PenTest/sqlmap
1
0
Fork 0
mirror of https://github.com/sqlmapproject/sqlmap.git synced 2025-12-07 13:11:29 +00:00
Code Issues Projects Releases Wiki Activity

Some more PEPing (I hope that I haven't broke anything)

Browse Source
This commit is contained in:
Miroslav Stampar
2018-03-13 13:45:42 +01:00
parent 8166a4eeb8
commit fa4c1c5251
66 changed files with 1157 additions and 1288 deletions
Download Patch File Download Diff File Expand all files Collapse all files

11
plugins/dbms/access/fingerprint.py
View File

@@ -48,11 +48,12 @@ class Fingerprint(GenericFingerprint):
# Microsoft Access table reference updated on 01/2010
sysTables = {
"97": ("MSysModules2", "MSysAccessObjects"),
"2000" : ("!MSysModules2", "MSysAccessObjects"),
"2002-2003" : ("MSysAccessStorage", "!MSysNavPaneObjectIDs"),
"2007" : ("MSysAccessStorage", "MSysNavPaneObjectIDs"),
}
"97": ("MSysModules2", "MSysAccessObjects"),
"2000": ("!MSysModules2", "MSysAccessObjects"),
"2002-2003": ("MSysAccessStorage", "!MSysNavPaneObjectIDs"),
"2007": ("MSysAccessStorage", "MSysNavPaneObjectIDs"),
}
# MSysAccessXML is not a reliable system table because it doesn't always exist
# ("Access through Access", p6, should be "normally doesn't exist" instead of "is normally empty")

1
plugins/dbms/db2/connector.py
View File

@@ -37,7 +37,6 @@ class Connector(GenericConnector):
except ibm_db_dbi.OperationalError, msg:
raise SqlmapConnectionException(msg)
self.initCursor()
self.printConnected()

12
plugins/dbms/db2/fingerprint.py
View File

@@ -64,9 +64,9 @@ class Fingerprint(GenericFingerprint):
value += DBMS.DB2
return value
actVer = Format.getDbms()
blank = " " * 15
value += "active fingerprint: %s" % actVer
actVer = Format.getDbms()
blank = " " * 15
value += "active fingerprint: %s" % actVer
if kb.bannerFp:
banVer = kb.bannerFp["dbmsVersion"] if 'dbmsVersion' in kb.bannerFp else None
@@ -127,12 +127,14 @@ class Fingerprint(GenericFingerprint):
infoMsg = "the back-end DBMS operating system is %s" % Backend.getOs()
if result:
versions = { "2003": ("5.2", (2, 1)),
versions = {
"2003": ("5.2", (2, 1)),
"2008": ("7.0", (1,)),
"2000": ("5.0", (4, 3, 2, 1)),
"7": ("6.1", (1, 0)),
"XP": ("5.1", (2, 1)),
"NT": ("4.0", (6, 5, 4, 3, 2, 1)) }
"NT": ("4.0", (6, 5, 4, 3, 2, 1))
}
# Get back-end DBMS underlying operating system version
for version, data in versions.items():

4
plugins/dbms/firebird/connector.py
View File

@@ -39,8 +39,8 @@ class Connector(GenericConnector):
self.checkFileDb()
try:
self.connector = kinterbasdb.connect(host=self.hostname.encode(UNICODE_ENCODING), database=self.db.encode(UNICODE_ENCODING), \
user=self.user.encode(UNICODE_ENCODING), password=self.password.encode(UNICODE_ENCODING), charset="UTF8") # Reference: http://www.daniweb.com/forums/thread248499.html
# Reference: http://www.daniweb.com/forums/thread248499.html
self.connector = kinterbasdb.connect(host=self.hostname.encode(UNICODE_ENCODING), database=self.db.encode(UNICODE_ENCODING), user=self.user.encode(UNICODE_ENCODING), password=self.password.encode(UNICODE_ENCODING), charset="UTF8")
except kinterbasdb.OperationalError, msg:
raise SqlmapConnectionException(msg[1])

