mirror of
https://github.com/sqlmapproject/sqlmap.git
synced 2026-01-10 08:39:01 +00:00
Major code refactoring - centralized all kb.dbms* info for both retrieval and set.
This commit is contained in:
Bernardo Damele
@@ -8,7 +8,7 @@ See the file 'doc/COPYING' for copying permission
|
||||
"""
|
||||
|
||||
from lib.core.common import dataToStdout
|
||||
from lib.core.common import getIdentifiedDBMS
|
||||
from lib.core.common import backend
|
||||
from lib.core.common import isTechniqueAvailable
|
||||
from lib.core.common import readInput
|
||||
from lib.core.data import conf
|
||||
@@ -41,10 +41,10 @@ class Abstraction(Web, UDF, xp_cmdshell):
|
||||
if self.webBackdoorUrl and not isTechniqueAvailable(PAYLOAD.TECHNIQUE.STACKED):
|
||||
self.webBackdoorRunCmd(cmd)
|
||||
|
||||
elif getIdentifiedDBMS() in ( DBMS.MYSQL, DBMS.PGSQL ):
|
||||
elif backend.getIdentifiedDbms() in ( DBMS.MYSQL, DBMS.PGSQL ):
|
||||
self.udfExecCmd(cmd, silent=silent)
|
||||
|
||||
elif getIdentifiedDBMS() == DBMS.MSSQL:
|
||||
elif backend.getIdentifiedDbms() == DBMS.MSSQL:
|
||||
self.xpCmdshellExecCmd(cmd, silent=silent)
|
||||
|
||||
else:
|
||||
@@ -55,10 +55,10 @@ class Abstraction(Web, UDF, xp_cmdshell):
|
||||
if self.webBackdoorUrl and not isTechniqueAvailable(PAYLOAD.TECHNIQUE.STACKED):
|
||||
return self.webBackdoorRunCmd(cmd)
|
||||
|
||||
elif getIdentifiedDBMS() in ( DBMS.MYSQL, DBMS.PGSQL ):
|
||||
elif backend.getIdentifiedDbms() in ( DBMS.MYSQL, DBMS.PGSQL ):
|
||||
return self.udfEvalCmd(cmd, first, last)
|
||||
|
||||
elif getIdentifiedDBMS() == DBMS.MSSQL:
|
||||
elif backend.getIdentifiedDbms() == DBMS.MSSQL:
|
||||
return self.xpCmdshellEvalCmd(cmd, first, last)
|
||||
|
||||
else:
|
||||
@@ -93,13 +93,13 @@ class Abstraction(Web, UDF, xp_cmdshell):
|
||||
logger.info(infoMsg)
|
||||
|
||||
else:
|
||||
if getIdentifiedDBMS() in ( DBMS.MYSQL, DBMS.PGSQL ):
|
||||
if backend.getIdentifiedDbms() in ( DBMS.MYSQL, DBMS.PGSQL ):
|
||||
infoMsg = "going to use injected sys_eval and sys_exec "
|
||||
infoMsg += "user-defined functions for operating system "
|
||||
infoMsg += "command execution"
|
||||
logger.info(infoMsg)
|
||||
|
||||
elif getIdentifiedDBMS() == DBMS.MSSQL:
|
||||
elif backend.getIdentifiedDbms() == DBMS.MSSQL:
|
||||
infoMsg = "going to use xp_cmdshell extended procedure for "
|
||||
infoMsg += "operating system command execution"
|
||||
logger.info(infoMsg)
|
||||
@@ -151,9 +151,9 @@ class Abstraction(Web, UDF, xp_cmdshell):
|
||||
warnMsg += "the session user is not a database administrator"
|
||||
logger.warn(warnMsg)
|
||||
|
||||
if getIdentifiedDBMS() in ( DBMS.MYSQL, DBMS.PGSQL ):
|
||||
if backend.getIdentifiedDbms() in ( DBMS.MYSQL, DBMS.PGSQL ):
|
||||
self.udfInjectSys()
|
||||
elif getIdentifiedDBMS() == DBMS.MSSQL:
|
||||
elif backend.getIdentifiedDbms() == DBMS.MSSQL:
|
||||
if mandatory:
|
||||
self.xpCmdshellInit()
|
||||
else:
|
||||
|
||||
@@ -19,7 +19,7 @@ from subprocess import PIPE
|
||||
from subprocess import Popen as execute
|
||||
|
||||
from lib.core.common import dataToStdout
|
||||
from lib.core.common import getIdentifiedDBMS
|
||||
from lib.core.common import backend
|
||||
from lib.core.common import getLocalIP
|
||||
from lib.core.common import getRemoteIP
|
||||
from lib.core.common import getUnicode
|
||||
@@ -187,13 +187,13 @@ class Metasploit:
|
||||
if __payloadStr == "windows/vncinject":
