sqlmapproject
diff --git a/‎lib/controller/checks.py‎
Lines changed: 2 additions & 1 deletion b/‎lib/controller/checks.py‎
Lines changed: 2 additions & 1 deletion
diff --git a/‎lib/controller/handler.py‎
Lines changed: 3 additions & 10 deletions b/‎lib/controller/handler.py‎
Lines changed: 3 additions & 10 deletions
diff --git a/‎lib/core/agent.py‎
Lines changed: 31 additions & 42 deletions b/‎lib/core/agent.py‎
Lines changed: 31 additions & 42 deletions
diff --git a/‎lib/core/common.py‎
Lines changed: 26 additions & 14 deletions b/‎lib/core/common.py‎
Lines changed: 26 additions & 14 deletions
diff --git a/‎lib/core/enums.py‎
Lines changed: 1 addition & 1 deletion b/‎lib/core/enums.py‎
Lines changed: 1 addition & 1 deletion
diff --git a/‎lib/core/option.py‎
Lines changed: 8 additions & 0 deletions b/‎lib/core/option.py‎
Lines changed: 8 additions & 0 deletions
@@ -12,6 +12,7 @@
 import time
 
 from lib.core.agent import agent
+from lib.core.common import aliasToDbmsEnum
 from lib.core.common import beep
 from lib.core.common import extractRegexResult
 from lib.core.common import findDynamicContent
@@ -430,7 +431,7 @@ def checkSqlInjection(place, parameter, value):
                             for detailKey, detailValue in test.details.items():
                                 if detailKey == "dbms" and injection.dbms is None:
                                     injection.dbms = detailValue
-                                    kb.dbms = detailValue
+                                    kb.dbms = aliasToDbmsEnum(detailValue)
                                 elif detailKey == "dbms_version" and injection.dbms_version is None:
                                     injection.dbms_version = detailValue
                                     kb.dbmsVersion = [ detailValue ]
 
@@ -7,7 +7,7 @@
 See the file 'doc/COPYING' for copying permission
 """
 
-from lib.core.common import getErrorParsedDBMSes
+from lib.core.common import getIdentifiedDBMS
 from lib.core.common import popValue
 from lib.core.common import pushValue
 from lib.core.data import conf
@@ -63,18 +63,11 @@ def setHandler():
                   ( SYBASE_ALIASES, SybaseMap, SybaseConn ),
                 ]
 
-    inferencedDbms = (getErrorParsedDBMSes()[0] if getErrorParsedDBMSes() else '') or kb.dbms
-
-    for injection in kb.injections:
-        if hasattr(injection, "dbms") and injection.dbms:
-            inferencedDbms = injection.dbms
-            break
-
-    if inferencedDbms is not None:
+    if getIdentifiedDBMS() is not None:
         for i in xrange(len(dbmsObj)):
             dbmsAliases, _, _ = dbmsObj[i]
 
-            if inferencedDbms.lower() in dbmsAliases:
+            if getIdentifiedDBMS().lower() in dbmsAliases:
                 if i > 0:
                     pushValue(dbmsObj[i])
                     dbmsObj.remove(dbmsObj[i])
 
@@ -13,6 +13,7 @@
 
 from lib.core.common import getCompiledRegex
 from lib.core.common import getErrorParsedDBMSes
+from lib.core.common import getIdentifiedDBMS
 from lib.core.common import isDBMSVersionAtLeast
 from lib.core.common import isTechniqueAvailable
 from lib.core.common import randomInt
@@ -33,13 +34,6 @@ class Agent:
     This class defines the SQL agent methods.
     """
 
-    def __init__(self):
-        kb.misc           = advancedDict()
-        kb.misc.delimiter = randomStr(length=6)
-        kb.misc.start     = ":%s:" % randomStr(length=3, lowercase=True)
-        kb.misc.stop      = ":%s:" % randomStr(length=3, lowercase=True)
-        kb.misc.space     = ":%s:" % randomStr(length=1, lowercase=True)
-
     def payloadDirect(self, query):
         if query.startswith("AND "):
             query = query.replace("AND ", "SELECT ", 1)
@@ -211,8 +205,8 @@ def cleanupPayload(self, payload, origvalue=None, query=None):
             payload = payload.replace("[ORIGVALUE]", origvalue)
 
