables.append(table)
if tables:
@@ -934,8 +936,8 @@ class Enumeration:
logger.error(errMsg)
bruteForce = True
conf.tbl = self.__safeSQLIdentificatorNaming(conf.tbl, True)
conf.db = self.__safeSQLIdentificatorNaming(conf.db)
conf.tbl = safeSQLIdentificatorNaming(conf.tbl, True)
conf.db = safeSQLIdentificatorNaming(conf.db)
if bruteForce:
resumeAvailable = False
@@ -974,8 +976,8 @@ class Enumeration:
if Backend.getIdentifiedDbms() == DBMS.ORACLE:
conf.col = conf.col.upper()
colList = conf.col.split(",")
condQuery = " AND (" + " OR ".join("%s LIKE '%s'" % (condition, "%" + self.__unsafeSQLIdentificatorNaming(col) + "%") for col in colList) + ")"
infoMsg += "like '%s' " % ", ".join(self.__unsafeSQLIdentificatorNaming(col) for col in colList)
condQuery = " AND (" + " OR ".join("%s LIKE '%s'" % (condition, "%" + unsafeSQLIdentificatorNaming(col) + "%") for col in colList) + ")"
infoMsg += "like '%s' " % ", ".join(unsafeSQLIdentificatorNaming(col) for col in colList)
else:
condQuery = ""
@@ -985,16 +987,16 @@ class Enumeration:
if isTechniqueAvailable(PAYLOAD.TECHNIQUE.UNION) or isTechniqueAvailable(PAYLOAD.TECHNIQUE.ERROR) or conf.direct:
if Backend.getIdentifiedDbms() in ( DBMS.MYSQL, DBMS.PGSQL ):
query = rootQuery.inband.query % (self.__unsafeSQLIdentificatorNaming(conf.tbl), self.__unsafeSQLIdentificatorNaming(conf.db))
query = rootQuery.inband.query % (unsafeSQLIdentificatorNaming(conf.tbl), unsafeSQLIdentificatorNaming(conf.db))
query += condQuery
elif Backend.getIdentifiedDbms() == DBMS.ORACLE:
query = rootQuery.inband.query % self.__unsafeSQLIdentificatorNaming(conf.tbl.upper())
query = rootQuery.inband.query % unsafeSQLIdentificatorNaming(conf.tbl.upper())
query += condQuery
elif Backend.getIdentifiedDbms() == DBMS.MSSQL:
query = rootQuery.inband.query % (conf.db, conf.db,
conf.db, conf.db,
conf.db, conf.db,
conf.db, self.__unsafeSQLIdentificatorNaming(conf.tbl))
conf.db, unsafeSQLIdentificatorNaming(conf.tbl))
query += condQuery.replace("[DB]", conf.db)
elif Backend.getIdentifiedDbms() == DBMS.SQLITE:
query = rootQuery.inband.query % conf.tbl
@@ -1008,7 +1010,7 @@ class Enumeration:
columns = {}
for columnData in value:
name = self.__safeSQLIdentificatorNaming(columnData[0])
name = safeSQLIdentificatorNaming(columnData[0])
if len(columnData) == 1:
columns[name] = ""
@@ -1025,16 +1027,16 @@ class Enumeration:
logger.info(infoMsg)
if Backend.getIdentifiedDbms() in ( DBMS.MYSQL, DBMS.PGSQL ):
query = rootQuery.blind.count % (self.__unsafeSQLIdentificatorNaming(conf.tbl), self.__unsafeSQLIdentificatorNaming(conf.db))
query = rootQuery.blind.count % (unsafeSQLIdentificatorNaming(conf.tbl), unsafeSQLIdentificatorNaming(conf.db))
query += condQuery
elif Backend.getIdentifiedDbms() == DBMS.ORACLE:
query = rootQuery.blind.count % self.__unsafeSQLIdentificatorNaming(conf.tbl.upper())
query = rootQuery.blind.count % unsafeSQLIdentificatorNaming(conf.tbl.upper())
query += condQuery
elif Backend.getIdentifiedDbms() in DBMS.MSSQL:
query = rootQuery.blind.count % (conf.db, conf.db, \
