PenTest/sqlmap
1
0
Fork 0
mirror of https://github.com/sqlmapproject/sqlmap.git synced 2025-12-06 12:41:30 +00:00
Code Issues Projects Releases Wiki Activity

Major code refactoring - centralized all kb.dbms* info for both retrieval and set.

Browse Source
This commit is contained in:
Bernardo Damele
2011-01-19 23:06:15 +00:00
parent 4bdc19d879
commit bade0e3124
39 changed files with 915 additions and 810 deletions
Download Patch File Download Diff File Expand all files Collapse all files

56
plugins/dbms/postgresql/fingerprint.py
View File

@@ -10,9 +10,8 @@ See the file 'doc/COPYING' for copying permission
import re
from lib.core.agent import agent
from lib.core.common import formatDBMSfp
from lib.core.common import formatFingerprint
from lib.core.common import getErrorParsedDBMSesFormatted
from lib.core.common import backend
from lib.core.common import format
from lib.core.common import getUnicode
from lib.core.common import randomInt
from lib.core.data import conf
@@ -33,13 +32,13 @@ class Fingerprint(GenericFingerprint):
def getFingerprint(self):
value = ""
wsOsFp = formatFingerprint("web server", kb.headersFp)
wsOsFp = format.getOs("web server", kb.headersFp)
if wsOsFp:
value += "%s\n" % wsOsFp
if kb.data.banner:
dbmsOsFp = formatFingerprint("back-end DBMS", kb.bannerFp)
dbmsOsFp = format.getOs("back-end DBMS", kb.bannerFp)
if dbmsOsFp:
value += "%s\n" % dbmsOsFp
@@ -59,7 +58,7 @@ class Fingerprint(GenericFingerprint):
banVer = formatDBMSfp([banVer])
value += "\n%sbanner parsing fingerprint: %s" % (blank, banVer)
htmlErrorFp = getErrorParsedDBMSesFormatted()
htmlErrorFp = format.getErrorParsedDBMSes()
if htmlErrorFp:
value += "\n%shtml error message fingerprint: %s" % (blank, htmlErrorFp)
@@ -73,27 +72,27 @@ class Fingerprint(GenericFingerprint):
* http://www.postgresql.org/docs/8.4/interactive/release.html (up to 8.4.2)
"""
if not conf.extensiveFp and (kb.dbms is not None and kb.dbms.lower() in PGSQL_ALIASES) or conf.dbms in PGSQL_ALIASES:
if not conf.extensiveFp and (backend.isDbmsWithin(PGSQL_ALIASES) or conf.dbms in PGSQL_ALIASES):
setDbms(DBMS.PGSQL)
self.getBanner()
return True
infoMsg = "testing PostgreSQL"
infoMsg = "testing %s" % DBMS.PGSQL
logger.info(infoMsg)
randInt = getUnicode(randomInt(1))
result = inject.checkBooleanExpression("%s::int=%s" % (randInt, randInt))
if result:
infoMsg = "confirming PostgreSQL"
infoMsg = "confirming %s" % DBMS.PGSQL
logger.info(infoMsg)
result = inject.checkBooleanExpression("COALESCE(%s, NULL)=%s" % (randInt, randInt))
if not result:
warnMsg = "the back-end DBMS is not PostgreSQL"
warnMsg = "the back-end DBMS is not %s" % DBMS.PGSQL
logger.warn(warnMsg)
return False
@@ -105,40 +104,43 @@ class Fingerprint(GenericFingerprint):
if not conf.extensiveFp:
return True
infoMsg = "actively fingerprinting %s" % DBMS.PGSQL
logger.info(infoMsg)
