Thanks to visit codestin.com
Credit goes to github.com

Skip to content

Commit 66fb3c3

Browse files
bdamelebdamele
committed
Minor enhancement to show the DBMS operating system (if fingerprinted)
also when only -b option is provided since it's an information that sqlmap get parsing the DBMS banner. Got rid completely of useless passive fuzzing.
1 parent 7d7170f commit 66fb3c3

7 files changed

Lines changed: 99 additions & 149 deletions

File tree

lib/utils/fuzzer.py

Lines changed: 0 additions & 43 deletions
This file was deleted.

plugins/dbms/mssqlserver.py

Lines changed: 19 additions & 15 deletions
Original file line numberDiff line numberDiff line change
@@ -46,7 +46,6 @@
4646
from lib.parse.banner import bannerParser
4747
from lib.request import inject
4848
from lib.request.connect import Connect as Request
49-
#from lib.utils.fuzzer import passiveFuzzing
5049

5150
from plugins.generic.enumeration import Enumeration
5251
from plugins.generic.filesystem import Filesystem
@@ -124,8 +123,19 @@ def escape(expression):
124123

125124

126125
def getFingerprint(self):
127-
value = "back-end DBMS: "
128-
actVer = formatDBMSfp()
126+
value = ""
127+
info = None
128+
formatInfo = None
129+
130+
if self.banner:
131+
info = bannerParser(self.banner)
132+
formatInfo = formatOSfp(info)
133+
134+
if formatInfo:
135+
value += "%s\n" % formatInfo
136+
137+
value += "back-end DBMS: "
138+
actVer = formatDBMSfp()
129139

130140
if not conf.extensiveFp:
131141
value += actVer
@@ -135,12 +145,10 @@ def getFingerprint(self):
135145
formatInfo = None
136146
value += "active fingerprint: %s" % actVer
137147

138-
if self.banner:
139-
info = bannerParser(self.banner)
148+
if info:
140149
release = info["dbmsRelease"]
141150
version = info["dbmsVersion"]
142151
servicepack = info["dbmsServicePack"]
143-
formatInfo = formatOSfp(info)
144152

145153
if release and version and servicepack:
146154
banVer = "Microsoft SQL Server %s " % release
@@ -149,33 +157,32 @@ def getFingerprint(self):
149157

150158
value += "\n%sbanner parsing fingerprint: %s" % (blank, banVer)
151159

152-
#passiveFuzzing()
153160
htmlErrorFp = getHtmlErrorFp()
154161

155162
if htmlErrorFp:
156163
value += "\n%shtml error message fingerprint: %s" % (blank, htmlErrorFp)
157164

158-
if formatInfo:
159-
value += "\n%s" % formatInfo
160-
161165
return value
162166

163167

164168
def checkDbms(self):
165169
if conf.dbms in MSSQL_ALIASES and kb.dbmsVersion and kb.dbmsVersion[0].isdigit():
166170
setDbms("Microsoft SQL Server %s" % kb.dbmsVersion[0])
167171

172+
if conf.getBanner:
173+
self.banner = inject.getValue("@@VERSION")
174+
168175
if not conf.extensiveFp:
169176
return True
170177

171178
logMsg = "testing Microsoft SQL Server"
172179
logger.info(logMsg)
173180

174181
randInt = str(randomInt(1))
175-
query = "LTRIM(STR(LEN(%s)))" % randInt
182+
query = "LTRIM(STR(LEN(%s)))" % randInt
176183

177184
if inject.getValue(query) == "1":
178-
query = "SELECT SUBSTRING((@@VERSION), 25, 1)"
185+
query = "SELECT SUBSTRING((@@VERSION), 25, 1)"
179186
version = inject.getValue(query)
180187

181188
if version == "8":
@@ -190,9 +197,6 @@ def checkDbms(self):
190197
else:
191198
setDbms("Microsoft SQL Server")
192199

193-
if not conf.extensiveFp:
194-
return True
195-
196200
if conf.getBanner:
197201
self.banner = inject.getValue("@@VERSION")
198202

plugins/dbms/mysql.py

Lines changed: 26 additions & 14 deletions
Original file line numberDiff line numberDiff line change
@@ -47,7 +47,6 @@
4747
from lib.parse.banner import bannerParser
4848
from lib.request import inject
4949
from lib.request.connect import Connect as Request
50-
#from lib.utils.fuzzer import passiveFuzzing
5150

5251
from plugins.generic.enumeration import Enumeration
5352
from plugins.generic.filesystem import Filesystem
@@ -182,8 +181,19 @@ def __commentCheck(self):
182181

183182

184183
def getFingerprint(self):
185-
value = "back-end DBMS: "
186-
actVer = formatDBMSfp()
184+
value = ""
185+
info = None
186+
formatInfo = None
187+
188+
if self.banner:
189+
info = bannerParser(self.banner)
190+
formatInfo = formatOSfp(info)
191+
192+
if formatInfo:
193+
value += "%s\n" % formatInfo
194+
195+
value += "back-end DBMS: "
196+
actVer = formatDBMSfp()
187197

188198
if not conf.extensiveFp:
189199
value += actVer
@@ -198,25 +208,21 @@ def getFingerprint(self):
198208
comVer = formatDBMSfp([comVer])
199209
value += "\n%scomment injection fingerprint: %s" % (blank, comVer)
200210

