mirror of
https://github.com/sqlmapproject/sqlmap.git
synced 2025-12-07 05:01:30 +00:00
sqlmap 0.8-rc3: Merge from Miroslav Stampar's branch fixing a bug when verbosity > 2, another major bug with urlencoding/urldecoding of POST data and Cookies, adding --drop-set-cookie option, implementing support to automatically decode gzip and deflate HTTP responses, support for Google dork page result (--gpage) and a minor code cleanup.
This commit is contained in:
Bernardo Damele
@@ -22,8 +22,6 @@ with sqlmap; if not, write to the Free Software Foundation, Inc., 51
|
||||
Franklin St, Fifth Floor, Boston, MA 02110-1301 USA
|
||||
"""
|
||||
|
||||
|
||||
|
||||
import re
|
||||
|
||||
from lib.core.agent import agent
|
||||
@@ -49,7 +47,6 @@ from lib.request import inject
|
||||
from lib.techniques.inband.union.test import unionTest
|
||||
from lib.techniques.outband.stacked import stackedTest
|
||||
|
||||
|
||||
class Enumeration:
|
||||
"""
|
||||
This class defines generic enumeration functionalities for plugins.
|
||||
@@ -71,11 +68,9 @@ class Enumeration:
|
||||
|
||||
temp.inference = queries[dbms].inference
|
||||
|
||||
|
||||
def forceDbmsEnum(self):
|
||||
pass
|
||||
|
||||
|
||||
def getVersionFromBanner(self):
|
||||
if "dbmsVersion" in kb.bannerFp:
|
||||
return
|
||||
@@ -100,7 +95,6 @@ class Enumeration:
|
||||
kb.bannerFp["dbmsVersion"] = inject.getValue(query, unpack=False)
|
||||
kb.bannerFp["dbmsVersion"] = kb.bannerFp["dbmsVersion"].replace(",", "").replace("-", "").replace(" ", "")
|
||||
|
||||
|
||||
def getBanner(self):
|
||||
if not conf.getBanner:
|
||||
return
|
||||
@@ -131,7 +125,6 @@ class Enumeration:
|
||||
|
||||
return kb.data.banner
|
||||
|
||||
|
||||
def getCurrentUser(self):
|
||||
infoMsg = "fetching current user"
|
||||
logger.info(infoMsg)
|
||||
@@ -143,7 +136,6 @@ class Enumeration:
|
||||
|
||||
return kb.data.currentUser
|
||||
|
||||
|
||||
def getCurrentDb(self):
|
||||
infoMsg = "fetching current database"
|
||||
logger.info(infoMsg)
|
||||
@@ -155,7 +147,6 @@ class Enumeration:
|
||||
|
||||
return kb.data.currentDb
|
||||
|
||||
|
||||
def isDba(self):
|
||||
infoMsg = "testing if current user is DBA"
|
||||
logger.info(infoMsg)
|
||||
@@ -166,7 +157,6 @@ class Enumeration:
|
||||
|
||||
return kb.data.isDba == "1"
|
||||
|
||||
|
||||
def getUsers(self):
|
||||
infoMsg = "fetching database users"
|
||||
logger.info(infoMsg)
|
||||
@@ -218,7 +208,6 @@ class Enumeration:
|
||||
|
||||
return kb.data.cachedUsers
|
||||
|
||||
|
||||
def getPasswordHashes(self):
|
||||
infoMsg = "fetching database users password hashes"
|
||||
|
||||
@@ -340,7 +329,6 @@ class Enumeration:
|
||||
|
||||
return kb.data.cachedUsersPasswords
|
||||
|
||||
|
||||
def __isAdminFromPrivileges(self, privileges):
|
||||
# In PostgreSQL the usesuper privilege means that the
|
||||
# user is DBA
|
||||
@@ -360,7 +348,6 @@ class Enumeration:
|
||||
|
||||
return dbaCondition
|
||||
|
||||
|
||||
def getPrivileges(self):
|
||||
infoMsg = "fetching database users privileges"
|
||||
|
||||
@@ -627,7 +614,6 @@ class Enumeration:
|
||||
|
||||
return ( kb.data.cachedUsersPrivileges, areAdmins )
|
||||
|
||||
|
||||
def getDbs(self):
|
||||
if kb.dbms == "MySQL" and not kb.data.has_information_schema:
|
||||
warnMsg = "information_schema not available, "
|
||||
@@ -682,7 +668,6 @@ class Enumeration:
|
||||
|
||||
return kb.data.cachedDbs
|
||||
|
||||
|
||||
def getTables(self):
|
||||
if kb.dbms == "MySQL" and not kb.data.has_information_schema:
|
||||
errMsg = "information_schema not available, "
|
||||
@@ -777,7 +762,6 @@ class Enumeration:
|
||||
|
||||
return kb.data.cachedTables
|
||||
|
||||
|
||||
def getColumns(self, onlyColNames=False):
|
||||
if kb.dbms == "MySQL" and not kb.data.has_information_schema:
|
||||
errMsg = "information_schema not available, "
|
||||
@@ -897,7 +881,6 @@ class Enumeration:
|
||||
|
||||
return kb.data.cachedColumns
|
||||
|
||||
|
||||
def dumpTable(self):
|
||||
if not conf.tbl:
|
||||
errMsg = "missing table parameter"
|
||||
@@ -1067,7 +1050,6 @@ class Enumeration:
|
||||
|
||||
return kb.data.dumpedTable
|
||||
|
||||
|
||||
def dumpAll(self):
|
||||
if kb.dbms == "MySQL" and not kb.data.has_information_schema:
|
||||
errMsg = "information_schema not available, "
|
||||
@@ -1093,7 +1075,6 @@ class Enumeration:
|
||||
if data:
|
||||
dumper.dbTableValues(data)
|
||||
|
||||
|
||||
def sqlQuery(self, query):
|
||||
output = None
|
||||
sqlType = None
|
||||
@@ -1119,10 +1100,10 @@ class Enumeration:
|
||||
else:
|
||||
query = urlencode(query, convall=True)
|
||||
|
||||
if kb.stackedTest == None:
|
||||
if kb.stackedTest is None:
|
||||
stackedTest()
|
||||
|
||||
if kb.stackedTest == False:
|
||||
if not kb.stackedTest:
|
||||
return None
|
||||
else:
|
||||
if sqlType:
|
||||
@@ -1140,7 +1121,6 @@ class Enumeration:
|
||||
|
||||
return output
|
||||
|
||||
|
||||
def sqlShell(self):
|
||||
infoMsg = "calling %s shell. To quit type " % kb.dbms
|
||||
infoMsg += "'x' or 'q' and press ENTER"
|
||||
@@ -1174,7 +1154,7 @@ class Enumeration:
|
||||
if output and output != "Quit":
|
||||
dumper.string(query, output)
|
||||
|
||||
elif output == False:
|
||||
elif not output:
|
||||
pass
|
||||
|
||||
elif output != "Quit":
|
||||
|
||||
Reference in New Issue
Block a user