12
plugins/dbms/firebird/fingerprint.py
View File

@@ -68,12 +68,12 @@ class Fingerprint(GenericFingerprint):
def _sysTablesCheck(self):
retVal = None
table = (
("1.0", ("EXISTS(SELECT CURRENT_USER FROM RDB$DATABASE)",)),
("1.5", ("NULLIF(%d,%d) IS NULL", "EXISTS(SELECT CURRENT_TRANSACTION FROM RDB$DATABASE)")),
("2.0", ("EXISTS(SELECT CURRENT_TIME(0) FROM RDB$DATABASE)", "BIT_LENGTH(%d)>0", "CHAR_LENGTH(%d)>0")),
("2.1", ("BIN_XOR(%d,%d)=0", "PI()>0.%d", "RAND()<1.%d", "FLOOR(1.%d)>=0")),
# TODO: add test for Firebird 2.5
)
("1.0", ("EXISTS(SELECT CURRENT_USER FROM RDB$DATABASE)",)),
("1.5", ("NULLIF(%d,%d) IS NULL", "EXISTS(SELECT CURRENT_TRANSACTION FROM RDB$DATABASE)")),
("2.0", ("EXISTS(SELECT CURRENT_TIME(0) FROM RDB$DATABASE)", "BIT_LENGTH(%d)>0", "CHAR_LENGTH(%d)>0")),
("2.1", ("BIN_XOR(%d,%d)=0", "PI()>0.%d", "RAND()<1.%d", "FLOOR(1.%d)>=0")),
# TODO: add test for Firebird 2.5
)
for i in xrange(len(table)):
version, checks = table[i]

9
plugins/dbms/hsqldb/connector.py
View File

@@ -46,11 +46,8 @@ class Connector(GenericConnector):
try:
driver = 'org.hsqldb.jdbc.JDBCDriver'
connection_string = 'jdbc:hsqldb:mem:.' #'jdbc:hsqldb:hsql://%s/%s' % (self.hostname, self.db)
self.connector = jaydebeapi.connect(driver,
connection_string,
str(self.user),
str(self.password))
connection_string = 'jdbc:hsqldb:mem:.' # 'jdbc:hsqldb:hsql://%s/%s' % (self.hostname, self.db)
self.connector = jaydebeapi.connect(driver, connection_string, str(self.user), str(self.password))
except Exception, msg:
raise SqlmapConnectionException(msg[0])
@@ -70,7 +67,7 @@ class Connector(GenericConnector):
try:
self.cursor.execute(query)
retVal = True
except Exception, msg: #todo fix with specific error
except Exception, msg: # TODO: fix with specific error
logger.log(logging.WARN if conf.dbmsHandler else logging.DEBUG, "(remote) %s" % msg[1])
self.connector.commit()

1
plugins/dbms/informix/connector.py
View File

@@ -37,7 +37,6 @@ class Connector(GenericConnector):
except ibm_db_dbi.OperationalError, msg:
raise SqlmapConnectionException(msg)
self.initCursor()
self.printConnected()

2
plugins/dbms/informix/syntax.py
View File

@@ -41,4 +41,4 @@ class Syntax(GenericSyntax):
for _ in excluded.items():
retVal = retVal.replace(_[1], _[0])
return retVal
return retVal

