PenTest/sqlmap
1
0
Fork 0
mirror of https://github.com/sqlmapproject/sqlmap.git synced 2025-12-07 13:11:29 +00:00
Code Issues Projects Releases Wiki Activity

Major code refactoring - centralized all kb.dbms* info for both retrieval and set.

Browse Source
This commit is contained in:
Bernardo Damele
2011-01-19 23:06:15 +00:00
parent 4bdc19d879
commit bade0e3124
39 changed files with 915 additions and 810 deletions
Download Patch File Download Diff File Expand all files Collapse all files

65
plugins/dbms/access/fingerprint.py
View File

@@ -10,10 +10,9 @@ See the file 'doc/COPYING' for copying permission
import re
from lib.core.agent import agent
from lib.core.common import formatDBMSfp
from lib.core.common import formatFingerprint
from lib.core.common import backend
from lib.core.common import format
from lib.core.common import getCurrentThreadData
from lib.core.common import getErrorParsedDBMSesFormatted
from lib.core.common import randomInt
from lib.core.common import randomStr
from lib.core.common import wasLastRequestDBMSError
@@ -38,14 +37,15 @@ class Fingerprint(GenericFingerprint):
# Reference: http://milw0rm.com/papers/198
retVal = None
table = None
if kb.dbmsVersion and len(kb.dbmsVersion) > 0:
if kb.dbmsVersion[0] in ("97", "2000"):
table = "MSysAccessObjects"
elif kb.dbmsVersion[0] in ("2002-2003", "2007"):
table = "MSysAccessStorage"
if table:
result = inject.checkBooleanExpression("EXISTS(SELECT CURDIR() FROM %s)" % table)
retVal = "not sandboxed" if result else "sandboxed"
if backend.isVersionWithin(("97", "2000")):
table = "MSysAccessObjects"
elif backend.isVersionWithin(("2002-2003", "2007")):
table = "MSysAccessStorage"
if table is not None:
result = inject.checkBooleanExpression("EXISTS(SELECT CURDIR() FROM %s)" % table)
retVal = "not sandboxed" if result else "sandboxed"
return retVal
@@ -55,30 +55,37 @@ class Fingerprint(GenericFingerprint):
# Microsoft Access table reference updated on 01/2010
sysTables = {
"97": ("MSysModules2", "MSysAccessObjects"),
"2000" : ("!MSysModules2", "MSysAccessObjects"),
"2002-2003" : ("MSysAccessStorage", "!MSysNavPaneObjectIDs"),
"2007" : ("MSysAccessStorage", "MSysNavPaneObjectIDs")
"97": ("MSysModules2", "MSysAccessObjects"),
"2000" : ("!MSysModules2", "MSysAccessObjects"),
"2002-2003" : ("MSysAccessStorage", "!MSysNavPaneObjectIDs"),
"2007" : ("MSysAccessStorage", "MSysNavPaneObjectIDs")
}
# MSysAccessXML is not a reliable system table because it doesn't always exist
# ("Access through Access", p6, should be "normally doesn't exist" instead of "is normally empty")
for version, tables in sysTables.items():
exist = True
for table in tables:
negate = False
if table[0] == '!':
negate = True
table = table[1:]
randInt = randomInt()
result = inject.checkBooleanExpression("EXISTS(SELECT * FROM %s WHERE %d=%d)" % (table, randInt, randInt))
if result is None:
result = False
if negate:
result = not result
exist &= result
if not exist:
break
if exist:
return version
@@ -108,13 +115,13 @@ class Fingerprint(GenericFingerprint):
def getFingerprint(self):
value = ""
wsOsFp = formatFingerprint("web server", kb.headersFp)
wsOsFp = format.getOs("web server", kb.headersFp)
if wsOsFp:
value += "%s\n" % wsOsFp
if kb.data.banner:
dbmsOsFp = formatFingerprint("back-end DBMS", kb.bannerFp)
dbmsOsFp = format.getOs("back-end DBMS", kb.bannerFp)
if dbmsOsFp:
value += "%s\n" % dbmsOsFp
@@ -122,7 +129,7 @@ class Fingerprint(GenericFingerprint):
value += "back-end DBMS: "
if not conf.extensiveFp:
value += "Microsoft Access"
value += DBMS.ACCESS
return value
actVer = formatDBMSfp() + " (%s)" % (self.__sandBoxCheck())
@@ -138,7 +145,7 @@ class Fingerprint(GenericFingerprint):
banVer = formatDBMSfp([banVer])
value += "\n%sbanner parsing fingerprint: %s" % (blank, banVer)
htmlErrorFp = getErrorParsedDBMSesFormatted()
htmlErrorFp = format.getErrorParsedDBMSes()
if htmlErrorFp:
value += "\n%shtml error message fingerprint: %s" % (blank, htmlErrorFp)
@@ -148,37 +155,43 @@ class Fingerprint(GenericFingerprint):
return value
def checkDbms(self):
if not conf.extensiveFp and (kb.dbms is not None and kb.dbms.lower() in ACCESS_ALIASES) or conf.dbms in ACCESS_ALIASES:
if not conf.extensiveFp and (backend.isDbmsWithin(ACCESS_ALIASES) or conf.dbms in ACCESS_ALIASES):
setDbms(DBMS.ACCESS)
return True
logMsg = "testing Microsoft Access"
logMsg = "testing %s" % DBMS.ACCESS
logger.info(logMsg)
result = inject.checkBooleanExpression("VAL(CVAR(1))=1")
if result:
logMsg = "confirming Microsoft Access"
logMsg = "confirming %s" % DBMS.ACCESS
logger.info(logMsg)
result = inject.checkBooleanExpression("IIF(ATN(2)>0,1,0) BETWEEN 2 AND 0")
if not result:
warnMsg = "the back-end DBMS is not Microsoft Access"
warnMsg = "the back-end DBMS is not %s" % DBMS.ACCESS
logger.warn(warnMsg)
return False
setDbms("Microsoft Access")
setDbms(DBMS.ACCESS)
if not conf.extensiveFp:
return True
kb.dbmsVersion = [self.__sysTablesCheck()]
infoMsg = "actively fingerprinting %s" % DBMS.ACCESS
logger.info(infoMsg)
version = self.__sysTablesCheck()
if version is not None:
backend.setVersion(version)
return True
else:
warnMsg = "the back-end DBMS is not Microsoft Access"
warnMsg = "the back-end DBMS is not %s" % DBMS.ACCESS
logger.warn(warnMsg)
return False