self.__unsafeSQLIdentificatorNaming(conf.tbl))
unsafeSQLIdentificatorNaming(conf.tbl))
query += condQuery.replace("[DB]", conf.db)
elif Backend.getIdentifiedDbms() == DBMS.FIREBIRD:
@@ -1062,18 +1064,18 @@ class Enumeration:
for index in indexRange:
if Backend.getIdentifiedDbms() in ( DBMS.MYSQL, DBMS.PGSQL ):
query = rootQuery.blind.query % (self.__unsafeSQLIdentificatorNaming(conf.tbl), self.__unsafeSQLIdentificatorNaming(conf.db))
query = rootQuery.blind.query % (unsafeSQLIdentificatorNaming(conf.tbl), unsafeSQLIdentificatorNaming(conf.db))
query += condQuery
field = None
elif Backend.getIdentifiedDbms() == DBMS.ORACLE:
query = rootQuery.blind.query % self.__unsafeSQLIdentificatorNaming(conf.tbl.upper())
query = rootQuery.blind.query % unsafeSQLIdentificatorNaming(conf.tbl.upper())
query += condQuery
field = None
elif Backend.getIdentifiedDbms() in (DBMS.MSSQL, DBMS.SYBASE):
query = rootQuery.blind.query % (conf.db, conf.db,
conf.db, conf.db,
conf.db, conf.db,
self.__unsafeSQLIdentificatorNaming(conf.tbl))
unsafeSQLIdentificatorNaming(conf.tbl))
query += condQuery.replace("[DB]", conf.db)
field = condition.replace("[DB]", conf.db)
elif Backend.getIdentifiedDbms() == DBMS.FIREBIRD:
@@ -1086,13 +1088,13 @@ class Enumeration:
if not onlyColNames:
if Backend.getIdentifiedDbms() in ( DBMS.MYSQL, DBMS.PGSQL ):
query = rootQuery.blind.query2 % (self.__unsafeSQLIdentificatorNaming(conf.tbl), column, self.__unsafeSQLIdentificatorNaming(conf.db))
query = rootQuery.blind.query2 % (unsafeSQLIdentificatorNaming(conf.tbl), column, unsafeSQLIdentificatorNaming(conf.db))
elif Backend.getIdentifiedDbms() == DBMS.ORACLE:
query = rootQuery.blind.query2 % (self.__unsafeSQLIdentificatorNaming(conf.tbl.upper()), column)
query = rootQuery.blind.query2 % (unsafeSQLIdentificatorNaming(conf.tbl.upper()), column)
elif Backend.getIdentifiedDbms() == DBMS.MSSQL:
query = rootQuery.blind.query2 % (conf.db, conf.db, conf.db,
conf.db, column, conf.db,
conf.db, conf.db, self.__unsafeSQLIdentificatorNaming(conf.tbl))
conf.db, conf.db, unsafeSQLIdentificatorNaming(conf.tbl))
elif Backend.getIdentifiedDbms() == DBMS.FIREBIRD:
query = rootQuery.blind.query2 % (conf.tbl, column)
@@ -1101,10 +1103,10 @@ class Enumeration:
if Backend.getIdentifiedDbms() == DBMS.FIREBIRD:
colType = firebirdTypes[colType] if colType in firebirdTypes else colType
column = self.__safeSQLIdentificatorNaming(column)
column = safeSQLIdentificatorNaming(column)
columns[column] = colType
else:
column = self.__safeSQLIdentificatorNaming(column)
column = safeSQLIdentificatorNaming(column)
columns[column] = None
if columns:
@@ -1209,40 +1211,6 @@ class Enumeration:
return entries, lengths
def __safeSQLIdentificatorNaming(self, value, isTable=False):
"""
Returns a safe representation of SQL identificator name
"""
retVal = value
if isinstance(value, basestring):
if isTable and Backend.getIdentifiedDbms() in (DBMS.MSSQL, DBMS.SYBASE) and '.' not in value:
value = "%s.%s" % (DEFAULT_MSSQL_SCHEMA, value)
parts = value.split('.')