         if "[INFERENCE]" in payload:
-            if kb.dbms is not None:
-                inference = queries[kb.dbms].inference
+            if getIdentifiedDBMS() is not None:
+                inference = queries[getIdentifiedDBMS()].inference
 
                 if "dbms_version" in inference:
                     if isDBMSVersionAtLeast(inference.dbms_version):
@@ -223,11 +217,6 @@ def cleanupPayload(self, payload, origvalue=None, query=None):
                     inferenceQuery = inference.query
 
                 payload = payload.replace("[INFERENCE]", inferenceQuery)
-
-            elif hasattr(kb.misc, "testedDbms") and kb.misc.testedDbms is not None:
-                inferenceQuery = queries[kb.misc.testedDbms].inference.query
-                payload = payload.replace("[INFERENCE]", inferenceQuery)
-
             else:
                 errMsg = "invalid usage of inference payload without "
                 errMsg += "knowledge of underlying DBMS"
@@ -275,17 +264,17 @@ def nullAndCastField(self, field):
 
         # SQLite version 2 does not support neither CAST() nor IFNULL(),
         # introduced only in SQLite version 3
-        if kb.dbms == DBMS.SQLITE:
+        if getIdentifiedDBMS() == DBMS.SQLITE:
             return field
 
         if field.startswith("(CASE"):
             nulledCastedField = field
         else:
-            nulledCastedField = queries[kb.dbms].cast.query % field
-            if kb.dbms == DBMS.ACCESS:
-                nulledCastedField = queries[kb.dbms].isnull.query % (nulledCastedField, nulledCastedField)
+            nulledCastedField = queries[getIdentifiedDBMS()].cast.query % field
+            if getIdentifiedDBMS() == DBMS.ACCESS:
+                nulledCastedField = queries[getIdentifiedDBMS()].isnull.query % (nulledCastedField, nulledCastedField)
             else:
-                nulledCastedField = queries[kb.dbms].isnull.query % nulledCastedField
+                nulledCastedField = queries[getIdentifiedDBMS()].isnull.query % nulledCastedField
 
         return nulledCastedField
 
@@ -324,7 +313,7 @@ def nullCastConcatFields(self, fields):
 
         fields             = fields.replace(", ", ",")
         fieldsSplitted     = fields.split(",")
-        dbmsDelimiter      = queries[kb.dbms].delimiter.query
+        dbmsDelimiter      = queries[getIdentifiedDBMS()].delimiter.query
         nulledCastedFields = []
 
         for field in fieldsSplitted:
@@ -383,13 +372,13 @@ def getFields(self, query):
     def simpleConcatQuery(self, query1, query2):
         concatenatedQuery = ""
 
-        if kb.dbms == DBMS.MYSQL:
+        if getIdentifiedDBMS() == DBMS.MYSQL:
             concatenatedQuery = "CONCAT(%s,%s)" % (query1, query2)
 
-        elif kb.dbms in ( DBMS.PGSQL, DBMS.ORACLE, DBMS.SQLITE ):
+        elif getIdentifiedDBMS() in ( DBMS.PGSQL, DBMS.ORACLE, DBMS.SQLITE ):
             concatenatedQuery = "%s||%s" % (query1, query2)
 
-        elif kb.dbms in (DBMS.MSSQL, DBMS.SYBASE):
+        elif getIdentifiedDBMS() in (DBMS.MSSQL, DBMS.SYBASE):
             concatenatedQuery = "%s+%s" % (query1, query2)
 
         return concatenatedQuery
@@ -431,7 +420,7 @@ def concatQuery(self, query, unpack=True):
             concatenatedQuery = query
             fieldsSelectFrom, fieldsSelect, fieldsNoSelect, fieldsSelectTop, fieldsSelectCase, _, fieldsToCastStr = self.getFields(query)
 
-        if kb.dbms == DBMS.MYSQL:
+        if getIdentifiedDBMS() == DBMS.MYSQL:
             if fieldsSelectCase:
                 concatenatedQuery  = concatenatedQuery.replace("SELECT ", "CONCAT('%s'," % kb.misc.start, 1)
                 concatenatedQuery += ",'%s')" % kb.misc.stop
@@ -444,7 +433,7 @@ def concatQuery(self, query, unpack=True):
             elif fieldsNoSelect:
                 concatenatedQuery = "CONCAT('%s',%s,'%s')" % (kb.misc.start, concatenatedQuery, kb.misc.stop)
 
