Major code refactoring - centralized all kb.dbms* info for both retrieval and set.

2025-12-09 22:21:30 +00:00 · 2011-01-19 23:06:15 +00:00
parent 4bdc19d879
commit bade0e3124
39 changed files with 915 additions and 810 deletions
--- a/lib/techniques/blind/inference.py
+++ b/lib/techniques/blind/inference.py
@@ -12,12 +12,13 @@ import time
 import traceback

 from lib.core.agent import agent
+from lib.core.common import backend
 from lib.core.common import dataToSessionFile
 from lib.core.common import dataToStdout
 from lib.core.common import decodeIntToUnicode
 from lib.core.common import filterControlChars
 from lib.core.common import getCharset
-from lib.core.common import getIdentifiedDBMS
+from lib.core.common import backend
 from lib.core.common import goGoodSamaritan
 from lib.core.common import getPartRun
 from lib.core.common import popValue
@@ -75,7 +76,7 @@ def bisection(payload, expression, length=None, charsetType=None, firstChar=None
    elif ( isinstance(lastChar, basestring) and lastChar.isdigit() ) or isinstance(lastChar, int):
        lastChar = int(lastChar)

-    if kb.dbmsDetected:
+    if backend.getDbms():
        _, _, _, _, _, _, fieldToCastStr, _ = agent.getFields(expression)
        nulledCastedField = agent.nullAndCastField(fieldToCastStr)
        expressionReplaced = expression.replace(fieldToCastStr, nulledCastedField, 1)
@@ -125,7 +126,7 @@ def bisection(payload, expression, length=None, charsetType=None, firstChar=None
        hintlock.release()

        if hintValue is not None and len(hintValue) >= idx:
-            if getIdentifiedDBMS() in (DBMS.SQLITE, DBMS.ACCESS, DBMS.MAXDB):
+            if backend.getIdentifiedDbms() in (DBMS.SQLITE, DBMS.ACCESS, DBMS.MAXDB):
                posValue = hintValue[idx-1]
            else:
                posValue = ord(hintValue[idx-1])
@@ -456,7 +457,7 @@ def bisection(payload, expression, length=None, charsetType=None, firstChar=None
                # check it via equal against the substring-query output
                if commonPattern is not None:
                    # Substring-query containing equals commonPattern
-                    subquery = queries[getIdentifiedDBMS()].substring.query % (expressionUnescaped, 1, len(commonPattern))
+                    subquery = queries[backend.getIdentifiedDbms()].substring.query % (expressionUnescaped, 1, len(commonPattern))
                    testValue = unescaper.unescape("'%s'" % commonPattern) if "'" not in commonPattern else unescaper.unescape("%s" % commonPattern, quote=False)
                    query = agent.prefixQuery(safeStringFormat("AND (%s) = %s", (subquery, testValue)))
                    query = agent.suffixQuery(query)
--- a/lib/techniques/brute/use.py
+++ b/lib/techniques/brute/use.py
@@ -15,7 +15,7 @@ from lib.core.common import dataToSessionFile
 from lib.core.common import dataToStdout
 from lib.core.common import filterListValue
 from lib.core.common import getFileItems
-from lib.core.common import getIdentifiedDBMS
+from lib.core.common import backend
 from lib.core.common import getPageTextWordsSet
 from lib.core.common import popValue
 from lib.core.common import pushValue
@@ -32,7 +32,7 @@ from lib.core.session import safeFormatString
 from lib.request import inject

 def tableExists(tableFile, regex=None):
-    tables = getFileItems(tableFile, lowercase=getIdentifiedDBMS() in (DBMS.ACCESS), unique=True)
+    tables = getFileItems(tableFile, lowercase=backend.getIdentifiedDbms() in (DBMS.ACCESS), unique=True)
    retVal = []

    infoMsg = "checking table existence using items from '%s'" % tableFile
--- a/lib/techniques/error/use.py
+++ b/lib/techniques/error/use.py
@@ -14,7 +14,7 @@ from lib.core.agent import agent
 from lib.core.common import calculateDeltaSeconds
 from lib.core.common import dataToSessionFile
 from lib.core.common import extractRegexResult
-from lib.core.common import getIdentifiedDBMS
+from lib.core.common import backend
 from lib.core.common import initTechnique
 from lib.core.common import isNumPosStrValue
 from lib.core.common import randomInt
@@ -40,7 +40,7 @@ def __oneShotErrorUse(expression, field):
    check = "%s(?P<result>.*?)%s" % (kb.misc.start, kb.misc.stop)
    nulledCastedField = agent.nullAndCastField(field)