|
||||
choose = False
|
||||
|
||||
if getIdentifiedDBMS() == DBMS.MYSQL:
|
||||
if backend.getIdentifiedDbms() == DBMS.MYSQL:
|
||||
debugMsg = "by default MySQL on Windows runs as SYSTEM "
|
||||
debugMsg += "user, it is likely that the the VNC "
|
||||
debugMsg += "injection will be successful"
|
||||
logger.debug(debugMsg)
|
||||
|
||||
elif getIdentifiedDBMS() == DBMS.PGSQL:
|
||||
elif backend.getIdentifiedDbms() == DBMS.PGSQL:
|
||||
choose = True
|
||||
|
||||
warnMsg = "by default PostgreSQL on Windows runs as "
|
||||
@@ -201,12 +201,12 @@ class Metasploit:
|
||||
warnMsg += "injection will be successful"
|
||||
logger.warn(warnMsg)
|
||||
|
||||
elif getIdentifiedDBMS() == DBMS.MSSQL and kb.dbmsVersion[0] in ( "2005", "2008" ):
|
||||
elif backend.getIdentifiedDbms() == DBMS.MSSQL and backend.isVersionWithin(("2005", "2008")):
|
||||
choose = True
|
||||
|
||||
warnMsg = "it is unlikely that the VNC injection will be "
|
||||
warnMsg += "successful because usually Microsoft SQL Server "
|
||||
warnMsg += "%s runs as Network Service " % kb.dbmsVersion[0]
|
||||
warnMsg += "%s runs as Network Service " % backend.getVersion()
|
||||
warnMsg += "or the Administrator is not logged in"
|
||||
logger.warn(warnMsg)
|
||||
|
||||
@@ -230,12 +230,12 @@ class Metasploit:
|
||||
break
|
||||
|
||||
elif choice == "1":
|
||||
if getIdentifiedDBMS() == DBMS.PGSQL:
|
||||
if backend.getIdentifiedDbms() == DBMS.PGSQL:
|
||||
logger.warn("beware that the VNC injection might not work")
|
||||
|
||||
break
|
||||
|
||||
elif getIdentifiedDBMS() == DBMS.MSSQL and kb.dbmsVersion[0] in ( "2005", "2008" ):
|
||||
elif backend.getIdentifiedDbms() == DBMS.MSSQL and backend.isVersionWithin(("2005", "2008")):
|
||||
break
|
||||
|
||||
elif not choice.isdigit():
|
||||
@@ -555,7 +555,7 @@ class Metasploit:
|
||||
# This is useful for sqlmap because on PostgreSQL it is not
|
||||
# possible to write files bigger than 8192 bytes abusing the
|
||||
# lo_export() feature implemented in sqlmap.
|
||||
if getIdentifiedDBMS() == DBMS.PGSQL:
|
||||
if backend.getIdentifiedDbms() == DBMS.PGSQL:
|
||||
self.__fileFormat = "exe-small"
|
||||
else:
|
||||
self.__fileFormat = "exe"
|
||||
@@ -657,7 +657,7 @@ class Metasploit:
|
||||
self.__forgeMsfConsoleResource()
|
||||
self.__forgeMsfConsoleCmd()
|
||||
|
||||
if getIdentifiedDBMS() in ( DBMS.MYSQL, DBMS.PGSQL ):
|
||||
if backend.getIdentifiedDbms() in ( DBMS.MYSQL, DBMS.PGSQL ):
|
||||
self.uncPath = "\\\\\\\\%s\\\\%s" % (self.lhostStr, self.__randFile)
|
||||
else:
|
||||
self.uncPath = "\\\\%s\\%s" % (self.lhostStr, self.__randFile)
|
||||
|
||||
@@ -11,7 +11,7 @@ import os
|
||||
|
||||
from lib.core.agent import agent
|
||||
from lib.core.common import dataToStdout
|
||||
from lib.core.common import getIdentifiedDBMS
|
||||
from lib.core.common import backend
|
||||
from lib.core.common import isTechniqueAvailable
|
||||
from lib.core.common import readInput
|
||||
from lib.core.data import conf
|
||||
@@ -51,7 +51,7 @@ class UDF:
|
||||
def __checkExistUdf(self, udf):
|
||||
logger.info("checking if UDF '%s' already exist" % udf)
|
||||
|
||||
query = agent.forgeCaseStatement(queries[getIdentifiedDBMS()].check_udf.query % (udf, udf))
|
||||
query = agent.forgeCaseStatement(queries[backend.getIdentifiedDbms()].check_udf.query % (udf, udf))
|
||||
exists = inject.getValue(query, resumeValue=False, unpack=False, charsetType=2)