-        elif kb.dbms in ( DBMS.PGSQL, DBMS.ORACLE, DBMS.SQLITE ):
+        elif getIdentifiedDBMS() in ( DBMS.PGSQL, DBMS.ORACLE, DBMS.SQLITE ):
             if fieldsSelectCase:
                 concatenatedQuery  = concatenatedQuery.replace("SELECT ", "'%s'||" % kb.misc.start, 1)
                 concatenatedQuery += "||'%s'" % kb.misc.stop
@@ -457,10 +446,10 @@ def concatQuery(self, query, unpack=True):
             elif fieldsNoSelect:
                 concatenatedQuery = "'%s'||%s||'%s'" % (kb.misc.start, concatenatedQuery, kb.misc.stop)
 
-            if kb.dbms == DBMS.ORACLE and " FROM " not in concatenatedQuery and ( fieldsSelect or fieldsNoSelect ):
+            if getIdentifiedDBMS() == DBMS.ORACLE and " FROM " not in concatenatedQuery and ( fieldsSelect or fieldsNoSelect ):
                 concatenatedQuery += " FROM DUAL"
 
-        elif kb.dbms in (DBMS.MSSQL, DBMS.SYBASE):
+        elif getIdentifiedDBMS() in (DBMS.MSSQL, DBMS.SYBASE):
             if fieldsSelectTop:
                 topNum = re.search("\ASELECT\s+TOP\s+([\d]+)\s+", concatenatedQuery, re.I).group(1)
                 concatenatedQuery = concatenatedQuery.replace("SELECT TOP %s " % topNum, "TOP %s '%s'+" % (topNum, kb.misc.start), 1)
@@ -511,13 +500,13 @@ def forgeInbandQuery(self, query, position, count, comment, prefix, suffix, char
         """
 
         if query.startswith("SELECT "):
-            query        = query[len("SELECT "):]
+            query = query[len("SELECT "):]
 
         inbandQuery = self.prefixQuery("UNION ALL SELECT ", prefix=prefix)
 
         if query.startswith("TOP"):
-            topNum       = re.search("\ATOP\s+([\d]+)\s+", query, re.I).group(1)
-            query        = query[len("TOP %s " % topNum):]
+            topNum = re.search("\ATOP\s+([\d]+)\s+", query, re.I).group(1)
+            query = query[len("TOP %s " % topNum):]
             inbandQuery += "TOP %s " % topNum
 
         intoRegExp = re.search("(\s+INTO (DUMP|OUT)FILE\s+\'(.+?)\')", query, re.I)
@@ -526,7 +515,7 @@ def forgeInbandQuery(self, query, position, count, comment, prefix, suffix, char
             intoRegExp = intoRegExp.group(1)
             query = query[:query.index(intoRegExp)]
 
-        if kb.dbms == DBMS.ORACLE and inbandQuery.endswith(" FROM DUAL"):
+        if getIdentifiedDBMS() == DBMS.ORACLE and inbandQuery.endswith(" FROM DUAL"):
             inbandQuery = inbandQuery[:-len(" FROM DUAL")]
 
         for element in range(count):
@@ -546,7 +535,7 @@ def forgeInbandQuery(self, query, position, count, comment, prefix, suffix, char
             conditionIndex = query.index(" FROM ")
             inbandQuery += query[conditionIndex:]
 
-        if kb.dbms == DBMS.ORACLE or DBMS.ORACLE in getErrorParsedDBMSes():
+        if getIdentifiedDBMS() == DBMS.ORACLE:
             if " FROM " not in inbandQuery:
                 inbandQuery += " FROM DUAL"
 
@@ -565,7 +554,7 @@ def forgeInbandQuery(self, query, position, count, comment, prefix, suffix, char
                 else:
                     inbandQuery += char
 
-            if kb.dbms == DBMS.ORACLE:
+            if getIdentifiedDBMS() == DBMS.ORACLE:
                 inbandQuery += " FROM DUAL"
 
         inbandQuery = self.suffixQuery(inbandQuery, comment, suffix)
@@ -595,21 +584,21 @@ def limitQuery(self, num, query, field=None):
         """
 
         limitedQuery = query
-        limitStr = queries[kb.dbms].limit.query
+        limitStr = queries[getIdentifiedDBMS()].limit.query
         fromIndex = limitedQuery.index(" FROM ")
         untilFrom = limitedQuery[:fromIndex]
         fromFrom = limitedQuery[fromIndex+1:]
         orderBy = False
 