for i in range(len(parts)):
if not re.match(r"\A[A-Za-z0-9_]+\Z", parts[i]):
if Backend.getIdentifiedDbms() in (DBMS.MYSQL, DBMS.ACCESS):
parts[i] = "`%s`" % parts[i].strip("`")
elif Backend.getIdentifiedDbms() in (DBMS.MSSQL, DBMS.ORACLE, DBMS.PGSQL):
parts[i] = "\"%s\"" % parts[i].strip("\"")
retVal = ".".join(parts)
return retVal
def __unsafeSQLIdentificatorNaming(self, value):
"""
Extracts identificator's name from it's safe SQL representation
"""
retVal = value
if isinstance(value, basestring):
if Backend.getIdentifiedDbms() in (DBMS.MYSQL, DBMS.ACCESS):
retVal = value.replace("`", "")
elif Backend.getIdentifiedDbms() in (DBMS.MSSQL, DBMS.ORACLE, DBMS.PGSQL):
retVal = value.replace("\"", "")
if Backend.getIdentifiedDbms() in (DBMS.MSSQL, DBMS.SYBASE):
retVal = retVal.lstrip("%s." % DEFAULT_MSSQL_SCHEMA)
return retVal
def dumpTable(self):
if not conf.tbl and not conf.col:
errMsg = "missing table parameter"
@@ -1273,8 +1241,8 @@ class Enumeration:
rootQuery = queries[Backend.getIdentifiedDbms()].dump_table
conf.tbl = self.__safeSQLIdentificatorNaming(conf.tbl, True)
conf.db = self.__safeSQLIdentificatorNaming(conf.db)
conf.tbl = safeSQLIdentificatorNaming(conf.tbl, True)
conf.db = safeSQLIdentificatorNaming(conf.db)
if conf.col:
colList = conf.col.split(",")
@@ -1605,23 +1573,23 @@ class Enumeration:
dbConsider, dbCondParam = self.likeOrExact("database")
for db in dbList:
db = self.__safeSQLIdentificatorNaming(db)
db = safeSQLIdentificatorNaming(db)
infoMsg = "searching database"
if dbConsider == "1":
infoMsg += "s like"
infoMsg += " '%s'" % self.__unsafeSQLIdentificatorNaming(db)
infoMsg += " '%s'" % unsafeSQLIdentificatorNaming(db)
logger.info(infoMsg)
if conf.excludeSysDbs:
exclDbsQuery = "".join(" AND '%s' != %s" % (self.__unsafeSQLIdentificatorNaming(db), dbCond) for db in self.excludeDbsList)
exclDbsQuery = "".join(" AND '%s' != %s" % (unsafeSQLIdentificatorNaming(db), dbCond) for db in self.excludeDbsList)
infoMsg = "skipping system databases '%s'" % ", ".join(db for db in self.excludeDbsList)
logger.info(infoMsg)
else:
exclDbsQuery = ""
dbQuery = "%s%s" % (dbCond, dbCondParam)
dbQuery = dbQuery % self.__unsafeSQLIdentificatorNaming(db)
dbQuery = dbQuery % unsafeSQLIdentificatorNaming(db)
if isTechniqueAvailable(PAYLOAD.TECHNIQUE.UNION) or isTechniqueAvailable(PAYLOAD.TECHNIQUE.ERROR) or conf.direct:
if Backend.getIdentifiedDbms() == DBMS.MYSQL and not kb.data.has_information_schema:
@@ -1637,13 +1605,13 @@ class Enumeration:
values = [ values ]
for value in values:
value = self.__safeSQLIdentificatorNaming(value)
value = safeSQLIdentificatorNaming(value)
foundDbs.append(value)
else:
infoMsg = "fetching number of databases"
if dbConsider == "1":
infoMsg += "s like"
infoMsg += " '%s'" % self.__unsafeSQLIdentificatorNaming(db)
infoMsg += " '%s'" % unsafeSQLIdentificatorNaming(db)
logger.info(infoMsg)
if Backend.getIdentifiedDbms() == DBMS.MYSQL and not kb.data.has_information_schema:
@@ -1658,7 +1626,7 @@ class Enumeration:
warnMsg = "no database"
if dbConsider == "1":
warnMsg += "s like"
warnMsg += " '%s' found" % self.__unsafeSQLIdentificatorNaming(db)