|
||||
|
||||
if exists == "1":
|
||||
@@ -104,7 +104,7 @@ class UDF:
|
||||
return output
|
||||
|
||||
def udfCheckNeeded(self):
|
||||
if ( not conf.rFile or ( conf.rFile and getIdentifiedDBMS() != DBMS.PGSQL ) ) and "sys_fileread" in self.sysUdfs:
|
||||
if ( not conf.rFile or ( conf.rFile and backend.getIdentifiedDbms() != DBMS.PGSQL ) ) and "sys_fileread" in self.sysUdfs:
|
||||
self.sysUdfs.pop("sys_fileread")
|
||||
|
||||
if not conf.osPwn:
|
||||
@@ -143,9 +143,9 @@ class UDF:
|
||||
if udf in self.udfToCreate and udf not in self.createdUdf:
|
||||
self.udfCreateFromSharedLib(udf, inpRet)
|
||||
|
||||
if getIdentifiedDBMS() == DBMS.MYSQL:
|
||||
if backend.getIdentifiedDbms() == DBMS.MYSQL:
|
||||
supportTblType = "longtext"
|
||||
elif getIdentifiedDBMS() == DBMS.PGSQL:
|
||||
elif backend.getIdentifiedDbms() == DBMS.PGSQL:
|
||||
supportTblType = "text"
|
||||
|
||||
self.udfCreateSupportTbl(supportTblType)
|
||||
@@ -156,8 +156,8 @@ class UDF:
|
||||
self.udfInjectCore(self.sysUdfs)
|
||||
|
||||
def udfInjectCustom(self):
|
||||
if getIdentifiedDBMS() not in ( DBMS.MYSQL, DBMS.PGSQL ):
|
||||
errMsg = "UDF injection feature is not yet implemented on %s" % getIdentifiedDBMS()
|
||||
if backend.getIdentifiedDbms() not in ( DBMS.MYSQL, DBMS.PGSQL ):
|
||||
errMsg = "UDF injection feature is not yet implemented on %s" % backend.getIdentifiedDbms()
|
||||
raise sqlmapUnsupportedFeatureException(errMsg)
|
||||
|
||||
if not isTechniqueAvailable(PAYLOAD.TECHNIQUE.STACKED) and not conf.direct:
|
||||
@@ -236,9 +236,9 @@ class UDF:
|
||||
else:
|
||||
logger.warn("you need to specify the name of the UDF")
|
||||
|
||||
if getIdentifiedDBMS() == DBMS.MYSQL:
|
||||
if backend.getIdentifiedDbms() == DBMS.MYSQL:
|
||||
defaultType = "string"
|
||||
elif getIdentifiedDBMS() == DBMS.PGSQL:
|
||||
elif backend.getIdentifiedDbms() == DBMS.PGSQL:
|
||||
defaultType = "text"
|
||||
|
||||
self.udfs[udfName]["input"] = []
|
||||
|
||||
@@ -7,6 +7,7 @@ Copyright (c) 2006-2010 sqlmap developers (http://sqlmap.sourceforge.net/)
|
||||
See the file 'doc/COPYING' for copying permission
|
||||
"""
|
||||
|
||||
from lib.core.common import backend
|
||||
from lib.core.common import randomStr
|
||||
from lib.core.common import readInput
|
||||
from lib.core.common import wasLastRequestDelayed
|
||||
@@ -29,7 +30,7 @@ class xp_cmdshell:
|
||||
def __xpCmdshellCreate(self):
|
||||
cmd = ""
|
||||
|
||||
if kb.dbmsVersion[0] in ( "2005", "2008" ):
|
||||
if backend.isVersionWithin(("2005", "2008")):
|
||||
logger.debug("activating sp_OACreate")
|
||||
|
||||
cmd += "EXEC master..sp_configure 'show advanced options', 1; "
|
||||
@@ -48,7 +49,7 @@ class xp_cmdshell:
|
||||
cmd += "EXEC sp_OADestroy @ID'; "
|
||||
cmd += "EXEC master..sp_executesql @%s;" % self.__randStr
|
||||
|
||||
if kb.dbmsVersion[0] in ( "2005", "2008" ):
|
||||
if backend.isVersionWithin(("2005", "2008")):
|
||||
cmd += " RECONFIGURE WITH OVERRIDE;"
|
||||
|
||||
inject.goStacked(cmd)
|
||||
@@ -80,7 +81,7 @@ class xp_cmdshell:
|
||||
return cmd
|
||||
|
||||
def __xpCmdshellConfigure(self, mode):
|
||||
if kb.dbmsVersion[0] in ( "2005", "2008" ):
|
||||
if backend.isVersionWithin(("2005", "2008")):
|
||||
cmd = self.__xpCmdshellConfigure2005(mode)
|
||||
else:
|
||||
cmd = self.__xpCmdshellConfigure2000(mode)
|
||||
|
||||
Reference in New Issue
Block a user