36
plugins/dbms/firebird/fingerprint.py
View File

@@ -10,10 +10,8 @@ See the file 'doc/COPYING' for copying permission
import re
from lib.core.agent import agent
from lib.core.common import formatDBMSfp
from lib.core.common import formatFingerprint
from lib.core.common import getErrorParsedDBMSesFormatted
from lib.core.common import getIdentifiedDBMS
from lib.core.common import backend
from lib.core.common import format
from lib.core.common import getUnicode
from lib.core.common import randomInt
from lib.core.common import randomRange
@@ -35,13 +33,13 @@ class Fingerprint(GenericFingerprint):
def getFingerprint(self):
value = ""
wsOsFp = formatFingerprint("web server", kb.headersFp)
wsOsFp = format.getOs("web server", kb.headersFp)
if wsOsFp:
value += "%s\n" % wsOsFp
if kb.data.banner:
dbmsOsFp = formatFingerprint("back-end DBMS", kb.bannerFp)
dbmsOsFp = format.getOs("back-end DBMS", kb.bannerFp)
if dbmsOsFp:
value += "%s\n" % dbmsOsFp
@@ -65,7 +63,7 @@ class Fingerprint(GenericFingerprint):
banVer = formatDBMSfp([banVer])
value += "\n%sbanner parsing fingerprint: %s" % (blank, banVer)
htmlErrorFp = getErrorParsedDBMSesFormatted()
htmlErrorFp = format.getErrorParsedDBMSes()
if htmlErrorFp:
value += "\n%shtml error message fingerprint: %s" % (blank, htmlErrorFp)
@@ -84,13 +82,15 @@ class Fingerprint(GenericFingerprint):
for i in xrange(len(table)):
version, checks = table[i]
failed = False
check = checks[randomRange(0,len(checks)-1)].replace("%d", getUnicode(randomRange(1,100)))
check = checks[randomRange(0, len(checks)-1)].replace("%d", getUnicode(randomRange(1,100)))
result = inject.checkBooleanExpression(check)
if result:
retVal = version
else:
failed = True
break
if failed:
break
@@ -99,14 +99,14 @@ class Fingerprint(GenericFingerprint):
def __dialectCheck(self):
retVal = None
if getIdentifiedDBMS():
if backend.getIdentifiedDbms():
result = inject.checkBooleanExpression("EXISTS(SELECT CURRENT_DATE FROM RDB$DATABASE)")
retVal = "dialect 3" if result else "dialect 1"
return retVal
def checkDbms(self):
if not conf.extensiveFp and (kb.dbms is not None and kb.dbms.lower() in FIREBIRD_ALIASES) or conf.dbms in FIREBIRD_ALIASES:
if not conf.extensiveFp and (backend.isDbmsWithin(FIREBIRD_ALIASES) or conf.dbms in FIREBIRD_ALIASES):
setDbms(DBMS.FIREBIRD)
self.getBanner()
@@ -114,33 +114,39 @@ class Fingerprint(GenericFingerprint):
if not conf.extensiveFp:
return True
logMsg = "testing Firebird"
logMsg = "testing %s" % DBMS.FIREBIRD
logger.info(logMsg)
randInt = randomInt()
result = inject.checkBooleanExpression("EXISTS(SELECT * FROM RDB$DATABASE WHERE %d=%d)" % (randInt, randInt))
if result:
logMsg = "confirming Firebird"
logMsg = "confirming %s" % DBMS.FIREBIRD
logger.info(logMsg)
result = inject.checkBooleanExpression("EXISTS(SELECT CURRENT_USER FROM RDB$DATABASE)")
if not result:
warnMsg = "the back-end DBMS is not Firebird"
warnMsg = "the back-end DBMS is not %s" % DBMS.FIREBIRD
logger.warn(warnMsg)
return False
setDbms(DBMS.FIREBIRD)
kb.dbmsVersion = [self.__sysTablesCheck()]
infoMsg = "actively fingerprinting %s" % DBMS.FIREBIRD
logger.info(infoMsg)
version = self.__sysTablesCheck()
if version is not None:
backend.setVersion(version)
self.getBanner()
return True
else:
warnMsg = "the back-end DBMS is not Firebird"
warnMsg = "the back-end DBMS is not %s" % DBMS.FIREBIRD
logger.warn(warnMsg)
return False

28
plugins/dbms/maxdb/fingerprint.py
View File

@@ -10,9 +10,8 @@ See the file 'doc/COPYING' for copying permission
import re
from lib.core.agent import agent
from lib.core.common import formatDBMSfp
from lib.core.common import formatFingerprint
from lib.core.common import getErrorParsedDBMSesFormatted
from lib.core.common import backend
from lib.core.common import format
from lib.core.common import randomInt
from lib.core.common import randomRange
from lib.core.data import conf
@@ -32,7 +31,7 @@ class Fingerprint(GenericFingerprint):
GenericFingerprint.__init__(self, DBMS.MAXDB)
def __versionCheck(self):
infoMsg = "executing SAP MaxDB SYSINFO version check"
infoMsg = "executing %s SYSINFO version check" % DBMS.MAXDB
logger.info(infoMsg)
query = agent.prefixQuery("/* NoValue */")
@@ -41,7 +40,7 @@ class Fingerprint(GenericFingerprint):
result = Request.queryPage(payload)
if not result:
warnMsg = "unable to perform SAP MaxDB version check"
warnMsg = "unable to perform %s version check" % DBMS.MAXDB
logger.warn(warnMsg)
return None
@@ -67,13 +66,13 @@ class Fingerprint(GenericFingerprint):
def getFingerprint(self):
value = ""
wsOsFp = formatFingerprint("web server", kb.headersFp)
wsOsFp = format.getOs("web server", kb.headersFp)
if wsOsFp:
value += "%s\n" % wsOsFp
if kb.data.banner:
dbmsOsFp = formatFingerprint("back-end DBMS", kb.bannerFp)
dbmsOsFp = format.getOs("back-end DBMS", kb.bannerFp)
if dbmsOsFp:
value += "%s\n" % dbmsOsFp
@@ -92,7 +91,7 @@ class Fingerprint(GenericFingerprint):
if kb.bannerFp:
value += "\n%sbanner parsing fingerprint: -" % blank
htmlErrorFp = getErrorParsedDBMSesFormatted()
htmlErrorFp = format.getErrorParsedDBMSes()
if htmlErrorFp:
value += "\n%shtml error message fingerprint: %s" % (blank, htmlErrorFp)
@@ -100,27 +99,27 @@ class Fingerprint(GenericFingerprint):
return value
def checkDbms(self):
if not conf.extensiveFp and (kb.dbms is not None and kb.dbms.lower() in MAXDB_ALIASES) or conf.dbms in MAXDB_ALIASES:
if not conf.extensiveFp and (backend.isDbmsWithin(MAXDB_ALIASES) or conf.dbms in MAXDB_ALIASES):
setDbms(DBMS.MAXDB)
self.getBanner()
return True
logMsg = "testing SAP MaxDB"
logMsg = "testing %s" % DBMS.MAXDB
logger.info(logMsg)
randInt = randomInt()
result = inject.checkBooleanExpression("%d=NOROUND(%d)" % (randInt, randInt))
if result:
logMsg = "confirming SAP MaxDB"
logMsg = "confirming %s" % DBMS.MAXDB
logger.info(logMsg)
result = inject.checkBooleanExpression("MAPCHAR(NULL,1,DEFAULTMAP) IS NULL")
if not result:
warnMsg = "the back-end DBMS is not SAP MaxDB"
warnMsg = "the back-end DBMS is not %s" % DBMS.MAXDB
logger.warn(warnMsg)
return False
@@ -129,12 +128,9 @@ class Fingerprint(GenericFingerprint):
self.getBanner()
if not conf.extensiveFp:
return True
return True
else:
warnMsg = "the back-end DBMS is not SAP MaxDB"
warnMsg = "the back-end DBMS is not %s" % DBMS.MAXDB
logger.warn(warnMsg)
return False

