Thanks to visit codestin.com
Credit goes to github.com

Skip to content

Commit 654aece

Browse files
bdamelebdamele
committed
Minor layout adjustments, minor fixes and updated changelog
1 parent fa0507a commit 654aece

13 files changed

Lines changed: 133 additions & 58 deletions

File tree

doc/ChangeLog

Lines changed: 3 additions & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -4,8 +4,10 @@ sqlmap (0.6.3-1) stable; urgency=low
44
* Minor enhancement to support stacked queries which will be used
55
sometimes by takeover functionality and time based blind SQL injection
66
technique;
7+
* Minor enhancement to fingerprint the back-end DBMS operating system by
8+
parsing the DBMS banner value when both -f and -b are provided;
79
* Minor enhancement to be able to specify the number of seconds to wait
8-
between each HTTP request;
10+
between each HTTP request providing option --delay #;
911
* Minor enhancement to be able to enumerate table columns and dump table
1012
entries, also when the database name is not provided, by using the
1113
current database on MySQL and Microsoft SQL Server, the 'public'

lib/controller/action.py

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -67,7 +67,7 @@ def action():
6767

6868
raise sqlmapUnsupportedDBMSException, errMsg
6969

70-
print "back-end DBMS:\t%s\n" % conf.dbmsHandler.getFingerprint()
70+
print "%s\n" % conf.dbmsHandler.getFingerprint()
7171

7272
# Techniques options
7373
if conf.timeTest:

lib/core/common.py

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -190,7 +190,7 @@ def getHtmlErrorFp():
190190
htmlVer = kb.htmlFp[0]
191191
htmlParsed = htmlVer
192192
elif len(kb.htmlFp) > 1:
193-
htmlParsed = "or ".join([htmlFp for htmlFp in kb.htmlFp])
193+
htmlParsed = " or ".join([htmlFp for htmlFp in kb.htmlFp])
194194

195195
return htmlParsed
196196

lib/core/option.py

Lines changed: 1 addition & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -453,6 +453,7 @@ def __setKnowledgeBaseAttributes():
453453
kb.dbms = None
454454
kb.dbmsDetected = False
455455
kb.dbmsVersion = None
456+
kb.headersFp = {}
456457
kb.htmlFp = []
457458
kb.injParameter = None
458459
kb.injPlace = None

lib/parse/headers.py

Lines changed: 57 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,57 @@
1+
#!/usr/bin/env python
2+
3+
"""
4+
$Id$
5+
6+
This file is part of the sqlmap project, http://sqlmap.sourceforge.net.
7+
8+
Copyright (c) 2006-2008 Bernardo Damele A. G. <[email protected]>
9+
and Daniele Bellucci <[email protected]>
10+
11+
sqlmap is free software; you can redistribute it and/or modify it under
12+
the terms of the GNU General Public License as published by the Free
13+
Software Foundation version 2 of the License.
14+
15+
sqlmap is distributed in the hope that it will be useful, but WITHOUT ANY
16+
WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS
17+
FOR A PARTICULAR PURPOSE. See the GNU General Public License for more
18+
details.
19+
20+
You should have received a copy of the GNU General Public License along
21+
with sqlmap; if not, write to the Free Software Foundation, Inc., 51
22+
Franklin St, Fifth Floor, Boston, MA 02110-1301 USA
23+
"""
24+
25+
26+
27+
import re
28+
29+
from xml.sax import parse
30+
from xml.sax.handler import ContentHandler
31+
32+
from lib.core.common import checkFile
33+
from lib.core.common import sanitizeStr
34+
from lib.core.data import kb
35+
from lib.core.data import paths
36+
from lib.parse.banner import BannerHandler
37+
38+
def headersParser(headers):
39+
"""
40+
This function calls a class that parses the input HTTP headers to
41+
fingerprint the back-end database management system operating system
42+
and web application technology
43+
"""
44+
45+
topHeaders = {
46+
"cookie",
47+
"microsoftsharepointteamservices",
48+
"server",
49+
"servlet-engine",
50+
"www-authenticate",
51+
"x-aspnet-version",
52+
"x-powered-by",
53+
}
54+
55+
for header in headers:
56+
if header in topHeaders:
57+
pass

lib/parse/html.py

Lines changed: 13 additions & 5 deletions
Original file line numberDiff line numberDiff line change
@@ -31,6 +31,8 @@
3131

3232
from lib.core.common import checkFile
3333
from lib.core.common import sanitizeStr
34+
from lib.core.data import kb
35+
from lib.core.data import paths
3436

3537

3638
class htmlHandler(ContentHandler):
@@ -40,12 +42,12 @@ class htmlHandler(ContentHandler):
4042
"""
4143

4244
def __init__(self, page):
43-
self.__dbms = None
44-
self.__page = page
45+
self.__dbms = None
46+
self.__page = page
4547
self.__regexp = None
46-
self.__match = None
48+
self.__match = None
4749

48-
self.dbms = None
50+
self.dbms = None
4951

5052

5153
def startElement(self, name, attrs):
@@ -61,15 +63,21 @@ def startElement(self, name, attrs):
6163
self.__match = None
6264

6365

64-
def htmlParser(page, xmlfile):
66+
def htmlParser(page, xmlfile=None):
6567
"""
6668
This function calls a class that parses the input HTML page to
6769
fingerprint the back-end database management system
6870
"""
6971

72+
if not xmlfile:
73+
xmlfile = paths.ERRORS_XML
74+
7075
checkFile(xmlfile)
7176
page = sanitizeStr(page)
7277
handler = htmlHandler(page)
7378
parse(xmlfile, handler)
7479