-        if kb.dbms in ( DBMS.MYSQL, DBMS.PGSQL, DBMS.SQLITE ):
-            limitStr = queries[kb.dbms].limit.query % (num, 1)
+        if getIdentifiedDBMS() in ( DBMS.MYSQL, DBMS.PGSQL, DBMS.SQLITE ):
+            limitStr = queries[getIdentifiedDBMS()].limit.query % (num, 1)
             limitedQuery += " %s" % limitStr
 
-        elif kb.dbms == DBMS.FIREBIRD:
-            limitStr = queries[kb.dbms].limit.query % (num+1, num+1)
+        elif getIdentifiedDBMS() == DBMS.FIREBIRD:
+            limitStr = queries[getIdentifiedDBMS()].limit.query % (num+1, num+1)
             limitedQuery += " %s" % limitStr
 
-        elif kb.dbms == DBMS.ORACLE:
+        elif getIdentifiedDBMS() == DBMS.ORACLE:
             if " ORDER BY " in limitedQuery and "(SELECT " in limitedQuery:
                 orderBy = limitedQuery[limitedQuery.index(" ORDER BY "):]
                 limitedQuery = limitedQuery[:limitedQuery.index(" ORDER BY ")]
@@ -621,7 +610,7 @@ def limitQuery(self, num, query, field=None):
             limitedQuery  = limitedQuery % fromFrom
             limitedQuery += "=%d" % (num + 1)
 
-        elif kb.dbms in (DBMS.MSSQL, DBMS.SYBASE):
+        elif getIdentifiedDBMS() in (DBMS.MSSQL, DBMS.SYBASE):
             forgeNotIn = True
 
             if " ORDER BY " in limitedQuery:
@@ -635,7 +624,7 @@ def limitQuery(self, num, query, field=None):
                 limitedQuery = limitedQuery.replace("DISTINCT %s" % notDistinct, notDistinct)
 
             if limitedQuery.startswith("SELECT TOP ") or limitedQuery.startswith("TOP "):
-                topNums         = re.search(queries[kb.dbms].limitregexp.query, limitedQuery, re.I)
+                topNums = re.search(queries[getIdentifiedDBMS()].limitregexp.query, limitedQuery, re.I)
 
                 if topNums:
                     topNums = topNums.groups()
@@ -681,7 +670,7 @@ def forgeCaseStatement(self, expression):
         @rtype: C{str}
         """
 
-        return queries[kb.dbms if kb.dbms else kb.misc.testedDbms].case.query % expression
+        return queries[getIdentifiedDBMS()].case.query % expression
 
     def addPayloadDelimiters(self, inpStr):
         """
 
@@ -218,15 +218,15 @@ def formatDBMSfp(versions=None):
         versions = kb.dbmsVersion
 
     if isinstance(versions, basestring):
-        return "%s %s" % (kb.dbms, versions)
+        return "%s %s" % (getIdentifiedDBMS(), versions)
     elif isinstance(versions, (list, set, tuple)):
-        return "%s %s" % (kb.dbms, " and ".join([version for version in versions]))
+        return "%s %s" % (getIdentifiedDBMS(), " and ".join([version for version in versions]))
     elif not versions:
         warnMsg  = "unable to extensively fingerprint the back-end "
         warnMsg += "DBMS version"
         logger.warn(warnMsg)
 
-        return kb.dbms
+        return getIdentifiedDBMS()
 
 def formatFingerprintString(values, chain=" or "):
     strJoin = "|".join([v for v in values])
@@ -627,7 +627,7 @@ def parsePasswordHash(password):
     if not password or password == " ":
         password = "NULL"
 
-    if kb.dbms == DBMS.MSSQL and password != "NULL" and isHexEncodedString(password):
+    if getIdentifiedDBMS() == DBMS.MSSQL and password != "NULL" and isHexEncodedString(password):
         hexPassword = password
         password  = "%s\n" % hexPassword
         password += "%sheader: %s\n" % (blank, hexPassword[:6])
@@ -928,25 +928,25 @@ def parseUnionPage(output, expression, partial=False, condition=None, sort=True)
 def getDelayQuery(andCond=False):
     query = None
 