6
plugins/dbms/maxdb/enumeration.py
View File

@@ -108,7 +108,7 @@ class Enumeration(GenericEnumeration):
conf.db = self.getCurrentDb()
elif conf.db is not None:
if ',' in conf.db:
if ',' in conf.db:
errMsg = "only one database name is allowed when enumerating "
errMsg += "the tables' columns"
raise SqlmapMissingMandatoryOptionException(errMsg)
@@ -184,9 +184,7 @@ class Enumeration(GenericEnumeration):
rootQuery = queries[DBMS.MAXDB].columns
for tbl in tblList:
if conf.db is not None and len(kb.data.cachedColumns) > 0 \
and conf.db in kb.data.cachedColumns and tbl in \
kb.data.cachedColumns[conf.db]:
if conf.db is not None and len(kb.data.cachedColumns) > 0 and conf.db in kb.data.cachedColumns and tbl in kb.data.cachedColumns[conf.db]:
infoMsg = "fetched tables' columns on "
infoMsg += "database '%s'" % unsafeSQLIdentificatorNaming(conf.db)
logger.info(infoMsg)

6
plugins/dbms/mssqlserver/enumeration.py
View File

@@ -368,16 +368,16 @@ class Enumeration(GenericEnumeration):
if foundTbl not in dbs[db]:
dbs[db][foundTbl] = {}
if colConsider == "1":
if colConsider == '1':
conf.db = db
conf.tbl = foundTbl
conf.col = column
self.getColumns(onlyColNames=True, colTuple=(colConsider, colCondParam), bruteForce=False)
if db in kb.data.cachedColumns and foundTbl in kb.data.cachedColumns[db]\
and not isNoneValue(kb.data.cachedColumns[db][foundTbl]):
if db in kb.data.cachedColumns and foundTbl in kb.data.cachedColumns[db] and not isNoneValue(kb.data.cachedColumns[db][foundTbl]):
dbs[db][foundTbl].update(kb.data.cachedColumns[db][foundTbl])
kb.data.cachedColumns = {}
else:
dbs[db][foundTbl][column] = None