80+
if handler.dbms and handler.dbms not in kb.htmlFp:
81+
kb.htmlFp.append(handler.dbms)
82+
7583
return handler.dbms

lib/request/basic.py

Lines changed: 13 additions & 14 deletions
Original file line numberDiff line numberDiff line change
@@ -29,6 +29,7 @@
2929
from lib.core.data import conf
3030
from lib.core.data import kb
3131
from lib.core.data import paths
32+
from lib.parse.headers import headersParser
3233
from lib.parse.html import htmlParser
3334

3435

@@ -51,7 +52,7 @@ def forgeHeaders(cookie, ua):
5152
return headers
5253

5354

54-
def parsePage(page):
55+
def parseResponse(page, headers):
5556
"""
5657
@param page: the page to parse to feed the knowledge base htmlFp
5758
(back-end DBMS fingerprint based upon DBMS error messages return
@@ -63,19 +64,17 @@ def parsePage(page):
6364
like for DBMS error messages (ERRORS_XML), see above.
6465
"""
6566

66-
if not page:
67-
return
67+
if headers:
68+
headersParser(headers)
6869

69-
htmlParsed = htmlParser(page, paths.ERRORS_XML)
70+
if page:
71+
htmlParser(page)
7072

71-
if htmlParsed and htmlParsed not in kb.htmlFp:
72-
kb.htmlFp.append(htmlParsed)
73+
# Detect injectable page absolute system path
74+
# NOTE: this regular expression works if the remote web application
75+
# is written in PHP and debug/error messages are enabled.
76+
absFilePaths = re.findall(" in <b>(.*?)</b> on line", page, re.I)
7377

74-
# Detect injectable page absolute system path
75-
# NOTE: this regular expression works if the remote web application
76-
# is written in PHP and debug/error messages are enabled.
77-
absFilePaths = re.findall(" in <b>(.*?)</b> on line", page, re.I)
78-
79-
for absFilePath in absFilePaths:
80-
if absFilePath not in kb.absFilePaths:
81-
kb.absFilePaths.add(absFilePath)
78+
for absFilePath in absFilePaths:
79+
if absFilePath not in kb.absFilePaths:
80+
kb.absFilePaths.add(absFilePath)

lib/request/connect.py

Lines changed: 2 additions & 2 deletions
Original file line numberDiff line numberDiff line change
@@ -39,7 +39,7 @@
3939
from lib.core.data import logger
4040
from lib.core.exception import sqlmapConnectionException
4141
from lib.request.basic import forgeHeaders
42-
from lib.request.basic import parsePage
42+
from lib.request.basic import parseResponse
4343

4444

4545

@@ -196,7 +196,7 @@ def getPage(**kwargs):
196196
else:
197197
raise sqlmapConnectionException, warnMsg
198198

199-
parsePage(page)
199+
parseResponse(page, responseHeaders)
200200
responseMsg += "(%s - %d):\n" % (status, code)
201201

202202
if conf.verbose <= 4:

plugins/dbms/mssqlserver.py

Lines changed: 9 additions & 7 deletions
Original file line numberDiff line numberDiff line change
@@ -124,14 +124,16 @@ def escape(expression):
124124

125125

126126
def getFingerprint(self):
127+
value = "back-end DBMS: "
127128
actVer = formatDBMSfp()
128129

129130
if not conf.extensiveFp:
130-
return actVer
131+
value += actVer
132+
return value
131133

132-
blank = " " * 16
133-
formatInfo = None
134-
value = "active fingerprint: %s" % actVer
134+
blank = " " * 15
135+
formatInfo = None
136+
value += "active fingerprint: %s" % actVer
135137

136138
if self.banner:
137139
info = bannerParser(self.banner)
@@ -148,10 +150,10 @@ def getFingerprint(self):
148150
value += "\n%sbanner parsing fingerprint: %s" % (blank, banVer)
149151

150152
#passiveFuzzing()
151-
htmlParsed = getHtmlErrorFp()
153+
htmlErrorFp = getHtmlErrorFp()
152154

153-
if htmlParsed:
154-
value += "\n%shtml error message fingerprint: %s" % (blank, htmlParsed)
155+
if htmlErrorFp:
156+
value += "\n%shtml error message fingerprint: %s" % (blank, htmlErrorFp)
155157

156158
if formatInfo:
157159
value += "\n%s" % formatInfo

plugins/dbms/mysql.py

Lines changed: 10 additions & 8 deletions
Original file line numberDiff line numberDiff line change
@@ -182,15 +182,17 @@ def __commentCheck(self):
182182

183183

184184
def getFingerprint(self):
185+
value = "back-end DBMS: "
185186
actVer = formatDBMSfp()
186187

187188
if not conf.extensiveFp:
188-
return actVer
189+
value += actVer
190+
return value
189191

190-
comVer = self.__commentCheck()
191-
blank = " " * 16
192-
formatInfo = None
193-
value = "active fingerprint: %s" % actVer
192+
comVer = self.__commentCheck()
193+
blank = " " * 15
194+
formatInfo = None
195+
value += "active fingerprint: %s" % actVer
194196

195197
if comVer:
196198
comVer = formatDBMSfp([comVer])
@@ -207,10 +209,10 @@ def getFingerprint(self):
207209
value += "\n%sbanner parsing fingerprint: %s" % (blank, banVer)
208210

209211
#passiveFuzzing()
210-
htmlParsed = getHtmlErrorFp()
212+
htmlErrorFp = getHtmlErrorFp()
211213

212-
if htmlParsed:
213-
value += "\n%shtml error message fingerprint: %s" % (blank, htmlParsed)
214+
if htmlErrorFp:
215+
value += "\n%shtml error message fingerprint: %s" % (blank, htmlErrorFp)
214216

215217
if formatInfo:
216218
value += "\n%s" % formatInfo

0 commit comments

Comments
 (0)