8
plugins/dbms/mssqlserver/enumeration.py
View File

@@ -9,7 +9,7 @@ See the file 'doc/COPYING' for copying permission
from lib.core.agent import agent
from lib.core.common import arrayizeValue
from lib.core.common import getIdentifiedDBMS
from lib.core.common import backend
from lib.core.common import getRange
from lib.core.common import isNumPosStrValue
from lib.core.common import isTechniqueAvailable
@@ -41,7 +41,7 @@ class Enumeration(GenericEnumeration):
infoMsg += " for database '%s'" % conf.db
logger.info(infoMsg)
rootQuery = queries[getIdentifiedDBMS()].tables
rootQuery = queries[backend.getIdentifiedDbms()].tables
if not conf.db:
if not len(kb.data.cachedDbs):
@@ -111,7 +111,7 @@ class Enumeration(GenericEnumeration):
return kb.data.cachedTables
def searchTable(self):
rootQuery = queries[getIdentifiedDBMS()].search_table
rootQuery = queries[backend.getIdentifiedDbms()].search_table
foundTbls = {}
tblList = conf.tbl.split(",")
tblCond = rootQuery.inband.condition
@@ -195,7 +195,7 @@ class Enumeration(GenericEnumeration):
return foundTbls
def searchColumn(self):
rootQuery = queries[getIdentifiedDBMS()].search_column
rootQuery = queries[backend.getIdentifiedDbms()].search_column
foundCols = {}
dbs = {}
colList = conf.col.split(",")

40
plugins/dbms/mssqlserver/fingerprint.py
View File

@@ -8,9 +8,8 @@ See the file 'doc/COPYING' for copying permission
"""
from lib.core.agent import agent
from lib.core.common import formatDBMSfp
from lib.core.common import formatFingerprint
from lib.core.common import getErrorParsedDBMSesFormatted
from lib.core.common import backend
from lib.core.common import format
from lib.core.common import getUnicode
from lib.core.common import randomInt
from lib.core.data import conf
@@ -31,13 +30,13 @@ class Fingerprint(GenericFingerprint):
def getFingerprint(self):
value = ""
wsOsFp = formatFingerprint("web server", kb.headersFp)
wsOsFp = format.getOs("web server", kb.headersFp)
if wsOsFp:
value += "%s\n" % wsOsFp
if kb.data.banner:
dbmsOsFp = formatFingerprint("back-end DBMS", kb.bannerFp)
dbmsOsFp = format.getOs("back-end DBMS", kb.bannerFp)
if dbmsOsFp:
value += "%s\n" % dbmsOsFp
@@ -58,13 +57,13 @@ class Fingerprint(GenericFingerprint):
servicepack = kb.bannerFp["dbmsServicePack"] if 'dbmsServicePack' in kb.bannerFp else None
if release and version and servicepack:
banVer = "Microsoft SQL Server %s " % release
banVer = "%s %s " % (DBMS.MSSQL, release)
banVer += "Service Pack %s " % servicepack
banVer += "version %s" % version
value += "\n%sbanner parsing fingerprint: %s" % (blank, banVer)
htmlErrorFp = getErrorParsedDBMSesFormatted()
htmlErrorFp = format.getErrorParsedDBMSes()
if htmlErrorFp:
value += "\n%shtml error message fingerprint: %s" % (blank, htmlErrorFp)
@@ -72,10 +71,10 @@ class Fingerprint(GenericFingerprint):
return value
def checkDbms(self):
if not conf.extensiveFp and ((kb.dbms is not None and kb.dbms.lower() in MSSQL_ALIASES) \
or conf.dbms in MSSQL_ALIASES) and kb.dbmsVersion and \
kb.dbmsVersion[0].isdigit():
setDbms("%s %s" % (DBMS.MSSQL, kb.dbmsVersion[0]))
if not conf.extensiveFp and (backend.isDbmsWithin(MSSQL_ALIASES) \
or conf.dbms in MSSQL_ALIASES) and backend.getVersion() and \
backend.getVersion().isdigit():
setDbms("%s %s" % (DBMS.MSSQL, backend.getVersion()))
self.getBanner()
@@ -83,7 +82,7 @@ class Fingerprint(GenericFingerprint):
return True
infoMsg = "testing Microsoft SQL Server"
infoMsg = "testing %s" % DBMS.MSSQL
logger.info(infoMsg)
# NOTE: SELECT LEN(@@VERSION)=LEN(@@VERSION) FROM DUAL does not
@@ -95,20 +94,19 @@ class Fingerprint(GenericFingerprint):
result = inject.checkBooleanExpression("BINARY_CHECKSUM(%d)=BINARY_CHECKSUM(%d)" % (randInt, randInt))
if result:
infoMsg = "confirming Microsoft SQL Server"
infoMsg = "confirming %s" % DBMS.MSSQL
logger.info(infoMsg)
for version, check in [\
("2000", "HOST_NAME()=HOST_NAME()"),\
("2005", "XACT_STATE()=XACT_STATE()"),\
("2008", "SYSDATETIME()=SYSDATETIME()") ]:
for version, check in [ ("2000", "HOST_NAME()=HOST_NAME()"), \
("2005", "XACT_STATE()=XACT_STATE()"), \
("2008", "SYSDATETIME()=SYSDATETIME()") ]:
result = inject.checkBooleanExpression(check)
if result:
kb.dbmsVersion = [version]
backend.setVersion(version)
if kb.dbmsVersion:
setDbms("%s %s" % (DBMS.MSSQL, kb.dbmsVersion[0]))
if backend.getVersion():
setDbms("%s %s" % (DBMS.MSSQL, backend.getVersion()))
else:
setDbms(DBMS.MSSQL)
@@ -118,7 +116,7 @@ class Fingerprint(GenericFingerprint):
return True
else:
warnMsg = "the back-end DBMS is not Microsoft SQL Server"
warnMsg = "the back-end DBMS is not %s" % DBMS.MSSQL
logger.warn(warnMsg)
return False