70
plugins/dbms/mssqlserver/filesystem.py
View File

@@ -73,10 +73,13 @@ class Filesystem(GenericFilesystem):
logger.debug("generating chunk file %s\%s from debug script %s" % (tmpPath, chunkName, randScr))
commands = ("cd \"%s\"" % tmpPath, "debug < %s" % randScr, "del /F /Q %s" % randScr)
complComm = " & ".join(command for command in commands)
commands = (
"cd \"%s\"" % tmpPath,
"debug < %s" % randScr,
"del /F /Q %s" % randScr
)
self.execCmd(complComm)
self.execCmd(" & ".join(command for command in commands))
return chunkName
@@ -195,12 +198,13 @@ class Filesystem(GenericFilesystem):
logger.debug("executing the PowerShell base64-decoding script to write the %s file, please wait.." % dFile)
commands = ("powershell -ExecutionPolicy ByPass -File \"%s\"" % randPSScriptPath,
"del /F /Q \"%s\"" % encodedBase64FilePath,
"del /F /Q \"%s\"" % randPSScriptPath)
complComm = " & ".join(command for command in commands)
commands = (
"powershell -ExecutionPolicy ByPass -File \"%s\"" % randPSScriptPath,
"del /F /Q \"%s\"" % encodedBase64FilePath,
"del /F /Q \"%s\"" % randPSScriptPath
)
self.execCmd(complComm)
self.execCmd(" & ".join(command for command in commands))
def _stackedWriteFileDebugExe(self, tmpPath, wFile, wFileContent, dFile, fileType):
infoMsg = "using debug.exe to write the %s " % fileType
@@ -219,10 +223,13 @@ class Filesystem(GenericFilesystem):
debugMsg += "file %s\%s and moving it to %s" % (tmpPath, dFileName, dFile)
logger.debug(debugMsg)
commands = ("cd \"%s\"" % tmpPath, "ren %s %s" % (chunkName, dFileName), "move /Y %s %s" % (dFileName, dFile))
complComm = " & ".join(command for command in commands)
commands = (
"cd \"%s\"" % tmpPath,
"ren %s %s" % (chunkName, dFileName),
"move /Y %s %s" % (dFileName, dFile)
)
self.execCmd(complComm)
self.execCmd(" & ".join(command for command in commands))
else:
debugMsg = "the file is larger than %d bytes. " % debugSize
debugMsg += "sqlmap will split it into chunks locally, upload "
@@ -244,17 +251,22 @@ class Filesystem(GenericFilesystem):
debugMsg += "%s\%s to %s file %s\%s" % (tmpPath, chunkName, fileType, tmpPath, dFileName)
logger.debug(debugMsg)
commands = ("cd \"%s\"" % tmpPath, copyCmd, "del /F /Q %s" % chunkName)
complComm = " & ".join(command for command in commands)
commands = (
"cd \"%s\"" % tmpPath,
copyCmd,
"del /F /Q %s" % chunkName
)
self.execCmd(complComm)
self.execCmd(" & ".join(command for command in commands))
logger.debug("moving %s file %s to %s" % (fileType, sFile, dFile))
commands = ("cd \"%s\"" % tmpPath, "move /Y %s %s" % (dFileName, dFile))
complComm = " & ".join(command for command in commands)
commands = (
"cd \"%s\"" % tmpPath,
"move /Y %s %s" % (dFileName, dFile)
)
self.execCmd(complComm)
self.execCmd(" & ".join(command for command in commands))
def _stackedWriteFileVbs(self, tmpPath, wFileContent, dFile, fileType):
infoMsg = "using a custom visual basic script to write the "
@@ -330,12 +342,14 @@ class Filesystem(GenericFilesystem):
self.xpCmdshellWriteFile(vbs, tmpPath, randVbs)
commands = ("cd \"%s\"" % tmpPath, "cscript //nologo %s" % randVbs,
"del /F /Q %s" % randVbs,
"del /F /Q %s" % randFile)
complComm = " & ".join(command for command in commands)
commands = (
"cd \"%s\"" % tmpPath,
"cscript //nologo %s" % randVbs,
"del /F /Q %s" % randVbs,
"del /F /Q %s" % randFile
)
self.execCmd(complComm)
self.execCmd(" & ".join(command for command in commands))
def _stackedWriteFileCertutilExe(self, tmpPath, wFile, wFileContent, dFile, fileType):
infoMsg = "using certutil.exe to write the %s " % fileType
@@ -349,7 +363,7 @@ class Filesystem(GenericFilesystem):
encodedFileContent = base64encode(wFileContent)
splittedEncodedFileContent = '\n'.join([encodedFileContent[i:i+chunkMaxSize] for i in xrange(0, len(encodedFileContent), chunkMaxSize)])
splittedEncodedFileContent = '\n'.join([encodedFileContent[i:i + chunkMaxSize] for i in xrange(0, len(encodedFileContent), chunkMaxSize)])
logger.debug("uploading the file base64-encoded content to %s, please wait.." % randFilePath)
@@ -357,11 +371,13 @@ class Filesystem(GenericFilesystem):
logger.debug("decoding the file to %s.." % dFile)
commands = ("cd \"%s\"" % tmpPath, "certutil -f -decode %s %s" % (randFile, dFile),
"del /F /Q %s" % randFile)
complComm = " & ".join(command for command in commands)
commands = (
"cd \"%s\"" % tmpPath,
"certutil -f -decode %s %s" % (randFile, dFile),
"del /F /Q %s" % randFile
)
self.execCmd(complComm)
self.execCmd(" & ".join(command for command in commands))
def stackedWriteFile(self, wFile, dFile, fileType, forceCheck=False):
# NOTE: this is needed here because we use xp_cmdshell extended