-    if getIdentifiedDBMS() == DBMS.MYSQL:
+    if backend.getIdentifiedDbms() == DBMS.MYSQL:
        # Fix for MySQL odd behaviour ('Subquery returns more than 1 row')
        nulledCastedField = nulledCastedField.replace("AS CHAR)", "AS CHAR(100))")

@@ -142,14 +142,14 @@ def errorUse(expression, expected=None, resumeValue=True, dump=False):
    # entry per time
    # NOTE: I assume that only queries that get data from a table can
    # return multiple entries
-    if " FROM " in expression.upper() and ((getIdentifiedDBMS() not in FROM_TABLE) or (getIdentifiedDBMS() in FROM_TABLE and not expression.upper().endswith(FROM_TABLE[getIdentifiedDBMS()]))) and "EXISTS(" not in expression.upper():
-        limitRegExp = re.search(queries[getIdentifiedDBMS()].limitregexp.query, expression, re.I)
+    if " FROM " in expression.upper() and ((backend.getIdentifiedDbms() not in FROM_TABLE) or (backend.getIdentifiedDbms() in FROM_TABLE and not expression.upper().endswith(FROM_TABLE[backend.getIdentifiedDbms()]))) and "EXISTS(" not in expression.upper():
+        limitRegExp = re.search(queries[backend.getIdentifiedDbms()].limitregexp.query, expression, re.I)
        topLimit = re.search("TOP\s+([\d]+)\s+", expression, re.I)

-        if limitRegExp or (getIdentifiedDBMS() in (DBMS.MSSQL, DBMS.SYBASE) and topLimit):
-            if getIdentifiedDBMS() in (DBMS.MYSQL, DBMS.PGSQL):
-                limitGroupStart = queries[getIdentifiedDBMS()].limitgroupstart.query
-                limitGroupStop = queries[getIdentifiedDBMS()].limitgroupstop.query
+        if limitRegExp or (backend.getIdentifiedDbms() in (DBMS.MSSQL, DBMS.SYBASE) and topLimit):
+            if backend.getIdentifiedDbms() in (DBMS.MYSQL, DBMS.PGSQL):
+                limitGroupStart = queries[backend.getIdentifiedDbms()].limitgroupstart.query
+                limitGroupStop = queries[backend.getIdentifiedDbms()].limitgroupstop.query

                if limitGroupStart.isdigit():
                    startLimit = int(limitRegExp.group(int(limitGroupStart)))
@@ -157,10 +157,10 @@ def errorUse(expression, expected=None, resumeValue=True, dump=False):
                stopLimit = limitRegExp.group(int(limitGroupStop))
                limitCond = int(stopLimit) > 1

-            elif getIdentifiedDBMS() in (DBMS.MSSQL, DBMS.SYBASE):
+            elif backend.getIdentifiedDbms() in (DBMS.MSSQL, DBMS.SYBASE):
                if limitRegExp:
-                    limitGroupStart = queries[getIdentifiedDBMS()].limitgroupstart.query
-                    limitGroupStop = queries[getIdentifiedDBMS()].limitgroupstop.query
+                    limitGroupStart = queries[backend.getIdentifiedDbms()].limitgroupstart.query
+                    limitGroupStop = queries[backend.getIdentifiedDbms()].limitgroupstop.query

                    if limitGroupStart.isdigit():
                        startLimit = int(limitRegExp.group(int(limitGroupStart)))
@@ -172,7 +172,7 @@ def errorUse(expression, expected=None, resumeValue=True, dump=False):
                    stopLimit = int(topLimit.group(1))
                    limitCond = int(stopLimit) > 1

-            elif getIdentifiedDBMS() == DBMS.ORACLE:
+            elif backend.getIdentifiedDbms() == DBMS.ORACLE:
                limitCond = False
        else:
            limitCond = True
@@ -186,12 +186,12 @@ def errorUse(expression, expected=None, resumeValue=True, dump=False):

                # From now on we need only the expression until the " LIMIT "
                # (or similar, depending on the back-end DBMS) word
-                if getIdentifiedDBMS() in (DBMS.MYSQL, DBMS.PGSQL):
+                if backend.getIdentifiedDbms() in (DBMS.MYSQL, DBMS.PGSQL):
                    stopLimit += startLimit
-                    untilLimitChar = expression.index(queries[getIdentifiedDBMS()].limitstring.query)
+                    untilLimitChar = expression.index(queries[backend.getIdentifiedDbms()].limitstring.query)
                    expression = expression[:untilLimitChar]

