Now, if the back-end dbms type has been identified by the detection engine, skips the fingerprint phase.

Major code refactoring and commenting to detection engine. Ask user whether or not to proceed to test remaining parameters after an injection point has been identified. Restore beep at SQL injection find. Avoid reuse of same variable in DBMS handler code. Minor adjustment of payloads XML file.
2025-12-09 22:21:30 +00:00 · 2010-11-30 22:40:25 +00:00
parent fcdebbd55f
commit c8f943f5e4
17 changed files with 210 additions and 118 deletions
--- a/plugins/dbms/access/fingerprint.py
+++ b/plugins/dbms/access/fingerprint.py
@@ -152,7 +152,7 @@ class Fingerprint(GenericFingerprint):
        return value

    def checkDbms(self):
-        if conf.dbms in ACCESS_ALIASES:
+        if (kb.dbms is not None and kb.dbms.lower() in ACCESS_ALIASES) or conf.dbms in ACCESS_ALIASES:
            setDbms(DBMS.ACCESS)

            if not conf.extensiveFp:
--- a/plugins/dbms/firebird/fingerprint.py
+++ b/plugins/dbms/firebird/fingerprint.py
@@ -103,7 +103,7 @@ class Fingerprint(GenericFingerprint):
        return retVal

    def checkDbms(self):
-        if conf.dbms in FIREBIRD_ALIASES:
+        if (kb.dbms is not None and kb.dbms.lower() in FIREBIRD_ALIASES) or conf.dbms in FIREBIRD_ALIASES:
            setDbms(DBMS.FIREBIRD)

            self.getBanner()
--- a/plugins/dbms/maxdb/fingerprint.py
+++ b/plugins/dbms/maxdb/fingerprint.py
@@ -105,7 +105,7 @@ class Fingerprint(GenericFingerprint):
        return value

    def checkDbms(self):
-        if conf.dbms in MAXDB_ALIASES:
+        if (kb.dbms is not None and kb.dbms.lower() in MAXDB_ALIASES) or conf.dbms in MAXDB_ALIASES:
            setDbms(DBMS.MAXDB)

            self.getBanner()
--- a/plugins/dbms/mssqlserver/fingerprint.py
+++ b/plugins/dbms/mssqlserver/fingerprint.py
@@ -71,7 +71,9 @@ class Fingerprint(GenericFingerprint):
        return value

    def checkDbms(self):
-        if conf.dbms in MSSQL_ALIASES and kb.dbmsVersion and kb.dbmsVersion[0].isdigit():
+        if ((kb.dbms is not None and kb.dbms.lower() in MSSQL_ALIASES) \
+           or conf.dbms in MSSQL_ALIASES) and kb.dbmsVersion and \
+           kb.dbmsVersion[0].isdigit():
            setDbms("%s %s" % (DBMS.MSSQL, kb.dbmsVersion[0]))

            self.getBanner()
--- a/plugins/dbms/mysql/fingerprint.py
+++ b/plugins/dbms/mysql/fingerprint.py
@@ -142,10 +142,16 @@ class Fingerprint(GenericFingerprint):
        * http://dev.mysql.com/doc/refman/6.0/en/news-6-0-x.html (manual has been withdrawn)
        """

-        if conf.dbms in MYSQL_ALIASES and kb.dbmsVersion and kb.dbmsVersion[0].isdigit():
+        if ((kb.dbms is not None and kb.dbms.lower() in MYSQL_ALIASES) \
+           or conf.dbms in MYSQL_ALIASES) and kb.dbmsVersion and \
+           kb.dbmsVersion[0] != "Unknown":
+            kb.dbmsVersion[0] = kb.dbmsVersion[0].replace(">", "")
+            kb.dbmsVersion[0] = kb.dbmsVersion[0].replace("=", "")
+            kb.dbmsVersion[0] = kb.dbmsVersion[0].replace(" ", "")
+
            setDbms("%s %s" % (DBMS.MYSQL, kb.dbmsVersion[0]))

-            if int(kb.dbmsVersion[0]) >= 5:
+            if str(kb.dbmsVersion[0]) >= '5':
                kb.data.has_information_schema = True

            self.getBanner()
@@ -158,14 +164,14 @@ class Fingerprint(GenericFingerprint):

        randInt = getUnicode(randomInt(1))
        payload = agent.fullPayload("AND CONNECTION_ID()=CONNECTION_ID()")
-        result  = Request.queryPage(payload)
+        result = Request.queryPage(payload)

        if result:
            infoMsg = "confirming MySQL"
            logger.info(infoMsg)

            payload = agent.fullPayload("AND ISNULL(1/0)" if kb.injection.place != PLACE.URI else "AND ISNULL(1 DIV 0)")
-            result  = Request.queryPage(payload)
+            result = Request.queryPage(payload)

            if not result:
                warnMsg = "the back-end DBMS is not MySQL"
--- a/plugins/dbms/oracle/fingerprint.py
+++ b/plugins/dbms/oracle/fingerprint.py
@@ -64,7 +64,7 @@ class Fingerprint(GenericFingerprint):
        return value

    def checkDbms(self):
-        if conf.dbms in ORACLE_ALIASES:
+        if (kb.dbms is not None and kb.dbms.lower() in ORACLE_ALIASES) or conf.dbms in ORACLE_ALIASES:
            setDbms(DBMS.ORACLE)

            self.getBanner()
--- a/plugins/dbms/postgresql/fingerprint.py
+++ b/plugins/dbms/postgresql/fingerprint.py
@@ -73,7 +73,7 @@ class Fingerprint(GenericFingerprint):
        * http://www.postgresql.org/docs/8.4/interactive/release.html (up to 8.4.2)
        """

-        if conf.dbms in PGSQL_ALIASES:
+        if (kb.dbms is not None and kb.dbms.lower() in PGSQL_ALIASES) or conf.dbms in PGSQL_ALIASES:
            setDbms(DBMS.POSTGRESQL)

            self.getBanner()
--- a/plugins/dbms/sqlite/fingerprint.py
+++ b/plugins/dbms/sqlite/fingerprint.py
@@ -69,7 +69,7 @@ class Fingerprint(GenericFingerprint):
        * http://www.sqlite.org/cvstrac/wiki?p=LoadableExtensions
        """

-        if conf.dbms in SQLITE_ALIASES:
+        if (kb.dbms is not None and kb.dbms.lower() in SQLITE_ALIASES) or conf.dbms in SQLITE_ALIASES:
            setDbms(DBMS.SQLITE)

            self.getBanner()
--- a/plugins/dbms/sybase/fingerprint.py
+++ b/plugins/dbms/sybase/fingerprint.py
@@ -63,7 +63,9 @@ class Fingerprint(GenericFingerprint):
        return value

    def checkDbms(self):
-        if conf.dbms in SYBASE_ALIASES and kb.dbmsVersion and kb.dbmsVersion[0].isdigit():
+        if ((kb.dbms is not None and kb.dbms.lower() in SYBASE_ALIASES) \
+           or conf.dbms in SYBASE_ALIASES) and kb.dbmsVersion and \
+           kb.dbmsVersion[0].isdigit():
            setDbms("%s %s" % (DBMS.SYBASE, kb.dbmsVersion[0]))

            self.getBanner()