32
plugins/dbms/mssqlserver/fingerprint.py
View File

@@ -88,12 +88,14 @@ class Fingerprint(GenericFingerprint):
infoMsg = "confirming %s" % DBMS.MSSQL
logger.info(infoMsg)
for version, check in (("2000", "HOST_NAME()=HOST_NAME()"), \
("2005", "XACT_STATE()=XACT_STATE()"), \
("2008", "SYSDATETIME()=SYSDATETIME()"), \
("2012", "CONCAT(NULL,NULL)=CONCAT(NULL,NULL)"), \
("2014", "CHARINDEX('12.0.2000',@@version)>0"), \
("2016", "ISJSON(NULL) IS NULL")):
for version, check in (
("2000", "HOST_NAME()=HOST_NAME()"),
("2005", "XACT_STATE()=XACT_STATE()"),
("2008", "SYSDATETIME()=SYSDATETIME()"),
("2012", "CONCAT(NULL,NULL)=CONCAT(NULL,NULL)"),
("2014", "CHARINDEX('12.0.2000',@@version)>0"),
("2016", "ISJSON(NULL) IS NULL")
):
result = inject.checkBooleanExpression(check)
if result:
@@ -136,14 +138,16 @@ class Fingerprint(GenericFingerprint):
# Reference: http://en.wikipedia.org/wiki/Comparison_of_Microsoft_Windows_versions
# http://en.wikipedia.org/wiki/Windows_NT#Releases
versions = { "NT": ("4.0", (6, 5, 4, 3, 2, 1)),
"2000": ("5.0", (4, 3, 2, 1)),
"XP": ("5.1", (3, 2, 1)),
"2003": ("5.2", (2, 1)),
"Vista or 2008": ("6.0", (2, 1)),
"7 or 2008 R2": ("6.1", (1, 0)),
"8 or 2012": ("6.2", (0,)),
"8.1 or 2012 R2": ("6.3", (0,)) }
versions = {
"NT": ("4.0", (6, 5, 4, 3, 2, 1)),
"2000": ("5.0", (4, 3, 2, 1)),
"XP": ("5.1", (3, 2, 1)),
"2003": ("5.2", (2, 1)),
"Vista or 2008": ("6.0", (2, 1)),
"7 or 2008 R2": ("6.1", (1, 0)),
"8 or 2012": ("6.2", (0,)),
"8.1 or 2012 R2": ("6.3", (0,))
}
# Get back-end DBMS underlying operating system version
for version, data in versions.items():