warnMsg += " '%s' found" % unsafeSQLIdentificatorNaming(db)
logger.warn(warnMsg)
continue
@@ -1675,7 +1643,7 @@ class Enumeration:
query = agent.limitQuery(index, query, dbCond)
value = inject.getValue(query, inband=False, error=False)
value = self.__safeSQLIdentificatorNaming(value)
value = safeSQLIdentificatorNaming(value)
foundDbs.append(value)
return foundDbs
@@ -1715,7 +1683,7 @@ class Enumeration:
tblConsider, tblCondParam = self.likeOrExact("table")
for tbl in tblList:
tbl = self.__safeSQLIdentificatorNaming(tbl, True)
tbl = safeSQLIdentificatorNaming(tbl, True)
if Backend.getIdentifiedDbms() == DBMS.ORACLE:
tbl = tbl.upper()
@@ -1723,11 +1691,11 @@ class Enumeration:
infoMsg = "searching table"
if tblConsider == "1":
infoMsg += "s like"
infoMsg += " '%s'" % self.__unsafeSQLIdentificatorNaming(tbl)
infoMsg += " '%s'" % unsafeSQLIdentificatorNaming(tbl)
logger.info(infoMsg)
if conf.excludeSysDbs:
exclDbsQuery = "".join(" AND '%s' != %s" % (self.__unsafeSQLIdentificatorNaming(db), dbCond) for db in self.excludeDbsList)
exclDbsQuery = "".join(" AND '%s' != %s" % (unsafeSQLIdentificatorNaming(db), dbCond) for db in self.excludeDbsList)
infoMsg = "skipping system databases '%s'" % ", ".join(db for db in self.excludeDbsList)
logger.info(infoMsg)
else:
@@ -1747,8 +1715,8 @@ class Enumeration:
values = [ values ]
for foundDb, foundTbl in values:
foundDb = self.__safeSQLIdentificatorNaming(foundDb)
foundTbl = self.__safeSQLIdentificatorNaming(foundTbl, True)
foundDb = safeSQLIdentificatorNaming(foundDb)
foundTbl = safeSQLIdentificatorNaming(foundTbl, True)
if foundDb is None or foundTbl is None:
continue
@@ -1761,7 +1729,7 @@ class Enumeration:
infoMsg = "fetching number of databases with table"
if tblConsider == "1":
infoMsg += "s like"
infoMsg += " '%s'" % self.__unsafeSQLIdentificatorNaming(tbl)
infoMsg += " '%s'" % unsafeSQLIdentificatorNaming(tbl)
logger.info(infoMsg)
query = rootQuery.blind.count
@@ -1773,7 +1741,7 @@ class Enumeration:
warnMsg = "no databases have table"
if tblConsider == "1":
warnMsg += "s like"
warnMsg += " '%s'" % self.__unsafeSQLIdentificatorNaming(tbl)
warnMsg += " '%s'" % unsafeSQLIdentificatorNaming(tbl)
logger.warn(warnMsg)
continue
@@ -1786,7 +1754,7 @@ class Enumeration:
query += exclDbsQuery
query = agent.limitQuery(index, query)
foundDb = inject.getValue(query, inband=False, error=False)
foundDb = self.__safeSQLIdentificatorNaming(foundDb)
foundDb = safeSQLIdentificatorNaming(foundDb)
if foundDb not in foundTbls:
foundTbls[foundDb] = []
@@ -1798,16 +1766,16 @@ class Enumeration:
continue
for db in foundTbls.keys():
db = self.__safeSQLIdentificatorNaming(db)
db = safeSQLIdentificatorNaming(db)
infoMsg = "fetching number of table"
if tblConsider == "1":
infoMsg += "s like"
infoMsg += " '%s' in database '%s'" % (self.__unsafeSQLIdentificatorNaming(tbl), db)
infoMsg += " '%s' in database '%s'" % (unsafeSQLIdentificatorNaming(tbl), db)
logger.info(infoMsg)
query = rootQuery.blind.count2
query = query % self.__unsafeSQLIdentificatorNaming(db)
query = query % unsafeSQLIdentificatorNaming(db)