-                elif getIdentifiedDBMS() in (DBMS.MSSQL, DBMS.SYBASE):
+                elif backend.getIdentifiedDbms() in (DBMS.MSSQL, DBMS.SYBASE):
                    stopLimit += startLimit
            elif dump:
                if conf.limitStart:
@@ -200,14 +200,14 @@ def errorUse(expression, expected=None, resumeValue=True, dump=False):
                    stopLimit = conf.limitStop

            if not stopLimit or stopLimit <= 1:
-                if getIdentifiedDBMS() in FROM_TABLE and expression.upper().endswith(FROM_TABLE[getIdentifiedDBMS()]):
+                if backend.getIdentifiedDbms() in FROM_TABLE and expression.upper().endswith(FROM_TABLE[backend.getIdentifiedDbms()]):
                    test = False
                else:
                    test = True

            if test:
                # Count the number of SQL query entries output
-                countFirstField = queries[getIdentifiedDBMS()].count.query % expressionFieldsList[0]
+                countFirstField = queries[backend.getIdentifiedDbms()].count.query % expressionFieldsList[0]
                countedExpression = expression.replace(expressionFields, countFirstField, 1)

                if re.search(" ORDER BY ", expression, re.I):
--- a/lib/techniques/inband/union/test.py
+++ b/lib/techniques/inband/union/test.py
@@ -12,7 +12,7 @@ import time
 from lib.core.agent import agent
 from lib.core.common import clearConsoleLine
 from lib.core.common import dataToStdout
-from lib.core.common import getIdentifiedDBMS
+from lib.core.common import backend
 from lib.core.common import getUnicode
 from lib.core.common import parseUnionPage
 from lib.core.common import randomStr
@@ -98,14 +98,14 @@ def __unionTestByCharBruteforce(comment, place, parameter, value, prefix, suffix
    query = agent.prefixQuery("UNION ALL SELECT %s" % conf.uChar)

    for count in range(conf.uColsStart, conf.uColsStop+1):
-        if getIdentifiedDBMS() in FROM_TABLE and query.endswith(FROM_TABLE[getIdentifiedDBMS()]):
-            query = query[:-len(FROM_TABLE[getIdentifiedDBMS()])]
+        if backend.getIdentifiedDbms() in FROM_TABLE and query.endswith(FROM_TABLE[backend.getIdentifiedDbms()]):
+            query = query[:-len(FROM_TABLE[backend.getIdentifiedDbms()])]

        if count:
            query += ", %s" % conf.uChar

-        if getIdentifiedDBMS() in FROM_TABLE:
-            query += FROM_TABLE[getIdentifiedDBMS()]
+        if backend.getIdentifiedDbms() in FROM_TABLE:
+            query += FROM_TABLE[backend.getIdentifiedDbms()]

        status = "%d/%d" % (count, conf.uColsStop)
        debugMsg = "testing %s columns (%d%%)" % (status, round(100.0*count/conf.uColsStop))
--- a/lib/techniques/inband/union/use.py
+++ b/lib/techniques/inband/union/use.py
@@ -14,7 +14,7 @@ from lib.core.agent import agent
 from lib.core.common import calculateDeltaSeconds
 from lib.core.common import clearConsoleLine
 from lib.core.common import dataToStdout
-from lib.core.common import getIdentifiedDBMS
+from lib.core.common import backend
 from lib.core.common import getUnicode
 from lib.core.common import initTechnique
 from lib.core.common import isNumPosStrValue
@@ -103,14 +103,14 @@ def unionUse(expression, direct=False, unescape=True, resetCounter=False, unpack
        # entry per time
        # NOTE: I assume that only queries that get data from a table can
        # return multiple entries
-        if " FROM " in expression.upper() and ((getIdentifiedDBMS() not in FROM_TABLE) or (getIdentifiedDBMS() in FROM_TABLE and not expression.upper().endswith(FROM_TABLE[getIdentifiedDBMS()]))) and "EXISTS(" not in expression.upper():
-            limitRegExp = re.search(queries[getIdentifiedDBMS()].limitregexp.query, expression, re.I)
+        if " FROM " in expression.upper() and ((backend.getIdentifiedDbms() not in FROM_TABLE) or (backend.getIdentifiedDbms() in FROM_TABLE and not expression.upper().endswith(FROM_TABLE[backend.getIdentifiedDbms()]))) and "EXISTS(" not in expression.upper():
+            limitRegExp = re.search(queries[backend.getIdentifiedDbms()].limitregexp.query, expression, re.I)
            topLimit = re.search("TOP\s+([\d]+)\s+", expression, re.I)