25
plugins/dbms/mssqlserver/takeover.py
View File

@@ -20,7 +20,7 @@ class Takeover(GenericTakeover):
GenericTakeover.__init__(self)
def uncPathRequest(self):
#inject.goStacked("EXEC master..xp_fileexist '%s'" % self.uncPath, silent=True)
# inject.goStacked("EXEC master..xp_fileexist '%s'" % self.uncPath, silent=True)
inject.goStacked("EXEC master..xp_dirtree '%s'" % self.uncPath)
def spHeapOverflow(self):
@@ -31,21 +31,22 @@ class Takeover(GenericTakeover):
"""
returns = {
# 2003 Service Pack 0
"2003-0": (""),
# 2003 Service Pack 0
"2003-0": (""),
# 2003 Service Pack 1
"2003-1": ("CHAR(0xab)+CHAR(0x2e)+CHAR(0xe6)+CHAR(0x7c)", "CHAR(0xee)+CHAR(0x60)+CHAR(0xa8)+CHAR(0x7c)", "CHAR(0xb5)+CHAR(0x60)+CHAR(0xa8)+CHAR(0x7c)", "CHAR(0x03)+CHAR(0x1d)+CHAR(0x8f)+CHAR(0x7c)", "CHAR(0x03)+CHAR(0x1d)+CHAR(0x8f)+CHAR(0x7c)", "CHAR(0x13)+CHAR(0xe4)+CHAR(0x83)+CHAR(0x7c)", "CHAR(0x1e)+CHAR(0x1d)+CHAR(0x88)+CHAR(0x7c)", "CHAR(0x1e)+CHAR(0x1d)+CHAR(0x88)+CHAR(0x7c)" ),
# 2003 Service Pack 1
"2003-1": ("CHAR(0xab)+CHAR(0x2e)+CHAR(0xe6)+CHAR(0x7c)", "CHAR(0xee)+CHAR(0x60)+CHAR(0xa8)+CHAR(0x7c)", "CHAR(0xb5)+CHAR(0x60)+CHAR(0xa8)+CHAR(0x7c)", "CHAR(0x03)+CHAR(0x1d)+CHAR(0x8f)+CHAR(0x7c)", "CHAR(0x03)+CHAR(0x1d)+CHAR(0x8f)+CHAR(0x7c)", "CHAR(0x13)+CHAR(0xe4)+CHAR(0x83)+CHAR(0x7c)", "CHAR(0x1e)+CHAR(0x1d)+CHAR(0x88)+CHAR(0x7c)", "CHAR(0x1e)+CHAR(0x1d)+CHAR(0x88)+CHAR(0x7c)"),
# 2003 Service Pack 2 updated at 12/2008
#"2003-2": ("CHAR(0xe4)+CHAR(0x37)+CHAR(0xea)+CHAR(0x7c)", "CHAR(0x15)+CHAR(0xc9)+CHAR(0x93)+CHAR(0x7c)", "CHAR(0x96)+CHAR(0xdc)+CHAR(0xa7)+CHAR(0x7c)", "CHAR(0x73)+CHAR(0x1e)+CHAR(0x8f)+CHAR(0x7c)", "CHAR(0x73)+CHAR(0x1e)+CHAR(0x8f)+CHAR(0x7c)", "CHAR(0x17)+CHAR(0xf5)+CHAR(0x83)+CHAR(0x7c)", "CHAR(0x1b)+CHAR(0xa0)+CHAR(0x86)+CHAR(0x7c)", "CHAR(0x1b)+CHAR(0xa0)+CHAR(0x86)+CHAR(0x7c)" ),