101
plugins/dbms/mysql/fingerprint.py
View File

@@ -10,9 +10,8 @@ See the file 'doc/COPYING' for copying permission
import re
from lib.core.agent import agent
from lib.core.common import formatDBMSfp
from lib.core.common import formatFingerprint
from lib.core.common import getErrorParsedDBMSesFormatted
from lib.core.common import backend
from lib.core.common import format
from lib.core.common import getUnicode
from lib.core.common import randomInt
from lib.core.data import conf
@@ -33,14 +32,14 @@ class Fingerprint(GenericFingerprint):
GenericFingerprint.__init__(self, DBMS.MYSQL)
def __commentCheck(self):
infoMsg = "executing MySQL comment injection fingerprint"
infoMsg = "executing %s comment injection fingerprint" % DBMS.MYSQL
logger.info(infoMsg)
randInt = randomInt()
result = inject.checkBooleanExpression("%d=%d/* NoValue */" % (randInt, randInt))
if not result:
warnMsg = "unable to perform MySQL comment injection"
warnMsg = "unable to perform %s comment injection" % DBMS.MYSQL
logger.warn(warnMsg)
return None
@@ -98,19 +97,19 @@ class Fingerprint(GenericFingerprint):
def getFingerprint(self):
value = ""
wsOsFp = formatFingerprint("web server", kb.headersFp)
wsOsFp = format.getOs("web server", kb.headersFp)
if wsOsFp:
value += "%s\n" % wsOsFp
if kb.data.banner:
dbmsOsFp = formatFingerprint("back-end DBMS", kb.bannerFp)
dbmsOsFp = format.getOs("back-end DBMS", kb.bannerFp)
if dbmsOsFp:
value += "%s\n" % dbmsOsFp
value += "back-end DBMS: "
actVer = formatDBMSfp()
value += "back-end DBMS: "
actVer = format.getDbms()
if not conf.extensiveFp:
value += actVer
@@ -121,7 +120,7 @@ class Fingerprint(GenericFingerprint):
value += "active fingerprint: %s" % actVer
if comVer:
comVer = formatDBMSfp([comVer])
comVer = format.getDbms([comVer])
value += "\n%scomment injection fingerprint: %s" % (blank, comVer)
if kb.bannerFp:
@@ -130,10 +129,10 @@ class Fingerprint(GenericFingerprint):
if re.search("-log$", kb.data.banner):
banVer += ", logging enabled"
banVer = formatDBMSfp([banVer])
banVer = format.getDbms([banVer])
value += "\n%sbanner parsing fingerprint: %s" % (blank, banVer)
htmlErrorFp = getErrorParsedDBMSesFormatted()
htmlErrorFp = format.getErrorParsedDBMSes()
if htmlErrorFp:
value += "\n%shtml error message fingerprint: %s" % (blank, htmlErrorFp)
@@ -151,36 +150,38 @@ class Fingerprint(GenericFingerprint):
* http://dev.mysql.com/doc/refman/6.0/en/news-6-0-x.html (manual has been withdrawn)
"""
if not conf.extensiveFp and ((kb.dbms is not None and kb.dbms.lower() in MYSQL_ALIASES) \
or conf.dbms in MYSQL_ALIASES) and kb.dbmsVersion and \
kb.dbmsVersion[0] != UNKNOWN_DBMS_VERSION:
kb.dbmsVersion[0] = kb.dbmsVersion[0].replace(">", "")
kb.dbmsVersion[0] = kb.dbmsVersion[0].replace("=", "")
kb.dbmsVersion[0] = kb.dbmsVersion[0].replace(" ", "")
if not conf.extensiveFp and (backend.isDbmsWithin(MYSQL_ALIASES) \
or conf.dbms in MYSQL_ALIASES) and backend.getVersion() and \
backend.getVersion() != UNKNOWN_DBMS_VERSION:
v = backend.getVersion().replace(">", "")
v = v.replace("=", "")
v = v.replace(" ", "")
setDbms("%s %s" % (DBMS.MYSQL, kb.dbmsVersion[0]))
backend.setVersion(v)
if str(kb.dbmsVersion[0]) >= '5':
setDbms("%s %s" % (DBMS.MYSQL, backend.getVersion()))
if backend.isVersionGreaterOrEqualThan("5"):
kb.data.has_information_schema = True
self.getBanner()
return True
infoMsg = "testing MySQL"
infoMsg = "testing %s" % DBMS.MYSQL
logger.info(infoMsg)
randInt = getUnicode(randomInt(1))
result = inject.checkBooleanExpression("CONNECTION_ID()=CONNECTION_ID()")
if result:
infoMsg = "confirming MySQL"
infoMsg = "confirming %s" % DBMS.MYSQL
logger.info(infoMsg)
result = inject.checkBooleanExpression("USER()=USER()")
if not result:
warnMsg = "the back-end DBMS is not MySQL"
warnMsg = "the back-end DBMS is not %s" % DBMS.MYSQL
logger.warn(warnMsg)
return False
@@ -189,52 +190,55 @@ class Fingerprint(GenericFingerprint):
#if inject.checkBooleanExpression("%s=(SELECT %s FROM information_schema.TABLES LIMIT 0, 1)" % (randInt, randInt)):
if inject.checkBooleanExpression("EXISTS(SELECT %s FROM information_schema.TABLES)" % randInt):
kb.data.has_information_schema = True
kb.dbmsVersion = [">= 5.0.0"]
backend.setVersion(">= 5.0.0")
setDbms("%s 5" % DBMS.MYSQL)