-            if limitRegExp or (getIdentifiedDBMS() in (DBMS.MSSQL, DBMS.SYBASE) and topLimit):
-                if getIdentifiedDBMS() in (DBMS.MYSQL, DBMS.PGSQL):
-                    limitGroupStart = queries[getIdentifiedDBMS()].limitgroupstart.query
-                    limitGroupStop = queries[getIdentifiedDBMS()].limitgroupstop.query
+            if limitRegExp or (backend.getIdentifiedDbms() in (DBMS.MSSQL, DBMS.SYBASE) and topLimit):
+                if backend.getIdentifiedDbms() in (DBMS.MYSQL, DBMS.PGSQL):
+                    limitGroupStart = queries[backend.getIdentifiedDbms()].limitgroupstart.query
+                    limitGroupStop = queries[backend.getIdentifiedDbms()].limitgroupstop.query

                    if limitGroupStart.isdigit():
                        startLimit = int(limitRegExp.group(int(limitGroupStart)))
@@ -118,10 +118,10 @@ def unionUse(expression, direct=False, unescape=True, resetCounter=False, unpack
                    stopLimit = limitRegExp.group(int(limitGroupStop))
                    limitCond = int(stopLimit) > 1

-                elif getIdentifiedDBMS() in (DBMS.MSSQL, DBMS.SYBASE):
+                elif backend.getIdentifiedDbms() in (DBMS.MSSQL, DBMS.SYBASE):
                    if limitRegExp:
-                        limitGroupStart = queries[getIdentifiedDBMS()].limitgroupstart.query
-                        limitGroupStop = queries[getIdentifiedDBMS()].limitgroupstop.query
+                        limitGroupStart = queries[backend.getIdentifiedDbms()].limitgroupstart.query
+                        limitGroupStop = queries[backend.getIdentifiedDbms()].limitgroupstop.query

                        if limitGroupStart.isdigit():
                            startLimit = int(limitRegExp.group(int(limitGroupStart)))
@@ -133,7 +133,7 @@ def unionUse(expression, direct=False, unescape=True, resetCounter=False, unpack
                        stopLimit = int(topLimit.group(1))
                        limitCond = int(stopLimit) > 1

-                elif getIdentifiedDBMS() == DBMS.ORACLE:
+                elif backend.getIdentifiedDbms() == DBMS.ORACLE:
                    limitCond = False
            else:
                limitCond = True
@@ -147,12 +147,12 @@ def unionUse(expression, direct=False, unescape=True, resetCounter=False, unpack

                    # From now on we need only the expression until the " LIMIT "
                    # (or similar, depending on the back-end DBMS) word
-                    if getIdentifiedDBMS() in (DBMS.MYSQL, DBMS.PGSQL):
+                    if backend.getIdentifiedDbms() in (DBMS.MYSQL, DBMS.PGSQL):
                        stopLimit += startLimit
-                        untilLimitChar = expression.index(queries[getIdentifiedDBMS()].limitstring.query)
+                        untilLimitChar = expression.index(queries[backend.getIdentifiedDbms()].limitstring.query)
                        expression = expression[:untilLimitChar]

-                    elif getIdentifiedDBMS() in (DBMS.MSSQL, DBMS.SYBASE):
+                    elif backend.getIdentifiedDbms() in (DBMS.MSSQL, DBMS.SYBASE):
                        stopLimit += startLimit
                elif dump:
                    if conf.limitStart:
@@ -161,14 +161,14 @@ def unionUse(expression, direct=False, unescape=True, resetCounter=False, unpack
                        stopLimit = conf.limitStop

                if not stopLimit or stopLimit <= 1:
-                    if getIdentifiedDBMS() in FROM_TABLE and expression.upper().endswith(FROM_TABLE[getIdentifiedDBMS()]):
+                    if backend.getIdentifiedDbms() in FROM_TABLE and expression.upper().endswith(FROM_TABLE[backend.getIdentifiedDbms()]):
                        test = False
                    else:
                        test = True

                if test:
                    # Count the number of SQL query entries output
-                    countFirstField = queries[getIdentifiedDBMS()].count.query % expressionFieldsList[0]
+                    countFirstField = queries[backend.getIdentifiedDbms()].count.query % expressionFieldsList[0]
                    countedExpression = origExpr.replace(expressionFields, countFirstField, 1)

                    if re.search(" ORDER BY ", expression, re.I):
@@ -216,9 +216,9 @@ def unionUse(expression, direct=False, unescape=True, resetCounter=False, unpack

                    try:
                        for num in xrange(startLimit, stopLimit):
-                            if getIdentifiedDBMS() in (DBMS.MSSQL, DBMS.SYBASE):
+                            if backend.getIdentifiedDbms() in (DBMS.MSSQL, DBMS.SYBASE):
                                field = expressionFieldsList[0]
-                            elif getIdentifiedDBMS() == DBMS.ORACLE:
+                            elif backend.getIdentifiedDbms() == DBMS.ORACLE:
                                field = expressionFieldsList
                            else:
                                field = None