# 2003 Service Pack 2 updated at 12/2008
# "2003-2": ("CHAR(0xe4)+CHAR(0x37)+CHAR(0xea)+CHAR(0x7c)", "CHAR(0x15)+CHAR(0xc9)+CHAR(0x93)+CHAR(0x7c)", "CHAR(0x96)+CHAR(0xdc)+CHAR(0xa7)+CHAR(0x7c)", "CHAR(0x73)+CHAR(0x1e)+CHAR(0x8f)+CHAR(0x7c)", "CHAR(0x73)+CHAR(0x1e)+CHAR(0x8f)+CHAR(0x7c)", "CHAR(0x17)+CHAR(0xf5)+CHAR(0x83)+CHAR(0x7c)", "CHAR(0x1b)+CHAR(0xa0)+CHAR(0x86)+CHAR(0x7c)", "CHAR(0x1b)+CHAR(0xa0)+CHAR(0x86)+CHAR(0x7c)"),
# 2003 Service Pack 2 updated at 05/2009
"2003-2": ("CHAR(0xc3)+CHAR(0xdb)+CHAR(0x67)+CHAR(0x77)", "CHAR(0x15)+CHAR(0xc9)+CHAR(0x93)+CHAR(0x7c)", "CHAR(0x96)+CHAR(0xdc)+CHAR(0xa7)+CHAR(0x7c)", "CHAR(0x73)+CHAR(0x1e)+CHAR(0x8f)+CHAR(0x7c)", "CHAR(0x73)+CHAR(0x1e)+CHAR(0x8f)+CHAR(0x7c)", "CHAR(0x47)+CHAR(0xf5)+CHAR(0x83)+CHAR(0x7c)", "CHAR(0x0f)+CHAR(0x31)+CHAR(0x8e)+CHAR(0x7c)", "CHAR(0x0f)+CHAR(0x31)+CHAR(0x8e)+CHAR(0x7c)"),
# 2003 Service Pack 2 updated at 05/2009
"2003-2": ("CHAR(0xc3)+CHAR(0xdb)+CHAR(0x67)+CHAR(0x77)", "CHAR(0x15)+CHAR(0xc9)+CHAR(0x93)+CHAR(0x7c)", "CHAR(0x96)+CHAR(0xdc)+CHAR(0xa7)+CHAR(0x7c)", "CHAR(0x73)+CHAR(0x1e)+CHAR(0x8f)+CHAR(0x7c)", "CHAR(0x73)+CHAR(0x1e)+CHAR(0x8f)+CHAR(0x7c)", "CHAR(0x47)+CHAR(0xf5)+CHAR(0x83)+CHAR(0x7c)", "CHAR(0x0f)+CHAR(0x31)+CHAR(0x8e)+CHAR(0x7c)", "CHAR(0x0f)+CHAR(0x31)+CHAR(0x8e)+CHAR(0x7c)"),
# 2003 Service Pack 2 updated at 09/2009
# "2003-2": ("CHAR(0xc3)+CHAR(0xc2)+CHAR(0xed)+CHAR(0x7c)", "CHAR(0xf3)+CHAR(0xd9)+CHAR(0xa7)+CHAR(0x7c)", "CHAR(0x99)+CHAR(0xc8)+CHAR(0x93)+CHAR(0x7c)", "CHAR(0x63)+CHAR(0x1e)+CHAR(0x8f)+CHAR(0x7c)", "CHAR(0x63)+CHAR(0x1e)+CHAR(0x8f)+CHAR(0x7c)", "CHAR(0x17)+CHAR(0xf5)+CHAR(0x83)+CHAR(0x7c)", "CHAR(0xa4)+CHAR(0xde)+CHAR(0x8e)+CHAR(0x7c)", "CHAR(0xa4)+CHAR(0xde)+CHAR(0x8e)+CHAR(0x7c)"),
}
# 2003 Service Pack 2 updated at 09/2009
#"2003-2": ("CHAR(0xc3)+CHAR(0xc2)+CHAR(0xed)+CHAR(0x7c)", "CHAR(0xf3)+CHAR(0xd9)+CHAR(0xa7)+CHAR(0x7c)", "CHAR(0x99)+CHAR(0xc8)+CHAR(0x93)+CHAR(0x7c)", "CHAR(0x63)+CHAR(0x1e)+CHAR(0x8f)+CHAR(0x7c)", "CHAR(0x63)+CHAR(0x1e)+CHAR(0x8f)+CHAR(0x7c)", "CHAR(0x17)+CHAR(0xf5)+CHAR(0x83)+CHAR(0x7c)", "CHAR(0xa4)+CHAR(0xde)+CHAR(0x8e)+CHAR(0x7c)", "CHAR(0xa4)+CHAR(0xde)+CHAR(0x8e)+CHAR(0x7c)"),
}
addrs = None
for versionSp, data in returns.items():