self.getBanner()
if not conf.extensiveFp:
return True
infoMsg = "actively fingerprinting %s" % DBMS.MYSQL
logger.info(infoMsg)
# Check if it is MySQL >= 5.5.0
if inject.checkBooleanExpression("TO_SECONDS(950501)>0"):
kb.dbmsVersion = [">= 5.5.0"]
backend.setVersion(">= 5.5.0")
# Check if it is MySQL >= 5.1.2 and < 5.5.0
elif inject.checkBooleanExpression("@@table_open_cache=@@table_open_cache"):
if inject.checkBooleanExpression("%s=(SELECT %s FROM information_schema.GLOBAL_STATUS LIMIT 0, 1)" % (randInt, randInt)):
kb.dbmsVersion = [">= 5.1.12", "< 5.5.0"]
backend.setVersionList([">= 5.1.12", "< 5.5.0"])
elif inject.checkBooleanExpression("%s=(SELECT %s FROM information_schema.PROCESSLIST LIMIT 0, 1)" % (randInt,randInt)):
kb.dbmsVersion = [">= 5.1.7", "< 5.1.12"]
backend.setVersionList([">= 5.1.7", "< 5.1.12"])
elif inject.checkBooleanExpression("%s=(SELECT %s FROM information_schema.PARTITIONS LIMIT 0, 1)" % (randInt, randInt)):
kb.dbmsVersion = ["= 5.1.6"]
backend.setVersion("= 5.1.6")
elif inject.checkBooleanExpression("%s=(SELECT %s FROM information_schema.PLUGINS LIMIT 0, 1)" % (randInt, randInt)):
kb.dbmsVersion = [">= 5.1.5", "< 5.1.6"]
backend.setVersionList([">= 5.1.5", "< 5.1.6"])
else:
kb.dbmsVersion = [">= 5.1.2", "< 5.1.5"]
backend.setVersionList([">= 5.1.2", "< 5.1.5"])
# Check if it is MySQL >= 5.0.0 and < 5.1.2
elif inject.checkBooleanExpression("@@hostname=@@hostname"):
kb.dbmsVersion = [">= 5.0.38", "< 5.1.2"]
backend.setVersionList([">= 5.0.38", "< 5.1.2"])
elif inject.checkBooleanExpression("@@character_set_filesystem=@@character_set_filesystem"):
kb.dbmsVersion = [">= 5.0.19", "< 5.0.38"]
backend.setVersionList([">= 5.0.19", "< 5.0.38"])
elif not inject.checkBooleanExpression("%s=(SELECT %s FROM DUAL WHERE %s!=%s)" % (randInt, randInt, randInt, randInt)):
kb.dbmsVersion = [">= 5.0.11", "< 5.0.19"]
backend.setVersionList([">= 5.0.11", "< 5.0.19"])
elif inject.checkBooleanExpression("@@div_precision_increment=@@div_precision_increment"):
kb.dbmsVersion = [">= 5.0.6", "< 5.0.11"]
backend.setVersionList([">= 5.0.6", "< 5.0.11"])
elif inject.checkBooleanExpression("@@automatic_sp_privileges=@@automatic_sp_privileges"):
kb.dbmsVersion = [">= 5.0.3", "< 5.0.6"]
backend.setVersionList([">= 5.0.3", "< 5.0.6"])
else:
kb.dbmsVersion = [">= 5.0.0", "< 5.0.3"]
backend.setVersionList([">= 5.0.0", "< 5.0.3"])
# For cases when information_schema is missing
elif inject.checkBooleanExpression("DATABASE() LIKE SCHEMA()"):
kb.dbmsVersion = [">= 5.0.2"]
backend.setVersion(">= 5.0.2")
setDbms("%s 5" % DBMS.MYSQL)
self.getBanner()
elif inject.checkBooleanExpression("STRCMP(LOWER(CURRENT_USER()), UPPER(CURRENT_USER()))=0"):
kb.dbmsVersion = ["< 5.0.0"]
backend.setVersion("< 5.0.0")
setDbms("%s 4" % DBMS.MYSQL)
self.getBanner()
@@ -243,26 +247,26 @@ class Fingerprint(GenericFingerprint):
# Check which version of MySQL < 5.0.0 it is
if inject.checkBooleanExpression("3=(SELECT COERCIBILITY(USER()))"):
kb.dbmsVersion = [">= 4.1.11", "< 5.0.0"]
backend.setVersionList([">= 4.1.11", "< 5.0.0"])
elif inject.checkBooleanExpression("2=(SELECT COERCIBILITY(USER()))"):
kb.dbmsVersion = [">= 4.1.1", "< 4.1.11"]
backend.setVersionList([">= 4.1.1", "< 4.1.11"])
elif inject.checkBooleanExpression("CURRENT_USER()=CURRENT_USER()"):
kb.dbmsVersion = [">= 4.0.6", "< 4.1.1"]
backend.setVersionList([">= 4.0.6", "< 4.1.1"])
if inject.checkBooleanExpression("'utf8'=(SELECT CHARSET(CURRENT_USER()))"):
kb.dbmsVersion = ["= 4.1.0"]
backend.setVersion("= 4.1.0")
else:
kb.dbmsVersion = [">= 4.0.6", "< 4.1.0"]
backend.setVersionList([">= 4.0.6", "< 4.1.0"])
else:
kb.dbmsVersion = [">= 4.0.0", "< 4.0.6"]
backend.setVersionList([">= 4.0.0", "< 4.0.6"])
else:
kb.dbmsVersion = ["< 4.0.0"]
backend.setVersion("< 4.0.0")
setDbms("%s 3" % DBMS.MYSQL)
self.getBanner()
return True
else:
warnMsg = "the back-end DBMS is not MySQL"
warnMsg = "the back-end DBMS is not %s" % DBMS.MYSQL
logger.warn(warnMsg)
return False
@@ -275,9 +279,10 @@ class Fingerprint(GenericFingerprint):
logger.info(infoMsg)
result = inject.checkBooleanExpression("'/'=(SELECT MID(@@datadir, 1, 1))")
if result is True:
if result:
kb.os = "Linux"
elif result is False:
elif not result:
kb.os = "Windows"
if kb.os:

6
plugins/dbms/oracle/enumeration.py
View File

@@ -8,7 +8,7 @@ See the file 'doc/COPYING' for copying permission
"""
from lib.core.agent import agent
from lib.core.common import getIdentifiedDBMS
from lib.core.common import backend
from lib.core.common import getRange
from lib.core.common import isNumPosStrValue
from lib.core.common import isTechniqueAvailable
@@ -30,7 +30,7 @@ class Enumeration(GenericEnumeration):
def getRoles(self, query2=False):
infoMsg = "fetching database users roles"
rootQuery = queries[getIdentifiedDBMS()].roles
rootQuery = queries[backend.getIdentifiedDbms()].roles
if conf.user == "CU":
infoMsg += " for current user"
@@ -179,7 +179,7 @@ class Enumeration(GenericEnumeration):
return []
def searchColumn(self):
rootQuery = queries[getIdentifiedDBMS()].search_column
rootQuery = queries[backend.getIdentifiedDbms()].search_column
foundCols = {}
dbs = { "USERS": {} }
colList = conf.col.split(",")

28
plugins/dbms/oracle/fingerprint.py
View File

@@ -10,9 +10,8 @@ See the file 'doc/COPYING' for copying permission
import re
from lib.core.agent import agent
from lib.core.common import formatDBMSfp
from lib.core.common import formatFingerprint
from lib.core.common import getErrorParsedDBMSesFormatted
from lib.core.common import backend
from lib.core.common import format
from lib.core.data import conf
from lib.core.data import kb
from lib.core.data import logger
@@ -30,13 +29,13 @@ class Fingerprint(GenericFingerprint):
def getFingerprint(self):
value = ""
wsOsFp = formatFingerprint("web server", kb.headersFp)
wsOsFp = format.getOs("web server", kb.headersFp)
if wsOsFp:
value += "%s\n" % wsOsFp
if kb.data.banner:
dbmsOsFp = formatFingerprint("back-end DBMS", kb.bannerFp)
dbmsOsFp = format.getOs("back-end DBMS", kb.bannerFp)
if dbmsOsFp:
value += "%s\n" % dbmsOsFp
@@ -56,7 +55,7 @@ class Fingerprint(GenericFingerprint):
banVer = formatDBMSfp([banVer])
value += "\n%sbanner parsing fingerprint: %s" % (blank, banVer)
htmlErrorFp = getErrorParsedDBMSesFormatted()
htmlErrorFp = format.getErrorParsedDBMSes()
if htmlErrorFp:
value += "\n%shtml error message fingerprint: %s" % (blank, htmlErrorFp)
@@ -64,14 +63,14 @@ class Fingerprint(GenericFingerprint):
return value
def checkDbms(self):
if not conf.extensiveFp and (kb.dbms is not None and kb.dbms.lower() in ORACLE_ALIASES) or conf.dbms in ORACLE_ALIASES:
if not conf.extensiveFp and (backend.isDbmsWithin(ORACLE_ALIASES) or conf.dbms in ORACLE_ALIASES):
setDbms(DBMS.ORACLE)
self.getBanner()
return True
logMsg = "testing Oracle"
logMsg = "testing %s" % DBMS.ORACLE
logger.info(logMsg)
# NOTE: SELECT ROWNUM=ROWNUM FROM DUAL does not work connecting
@@ -82,7 +81,7 @@ class Fingerprint(GenericFingerprint):
result = inject.checkBooleanExpression("ROWNUM=ROWNUM")
if result:
logMsg = "confirming Oracle"
logMsg = "confirming %s" % DBMS.ORACLE
logger.info(logMsg)
# NOTE: SELECT LENGTH(SYSDATE)=LENGTH(SYSDATE) FROM DUAL does
@@ -93,7 +92,7 @@ class Fingerprint(GenericFingerprint):
result = inject.checkBooleanExpression("LENGTH(SYSDATE)=LENGTH(SYSDATE)")
if not result:
warnMsg = "the back-end DBMS is not Oracle"
warnMsg = "the back-end DBMS is not %s" % DBMS.ORACLE
logger.warn(warnMsg)
return False
@@ -105,17 +104,20 @@ class Fingerprint(GenericFingerprint):
if not conf.extensiveFp:
return True
infoMsg = "actively fingerprinting %s" % DBMS.ORACLE
logger.info(infoMsg)
for version in ("11i", "10g", "9i", "8i"):
number = int(re.search("([\d]+)", version).group(1))
output = inject.checkBooleanExpression("%d=(SELECT SUBSTR((VERSION), 1, %d) FROM SYS.PRODUCT_COMPONENT_VERSION WHERE ROWNUM=1)" % (number, 1 if number < 10 else 2))
if output:
kb.dbmsVersion = [ version ]
backend.setVersion(version)
break
return True
else:
warnMsg = "the back-end DBMS is not Oracle"
warnMsg = "the back-end DBMS is not %s" % DBMS.ORACLE
logger.warn(warnMsg)
return False
@@ -126,7 +128,7 @@ class Fingerprint(GenericFingerprint):
else:
conf.db = "USERS"
warnMsg = "on Oracle it is only possible to enumerate "
warnMsg = "on %s it is only possible to enumerate " % DBMS.ORACLE
warnMsg += "if you provide a TABLESPACE_NAME as database "
warnMsg += "name. sqlmap is going to use 'USERS' as database "
warnMsg += "name"