query += " AND %s" % tblQuery
count = inject.getValue(query, inband=False, error=False, expected=EXPECTED.INT, charsetType=2)
@@ -1815,7 +1783,7 @@ class Enumeration:
warnMsg = "no table"
if tblConsider == "1":
warnMsg += "s like"
warnMsg += " '%s' " % self.__unsafeSQLIdentificatorNaming(tbl)
warnMsg += " '%s' " % unsafeSQLIdentificatorNaming(tbl)
warnMsg += "in database '%s'" % db
logger.warn(warnMsg)
@@ -1825,12 +1793,12 @@ class Enumeration:
for index in indexRange:
query = rootQuery.blind.query2
query = query % self.__unsafeSQLIdentificatorNaming(db)
query = query % unsafeSQLIdentificatorNaming(db)
query += " AND %s" % tblQuery
query = agent.limitQuery(index, query)
foundTbl = inject.getValue(query, inband=False, error=False)
kb.hintValue = foundTbl
foundTbl = self.__safeSQLIdentificatorNaming(foundTbl, True)
foundTbl = safeSQLIdentificatorNaming(foundTbl, True)
foundTbls[db].append(foundTbl)
return foundTbls
@@ -1879,12 +1847,12 @@ class Enumeration:
colConsider, colCondParam = self.likeOrExact("column")
for column in colList:
column = self.__safeSQLIdentificatorNaming(column)
column = safeSQLIdentificatorNaming(column)
infoMsg = "searching column"
if colConsider == "1":
infoMsg += "s like"
infoMsg += " '%s'" % self.__unsafeSQLIdentificatorNaming(column)
infoMsg += " '%s'" % unsafeSQLIdentificatorNaming(column)
logger.info(infoMsg)
foundCols[column] = {}
@@ -1897,7 +1865,7 @@ class Enumeration:
exclDbsQuery = ""
colQuery = "%s%s" % (colCond, colCondParam)
colQuery = colQuery % self.__unsafeSQLIdentificatorNaming(column)
colQuery = colQuery % unsafeSQLIdentificatorNaming(column)
if isTechniqueAvailable(PAYLOAD.TECHNIQUE.UNION) or isTechniqueAvailable(PAYLOAD.TECHNIQUE.ERROR) or conf.direct:
query = rootQuery.inband.query
@@ -1910,8 +1878,8 @@ class Enumeration:
values = [ values ]
for foundDb, foundTbl in values:
foundDb = self.__safeSQLIdentificatorNaming(foundDb)
foundTbl = self.__safeSQLIdentificatorNaming(foundTbl, True)
foundDb = safeSQLIdentificatorNaming(foundDb)
foundTbl = safeSQLIdentificatorNaming(foundTbl, True)
if foundDb is None or foundTbl is None:
continue
@@ -1967,7 +1935,7 @@ class Enumeration:
query += exclDbsQuery
query = agent.limitQuery(index, query)
db = inject.getValue(query, inband=False, error=False)
db = self.__safeSQLIdentificatorNaming(db)
db = safeSQLIdentificatorNaming(db)
if db not in dbs:
dbs[db] = {}
@@ -1980,12 +1948,12 @@ class Enumeration:
colQuery = colQuery % column
for db in dbData:
db = self.__safeSQLIdentificatorNaming(db)
db = safeSQLIdentificatorNaming(db)
infoMsg = "fetching number of tables containing column"
if colConsider == "1":
infoMsg += "s like"
infoMsg += " '%s' in database '%s'" % (self.__unsafeSQLIdentificatorNaming(column), db)
infoMsg += " '%s' in database '%s'" % (unsafeSQLIdentificatorNaming(column), db)
logger.info(infoMsg)
query = rootQuery.blind.count2
@@ -2013,7 +1981,7 @@ class Enumeration:
tbl = inject.getValue(query, inband=False, error=False)
kb.hintValue = tbl
tbl = self.__safeSQLIdentificatorNaming(tbl, True)
tbl = safeSQLIdentificatorNaming(tbl, True)
if tbl not in dbs[db]:
dbs[db][tbl] = {}