201-
if self.banner:
202-
info = bannerParser(self.banner)
203-
formatInfo = formatOSfp(info)
204-
211+
if info:
212+
# TODO: move to the XML banner file
205213
banVer = info['version']
214+
206215
if re.search("-log$", self.banner):
207216
banVer += ", logging enabled"
217+
208218
banVer = formatDBMSfp([banVer])
209219
value += "\n%sbanner parsing fingerprint: %s" % (blank, banVer)
210220

211-
#passiveFuzzing()
212221
htmlErrorFp = getHtmlErrorFp()
213222

214223
if htmlErrorFp:
215224
value += "\n%shtml error message fingerprint: %s" % (blank, htmlErrorFp)
216225

217-
if formatInfo:
218-
value += "\n%s" % formatInfo
219-
220226
return value
221227

222228

@@ -235,6 +241,9 @@ def checkDbms(self):
235241
if int(kb.dbmsVersion[0]) >= 5:
236242
self.has_information_schema = True
237243

244+
if conf.getBanner:
245+
self.banner = inject.getValue("VERSION()")
246+
238247
if not conf.extensiveFp:
239248
return True
240249

@@ -261,6 +270,9 @@ def checkDbms(self):
261270
setDbms("MySQL 5")
262271
self.has_information_schema = True
263272

273+
if conf.getBanner:
274+
self.banner = inject.getValue("VERSION()")
275+
264276
if not conf.extensiveFp:
265277
kb.dbmsVersion = [">= 5.0.0"]
266278
return True
@@ -306,6 +318,9 @@ def checkDbms(self):
306318
setDbms("MySQL 4")
307319
kb.dbmsVersion = ["< 5.0.0"]
308320

321+
if conf.getBanner:
322+
self.banner = inject.getValue("VERSION()")
323+
309324
if not conf.extensiveFp:
310325
return True
311326

@@ -332,9 +347,6 @@ def checkDbms(self):
332347
else:
333348
kb.dbmsVersion = ["< 3.22.11"]
334349

335-
if conf.getBanner:
336-
self.banner = inject.getValue("VERSION()")
337-
338350
return True
339351
else:
340352
warnMsg = "the back-end DMBS is not MySQL"

plugins/dbms/oracle.py

Lines changed: 19 additions & 13 deletions
Original file line numberDiff line numberDiff line change
@@ -39,7 +39,6 @@
3939
from lib.core.unescaper import unescaper
4040
from lib.parse.banner import bannerParser
4141
from lib.request import inject
42-
#from lib.utils.fuzzer import passiveFuzzing
4342

4443
from plugins.generic.enumeration import Enumeration
4544
from plugins.generic.filesystem import Filesystem
@@ -118,7 +117,18 @@ def escape(expression):
118117

119118

120119
def getFingerprint(self):
121-
value = "back-end DBMS: "
120+
value = ""
121+
info = None
122+
formatInfo = None
123+
124+
if self.banner:
125+
info = bannerParser(self.banner)
126+
formatInfo = formatOSfp(info)
127+
128+
if formatInfo:
129+
value += "%s\n" % formatInfo
130+
131+
value += "back-end DBMS: "
122132

123133
if not conf.extensiveFp:
124134
value += "Oracle"
@@ -129,30 +139,26 @@ def getFingerprint(self):
129139
formatInfo = None
130140
value += "active fingerprint: %s" % actVer
131141

132-
if self.banner:
133-
info = bannerParser(self.banner)
134-
formatInfo = formatOSfp(info)
135-
142+
if info:
136143
banVer = info['version']
137144
banVer = formatDBMSfp([banVer])
138145
value += "\n%sbanner parsing fingerprint: %s" % (blank, banVer)
139146

140-
#passiveFuzzing()
141147
htmlErrorFp = getHtmlErrorFp()
142148

143149
if htmlErrorFp:
144150
value += "\n%shtml error message fingerprint: %s" % (blank, htmlErrorFp)
145151

146-
if formatInfo:
147-
value += "\n%s" % formatInfo
148-
149152
return value
150153

151154

152155
def checkDbms(self):
153156
if conf.dbms in ORACLE_ALIASES:
154157
setDbms("Oracle")
155158

159+
if conf.getBanner:
160+
self.banner = inject.getValue("SELECT banner FROM v$version WHERE ROWNUM=1")
161+
156162
if not conf.extensiveFp:
157163
return True
158164

@@ -177,6 +183,9 @@ def checkDbms(self):
177183

178184
setDbms("Oracle")
179185

186+
if conf.getBanner:
187+
self.banner = inject.getValue("SELECT banner FROM v$version WHERE ROWNUM=1")
188+
180189
if not conf.extensiveFp:
181190
return True
182191

@@ -189,9 +198,6 @@ def checkDbms(self):
189198
elif re.search("^8", version):
190199
kb.dbmsVersion = ["8i"]
191200

192-
if conf.getBanner:
193-
self.banner = inject.getValue("SELECT banner FROM v$version WHERE ROWNUM=1")
194-
195201
return True
196202
else:
197203
warnMsg = "the back-end DMBS is not Oracle"

0 commit comments

Comments
 (0)