56
plugins/dbms/postgresql/fingerprint.py
View File

@@ -10,9 +10,8 @@ See the file 'doc/COPYING' for copying permission
import re
from lib.core.agent import agent
from lib.core.common import formatDBMSfp
from lib.core.common import formatFingerprint
from lib.core.common import getErrorParsedDBMSesFormatted
from lib.core.common import backend
from lib.core.common import format
from lib.core.common import getUnicode
from lib.core.common import randomInt
from lib.core.data import conf
@@ -33,13 +32,13 @@ class Fingerprint(GenericFingerprint):
def getFingerprint(self):
value = ""
wsOsFp = formatFingerprint("web server", kb.headersFp)
wsOsFp = format.getOs("web server", kb.headersFp)
if wsOsFp:
value += "%s\n" % wsOsFp
if kb.data.banner:
dbmsOsFp = formatFingerprint("back-end DBMS", kb.bannerFp)
dbmsOsFp = format.getOs("back-end DBMS", kb.bannerFp)
if dbmsOsFp:
value += "%s\n" % dbmsOsFp
@@ -59,7 +58,7 @@ class Fingerprint(GenericFingerprint):
banVer = formatDBMSfp([banVer])
value += "\n%sbanner parsing fingerprint: %s" % (blank, banVer)
htmlErrorFp = getErrorParsedDBMSesFormatted()
htmlErrorFp = format.getErrorParsedDBMSes()
if htmlErrorFp:
value += "\n%shtml error message fingerprint: %s" % (blank, htmlErrorFp)
@@ -73,27 +72,27 @@ class Fingerprint(GenericFingerprint):
* http://www.postgresql.org/docs/8.4/interactive/release.html (up to 8.4.2)
"""
if not conf.extensiveFp and (kb.dbms is not None and kb.dbms.lower() in PGSQL_ALIASES) or conf.dbms in PGSQL_ALIASES:
if not conf.extensiveFp and (backend.isDbmsWithin(PGSQL_ALIASES) or conf.dbms in PGSQL_ALIASES):
setDbms(DBMS.PGSQL)
self.getBanner()
return True
infoMsg = "testing PostgreSQL"
infoMsg = "testing %s" % DBMS.PGSQL
logger.info(infoMsg)
randInt = getUnicode(randomInt(1))
result = inject.checkBooleanExpression("%s::int=%s" % (randInt, randInt))
if result:
infoMsg = "confirming PostgreSQL"
infoMsg = "confirming %s" % DBMS.PGSQL
logger.info(infoMsg)
result = inject.checkBooleanExpression("COALESCE(%s, NULL)=%s" % (randInt, randInt))
if not result:
warnMsg = "the back-end DBMS is not PostgreSQL"
warnMsg = "the back-end DBMS is not %s" % DBMS.PGSQL
logger.warn(warnMsg)
return False
@@ -105,40 +104,43 @@ class Fingerprint(GenericFingerprint):
if not conf.extensiveFp:
return True
infoMsg = "actively fingerprinting %s" % DBMS.PGSQL
logger.info(infoMsg)
if inject.checkBooleanExpression("2=(SELECT DIV(6, 3))"):
kb.dbmsVersion = [">= 8.4.0"]
backend.setVersion(">= 8.4.0")
elif inject.checkBooleanExpression("EXTRACT(ISODOW FROM CURRENT_TIMESTAMP)<8"):
kb.dbmsVersion = [">= 8.3.0", "< 8.4"]
backend.setVersionList([">= 8.3.0", "< 8.4"])
elif inject.checkBooleanExpression("ISFINITE(TRANSACTION_TIMESTAMP())"):
kb.dbmsVersion = [">= 8.2.0", "< 8.3.0"]
backend.setVersionList([">= 8.2.0", "< 8.3.0"])
elif inject.checkBooleanExpression("9=(SELECT GREATEST(5, 9, 1))"):
kb.dbmsVersion = [">= 8.1.0", "< 8.2.0"]
backend.setVersionList([">= 8.1.0", "< 8.2.0"])
elif inject.checkBooleanExpression("3=(SELECT WIDTH_BUCKET(5.35, 0.024, 10.06, 5))"):
kb.dbmsVersion = [">= 8.0.0", "< 8.1.0"]
backend.setVersionList([">= 8.0.0", "< 8.1.0"])
elif inject.checkBooleanExpression("'d'=(SELECT SUBSTR(MD5('sqlmap'), 1, 1))"):
kb.dbmsVersion = [">= 7.4.0", "< 8.0.0"]
backend.setVersionList([">= 7.4.0", "< 8.0.0"])
elif inject.checkBooleanExpression("'p'=(SELECT SUBSTR(CURRENT_SCHEMA(), 1, 1))"):
kb.dbmsVersion = [">= 7.3.0", "< 7.4.0"]
backend.setVersionList([">= 7.3.0", "< 7.4.0"])
elif inject.checkBooleanExpression("8=(SELECT BIT_LENGTH(1))"):
kb.dbmsVersion = [">= 7.2.0", "< 7.3.0"]
backend.setVersionList([">= 7.2.0", "< 7.3.0"])
elif inject.checkBooleanExpression("'a'=(SELECT SUBSTR(QUOTE_LITERAL('a'), 2, 1))"):
kb.dbmsVersion = [">= 7.1.0", "< 7.2.0"]
backend.setVersionList([">= 7.1.0", "< 7.2.0"])
elif inject.checkBooleanExpression("8=(SELECT POW(2, 3))"):
kb.dbmsVersion = [">= 7.0.0", "< 7.1.0"]
backend.setVersionList([">= 7.0.0", "< 7.1.0"])
elif inject.checkBooleanExpression("'a'=(SELECT MAX('a'))"):
kb.dbmsVersion = [">= 6.5.0", "< 6.5.3"]
backend.setVersionList([">= 6.5.0", "< 6.5.3"])
elif inject.checkBooleanExpression("VERSION()=VERSION()"):
kb.dbmsVersion = [">= 6.4.0", "< 6.5.0"]
backend.setVersionList([">= 6.4.0", "< 6.5.0"])
elif inject.checkBooleanExpression("2=(SELECT SUBSTR(CURRENT_DATE, 1, 1))"):
kb.dbmsVersion = [">= 6.3.0", "< 6.4.0"]
backend.setVersionList([">= 6.3.0", "< 6.4.0"])
elif inject.checkBooleanExpression("'s'=(SELECT SUBSTRING('sqlmap', 1, 1))"):
kb.dbmsVersion = [">= 6.2.0", "< 6.3.0"]
backend.setVersionList([">= 6.2.0", "< 6.3.0"])
else:
kb.dbmsVersion = ["< 6.2.0"]
backend.setVersion("< 6.2.0")
return True
else:
warnMsg = "the back-end DBMS is not PostgreSQL"
warnMsg = "the back-end DBMS is not %s" % DBMS.PGSQL
logger.warn(warnMsg)
return False
@@ -178,7 +180,7 @@ class Fingerprint(GenericFingerprint):
if conf.db not in PGSQL_SYSTEM_DBS and conf.db != "public":
conf.db = "public"
warnMsg = "on PostgreSQL it is only possible to enumerate "
warnMsg = "on %s it is only possible to enumerate " % DBMS.PGSQL
warnMsg += "on the current schema and on system databases, "
warnMsg += "sqlmap is going to use 'public' schema as "
warnMsg += "database name"