-    if kb.dbms in (DBMS.MYSQL, DBMS.PGSQL):
+    if getIdentifiedDBMS() in (DBMS.MYSQL, DBMS.PGSQL):
         if not kb.data.banner:
             conf.dbmsHandler.getVersionFromBanner()
 
         banVer = kb.bannerFp["dbmsVersion"] if 'dbmsVersion' in kb.bannerFp else None
 
-        if banVer is None or (kb.dbms == DBMS.MYSQL and banVer >= "5.0.12") or (kb.dbms == DBMS.PGSQL and banVer >= "8.2"):
-            query = queries[kb.dbms].timedelay.query % conf.timeSec
+        if banVer is None or (getIdentifiedDBMS() == DBMS.MYSQL and banVer >= "5.0.12") or (getIdentifiedDBMS() == DBMS.PGSQL and banVer >= "8.2"):
+            query = queries[getIdentifiedDBMS()].timedelay.query % conf.timeSec
         else:
-            query = queries[kb.dbms].timedelay.query2 % conf.timeSec
-    elif kb.dbms == DBMS.FIREBIRD:
-        query = queries[kb.dbms].timedelay.query
+            query = queries[getIdentifiedDBMS()].timedelay.query2 % conf.timeSec
+    elif getIdentifiedDBMS() == DBMS.FIREBIRD:
+        query = queries[getIdentifiedDBMS()].timedelay.query
     else:
-        query = queries[kb.dbms].timedelay.query % conf.timeSec
+        query = queries[getIdentifiedDBMS()].timedelay.query % conf.timeSec
 
     if andCond:
-        if kb.dbms in ( DBMS.MYSQL, DBMS.SQLITE ):
+        if getIdentifiedDBMS() in ( DBMS.MYSQL, DBMS.SQLITE ):
             query = query.replace("SELECT ", "")
-        elif kb.dbms == DBMS.FIREBIRD:
+        elif getIdentifiedDBMS() == DBMS.FIREBIRD:
             query = "(%s)>0" % query
 
     return query
@@ -1763,7 +1763,7 @@ def aliasToDbmsEnum(value):
     retVal = None
 
     for key, item in dbmsDict.items():
-        if value in item[0]:
+        if value.lower() in item[0]:
             retVal = key
             break
 
@@ -2040,6 +2040,18 @@ def getErrorParsedDBMSes():
 
     return kb.htmlFp
 
+def getIdentifiedDBMS():
+    dbms = None
+
+    if kb.dbms is not None:
+        dbms = kb.dbms
+    elif conf.dbms is not None:
+        dbms = conf.dbms
+    elif getErrorParsedDBMSes() is not None:
+        dbms = getErrorParsedDBMSes()[0]
+
+    return aliasToDbmsEnum(dbms)
+
 def showHttpErrorCodes():
     """
     Shows all HTTP error codes raised till now
 
@@ -31,7 +31,7 @@ class DBMS:
     MSSQL       = "Microsoft SQL Server"
     MYSQL       = "MySQL"
     ORACLE      = "Oracle"
-    PGSQL  = "PostgreSQL"
+    PGSQL       = "PostgreSQL"
     SQLITE      = "SQLite"
     SYBASE      = "Sybase"
 
 
@@ -34,6 +34,7 @@
 from lib.core.common import parseTargetUrl
 from lib.core.common import paths
 from lib.core.common import randomRange
+from lib.core.common import randomStr
 from lib.core.common import readCachedFileContent
 from lib.core.common import readInput
 from lib.core.common import runningAsAdmin
@@ -46,6 +47,7 @@
 from lib.core.data import queries
 from lib.core.datatype import advancedDict
 from lib.core.datatype import injectionDict
+from lib.core.enums import DBMS
 from lib.core.enums import HTTPMETHOD
 from lib.core.enums import PAYLOAD
 from lib.core.enums import PRIORITY
@@ -1165,6 +1167,12 @@ def __setKnowledgeBaseAttributes(flushAll=True):
     kb.threadException = False
     kb.threadData      = {}
 
+    kb.misc            = advancedDict()
+    kb.misc.delimiter  = randomStr(length=6)
+    kb.misc.start      = ":%s:" % randomStr(length=3, lowercase=True)
+    kb.misc.stop       = ":%s:" % randomStr(length=3, lowercase=True)
+    kb.misc.space      = ":%s:" % randomStr(length=1, lowercase=True)
+
     if flushAll:
         kb.keywords        = set(getFileItems(paths.SQL_KEYWORDS))
         kb.tamperFunctions = []