10
plugins/dbms/mysql/__init__.py
View File

@@ -23,11 +23,11 @@ class MySQLMap(Syntax, Fingerprint, Enumeration, Filesystem, Miscellaneous, Take
def __init__(self):
self.excludeDbsList = MYSQL_SYSTEM_DBS
self.sysUdfs = {
# UDF name: UDF return data-type
"sys_exec": { "return": "int" },
"sys_eval": { "return": "string" },
"sys_bineval": { "return": "int" }
}
# UDF name: UDF return data-type
"sys_exec": {"return": "int"},
"sys_eval": {"return": "string"},
"sys_bineval": {"return": "int"}
}
Syntax.__init__(self)
Fingerprint.__init__(self)

25
plugins/dbms/mysql/fingerprint.py
View File

@@ -41,18 +41,19 @@ class Fingerprint(GenericFingerprint):
# Reference: https://downloads.mysql.com/archives/community/
versions = (
(32200, 32235), # MySQL 3.22
(32300, 32359), # MySQL 3.23
(40000, 40032), # MySQL 4.0
(40100, 40131), # MySQL 4.1
(50000, 50096), # MySQL 5.0
(50100, 50172), # MySQL 5.1
(50400, 50404), # MySQL 5.4
(50500, 50554), # MySQL 5.5
(50600, 50635), # MySQL 5.6
(50700, 50717), # MySQL 5.7
(60000, 60014), # MySQL 6.0
)
(32200, 32235), # MySQL 3.22
(32300, 32359), # MySQL 3.23
(40000, 40032), # MySQL 4.0
(40100, 40131), # MySQL 4.1
(50000, 50096), # MySQL 5.0
(50100, 50172), # MySQL 5.1
(50400, 50404), # MySQL 5.4
(50500, 50558), # MySQL 5.5
(50600, 50638), # MySQL 5.6
(50700, 50720), # MySQL 5.7
(60000, 60014), # MySQL 6.0
(80000, 80003), # MySQL 8.0
)
index = -1
for i in xrange(len(versions)):

4
plugins/dbms/mysql/takeover.py
View File

@@ -67,10 +67,10 @@ class Takeover(GenericTakeover):
# On MySQL 4.1 < 4.1.25 and on MySQL 4.1 >= 4.1.25 with NO plugin_dir set in my.ini configuration file
# On MySQL 5.0 < 5.0.67 and on MySQL 5.0 >= 5.0.67 with NO plugin_dir set in my.ini configuration file
else:
#logger.debug("retrieving MySQL data directory absolute path")
# logger.debug("retrieving MySQL data directory absolute path")
# Reference: http://dev.mysql.com/doc/refman/5.1/en/server-options.html#option_mysqld_datadir
#self.__datadir = inject.getValue("SELECT @@datadir")
# self.__datadir = inject.getValue("SELECT @@datadir")
# NOTE: specifying the relative path as './udf.dll'
# saves in @@datadir on both MySQL 4.1 and MySQL 5.0

12
plugins/dbms/postgresql/__init__.py
View File

@@ -23,12 +23,12 @@ class PostgreSQLMap(Syntax, Fingerprint, Enumeration, Filesystem, Miscellaneous,
def __init__(self):
self.excludeDbsList = PGSQL_SYSTEM_DBS
self.sysUdfs = {
# UDF name: UDF parameters' input data-type and return data-type
"sys_exec": { "input": ["text"], "return": "int4" },
"sys_eval": { "input": ["text"], "return": "text" },
"sys_bineval": { "input": ["text"], "return": "int4" },
"sys_fileread": { "input": ["text"], "return": "text" }
}
# UDF name: UDF parameters' input data-type and return data-type
"sys_exec": {"input": ["text"], "return": "int4"},
"sys_eval": {"input": ["text"], "return": "text"},
"sys_bineval": {"input": ["text"], "return": "int4"},
"sys_fileread": {"input": ["text"], "return": "text"}
}
Syntax.__init__(self)
Fingerprint.__init__(self)

2
plugins/dbms/postgresql/syntax.py
View File

@@ -22,6 +22,6 @@ class Syntax(GenericSyntax):
"""
def escaper(value):
return "(%s)" % "||".join("CHR(%d)" % ord(_) for _ in value) # Postgres CHR() function already accepts Unicode code point of character(s)
return "(%s)" % "||".join("CHR(%d)" % ord(_) for _ in value) # Postgres CHR() function already accepts Unicode code point of character(s)
return Syntax._escape(expression, quote, escaper)

2
plugins/dbms/sybase/enumeration.py
View File

@@ -176,7 +176,7 @@ class Enumeration(GenericEnumeration):
conf.db = self.getCurrentDb()
elif conf.db is not None:
if ',' in conf.db:
if ',' in conf.db:
errMsg = "only one database name is allowed when enumerating "
errMsg += "the tables' columns"
raise SqlmapMissingMandatoryOptionException(errMsg)