if inject.checkBooleanExpression("2=(SELECT DIV(6, 3))"):
kb.dbmsVersion = [">= 8.4.0"]
backend.setVersion(">= 8.4.0")
elif inject.checkBooleanExpression("EXTRACT(ISODOW FROM CURRENT_TIMESTAMP)<8"):
kb.dbmsVersion = [">= 8.3.0", "< 8.4"]
backend.setVersionList([">= 8.3.0", "< 8.4"])
elif inject.checkBooleanExpression("ISFINITE(TRANSACTION_TIMESTAMP())"):
kb.dbmsVersion = [">= 8.2.0", "< 8.3.0"]
backend.setVersionList([">= 8.2.0", "< 8.3.0"])
elif inject.checkBooleanExpression("9=(SELECT GREATEST(5, 9, 1))"):
kb.dbmsVersion = [">= 8.1.0", "< 8.2.0"]
backend.setVersionList([">= 8.1.0", "< 8.2.0"])
elif inject.checkBooleanExpression("3=(SELECT WIDTH_BUCKET(5.35, 0.024, 10.06, 5))"):
kb.dbmsVersion = [">= 8.0.0", "< 8.1.0"]
backend.setVersionList([">= 8.0.0", "< 8.1.0"])
elif inject.checkBooleanExpression("'d'=(SELECT SUBSTR(MD5('sqlmap'), 1, 1))"):
kb.dbmsVersion = [">= 7.4.0", "< 8.0.0"]
backend.setVersionList([">= 7.4.0", "< 8.0.0"])
elif inject.checkBooleanExpression("'p'=(SELECT SUBSTR(CURRENT_SCHEMA(), 1, 1))"):
kb.dbmsVersion = [">= 7.3.0", "< 7.4.0"]
backend.setVersionList([">= 7.3.0", "< 7.4.0"])
elif inject.checkBooleanExpression("8=(SELECT BIT_LENGTH(1))"):
kb.dbmsVersion = [">= 7.2.0", "< 7.3.0"]
backend.setVersionList([">= 7.2.0", "< 7.3.0"])
elif inject.checkBooleanExpression("'a'=(SELECT SUBSTR(QUOTE_LITERAL('a'), 2, 1))"):
kb.dbmsVersion = [">= 7.1.0", "< 7.2.0"]
backend.setVersionList([">= 7.1.0", "< 7.2.0"])
elif inject.checkBooleanExpression("8=(SELECT POW(2, 3))"):
kb.dbmsVersion = [">= 7.0.0", "< 7.1.0"]
backend.setVersionList([">= 7.0.0", "< 7.1.0"])
elif inject.checkBooleanExpression("'a'=(SELECT MAX('a'))"):
kb.dbmsVersion = [">= 6.5.0", "< 6.5.3"]
backend.setVersionList([">= 6.5.0", "< 6.5.3"])
elif inject.checkBooleanExpression("VERSION()=VERSION()"):
kb.dbmsVersion = [">= 6.4.0", "< 6.5.0"]
backend.setVersionList([">= 6.4.0", "< 6.5.0"])
elif inject.checkBooleanExpression("2=(SELECT SUBSTR(CURRENT_DATE, 1, 1))"):
kb.dbmsVersion = [">= 6.3.0", "< 6.4.0"]
backend.setVersionList([">= 6.3.0", "< 6.4.0"])
elif inject.checkBooleanExpression("'s'=(SELECT SUBSTRING('sqlmap', 1, 1))"):
kb.dbmsVersion = [">= 6.2.0", "< 6.3.0"]
backend.setVersionList([">= 6.2.0", "< 6.3.0"])
else:
kb.dbmsVersion = ["< 6.2.0"]
backend.setVersion("< 6.2.0")
return True
else:
warnMsg = "the back-end DBMS is not PostgreSQL"
warnMsg = "the back-end DBMS is not %s" % DBMS.PGSQL
logger.warn(warnMsg)
return False
@@ -178,7 +180,7 @@ class Fingerprint(GenericFingerprint):
if conf.db not in PGSQL_SYSTEM_DBS and conf.db != "public":
conf.db = "public"
warnMsg = "on PostgreSQL it is only possible to enumerate "
warnMsg = "on %s it is only possible to enumerate " % DBMS.PGSQL
warnMsg += "on the current schema and on system databases, "
warnMsg += "sqlmap is going to use 'public' schema as "
warnMsg += "database name"