27
plugins/dbms/sqlite/fingerprint.py
View File

@@ -8,9 +8,8 @@ See the file 'doc/COPYING' for copying permission
"""
from lib.core.agent import agent
from lib.core.common import formatDBMSfp
from lib.core.common import formatFingerprint
from lib.core.common import getErrorParsedDBMSesFormatted
from lib.core.common import backend
from lib.core.common import format
from lib.core.data import conf
from lib.core.data import kb
from lib.core.data import logger
@@ -29,13 +28,13 @@ class Fingerprint(GenericFingerprint):
def getFingerprint(self):
value = ""
wsOsFp = formatFingerprint("web server", kb.headersFp)
wsOsFp = format.getOs("web server", kb.headersFp)
if wsOsFp:
value += "%s\n" % wsOsFp
if kb.data.banner:
dbmsOsFp = formatFingerprint("back-end DBMS", kb.bannerFp)
dbmsOsFp = format.getOs("back-end DBMS", kb.bannerFp)
if dbmsOsFp:
value += "%s\n" % dbmsOsFp
@@ -55,7 +54,7 @@ class Fingerprint(GenericFingerprint):
banVer = formatDBMSfp([banVer])
value += "\n%sbanner parsing fingerprint: %s" % (blank, banVer)
htmlErrorFp = getErrorParsedDBMSesFormatted()
htmlErrorFp = format.getErrorParsedDBMSes()
if htmlErrorFp:
value += "\n%shtml error message fingerprint: %s" % (blank, htmlErrorFp)
@@ -70,32 +69,36 @@ class Fingerprint(GenericFingerprint):
* http://www.sqlite.org/cvstrac/wiki?p=LoadableExtensions
"""
if not conf.extensiveFp and (kb.dbms is not None and kb.dbms.lower() in SQLITE_ALIASES) or conf.dbms in SQLITE_ALIASES:
if not conf.extensiveFp and (backend.isDbmsWithin(SQLITE_ALIASES) or conf.dbms in SQLITE_ALIASES):
setDbms(DBMS.SQLITE)
self.getBanner()
return True
logMsg = "testing SQLite"
logMsg = "testing %s" % DBMS.SQLITE
logger.info(logMsg)
result = inject.checkBooleanExpression("LAST_INSERT_ROWID()=LAST_INSERT_ROWID()")
if result:
logMsg = "confirming SQLite"
logMsg = "confirming %s" % DBMS.SQLITE
logger.info(logMsg)
result = inject.checkBooleanExpression("SQLITE_VERSION()=SQLITE_VERSION()")
if not result:
warnMsg = "the back-end DBMS is not SQLite"
warnMsg = "the back-end DBMS is not %s" % DBMS.SQLITE
logger.warn(warnMsg)
return False
else:
infoMsg = "actively fingerprinting %s" % DBMS.SQLITE
logger.info(infoMsg)
result = inject.checkBooleanExpression("RANDOMBLOB(-1)>0")
kb.dbmsVersion = [ '3' if result else '2' ]
version = '3' if result else '2'
backend.setVersion(version)
setDbms(DBMS.SQLITE)
@@ -103,7 +106,7 @@ class Fingerprint(GenericFingerprint):
return True
else:
warnMsg = "the back-end DBMS is not SQLite"
warnMsg = "the back-end DBMS is not %s" % DBMS.SQLITE
logger.warn(warnMsg)
return False

33
plugins/dbms/sybase/fingerprint.py
View File

@@ -8,9 +8,8 @@ See the file 'doc/COPYING' for copying permission
"""
from lib.core.agent import agent
from lib.core.common import formatDBMSfp
from lib.core.common import formatFingerprint
from lib.core.common import getErrorParsedDBMSesFormatted
from lib.core.common import backend
from lib.core.common import format
from lib.core.common import randomInt
from lib.core.data import conf
from lib.core.data import kb
@@ -29,13 +28,13 @@ class Fingerprint(GenericFingerprint):
def getFingerprint(self):
value = ""
wsOsFp = formatFingerprint("web server", kb.headersFp)
wsOsFp = format.getOs("web server", kb.headersFp)
if wsOsFp:
value += "%s\n" % wsOsFp
if kb.data.banner:
dbmsOsFp = formatFingerprint("back-end DBMS", kb.bannerFp)
dbmsOsFp = format.getOs("back-end DBMS", kb.bannerFp)
if dbmsOsFp:
value += "%s\n" % dbmsOsFp
@@ -55,7 +54,7 @@ class Fingerprint(GenericFingerprint):
banVer = formatDBMSfp([banVer])
value += "\n%sbanner parsing fingerprint: %s" % (blank, banVer)
htmlErrorFp = getErrorParsedDBMSesFormatted()
htmlErrorFp = format.getErrorParsedDBMSes()
if htmlErrorFp:
value += "\n%shtml error message fingerprint: %s" % (blank, htmlErrorFp)
@@ -63,10 +62,10 @@ class Fingerprint(GenericFingerprint):
return value
def checkDbms(self):
if not conf.extensiveFp and ((kb.dbms is not None and kb.dbms.lower() in SYBASE_ALIASES) \
or conf.dbms in SYBASE_ALIASES) and kb.dbmsVersion and \
kb.dbmsVersion[0].isdigit():
setDbms("%s %s" % (DBMS.SYBASE, kb.dbmsVersion[0]))
if not conf.extensiveFp and (backend.isDbmsWithin(SYBASE_ALIASES) \
or conf.dbms in SYBASE_ALIASES) and backend.getVersion() and \
backend.getVersion().isdigit():
setDbms("%s %s" % (DBMS.SYBASE, backend.getVersion()))
self.getBanner()
@@ -74,7 +73,7 @@ class Fingerprint(GenericFingerprint):
return True
infoMsg = "testing Sybase"
infoMsg = "testing %s" % DBMS.SYBASE
logger.info(infoMsg)
if conf.direct:
@@ -83,13 +82,13 @@ class Fingerprint(GenericFingerprint):
result = inject.checkBooleanExpression("tempdb_id()=tempdb_id()")
if result:
logMsg = "confirming Sybase"
logMsg = "confirming %s" % DBMS.SYBASE
logger.info(logMsg)
result = inject.checkBooleanExpression("suser_id()=suser_id()")
if not result:
warnMsg = "the back-end DBMS is not Sybase"
warnMsg = "the back-end DBMS is not %s" % DBMS.SYBASE
logger.warn(warnMsg)
return False
@@ -101,15 +100,19 @@ class Fingerprint(GenericFingerprint):
if not conf.extensiveFp:
return True
infoMsg = "actively fingerprinting %s" % DBMS.SYBASE
logger.info(infoMsg)
for version in range(12, 16):
result = inject.checkBooleanExpression("@@VERSION_NUMBER/1000=%d" % version)
if result:
kb.dbmsVersion = ["%d" % version]
backend.setVersion(str(version))
break
return True
else:
warnMsg = "the back-end DBMS is not Sybase"
warnMsg = "the back-end DBMS is not %s" % DBMS.SYBASE
logger.warn(warnMsg)
return False