Thanks to visit codestin.com
Credit goes to github.com

Skip to content

Commit 68f5597

Browse files
stamparmstamparm
committed
Some cleaning up for #3283 
1 parent 411f56e commit 68f5597

10 files changed

Lines changed: 45 additions & 136 deletions

File tree

lib/core/agent.py

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -624,7 +624,7 @@ def concatQuery(self, query, unpack=True):
624624
elif fieldsNoSelect:
625625
concatenatedQuery = "CONCAT('%s',%s,'%s')" % (kb.chars.start, concatenatedQuery, kb.chars.stop)
626626

627-
elif Backend.getIdentifiedDbms() in (DBMS.PGSQL, DBMS.ORACLE, DBMS.SQLITE, DBMS.DB2, DBMS.FIREBIRD, DBMS.HSQLDB):
627+
elif Backend.getIdentifiedDbms() in (DBMS.PGSQL, DBMS.ORACLE, DBMS.SQLITE, DBMS.DB2, DBMS.FIREBIRD, DBMS.HSQLDB, DBMS.H2):
628628
if fieldsExists:
629629
concatenatedQuery = concatenatedQuery.replace("SELECT ", "'%s'||" % kb.chars.start, 1)
630630
concatenatedQuery += "||'%s'" % kb.chars.stop

lib/core/dump.py

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -171,7 +171,7 @@ def currentUser(self, data):
171171
def currentDb(self, data):
172172
if Backend.isDbms(DBMS.MAXDB):
173173
self.string("current database (no practical usage on %s)" % Backend.getIdentifiedDbms(), data, content_type=CONTENT_TYPE.CURRENT_DB)
174-
elif Backend.getIdentifiedDbms() in (DBMS.ORACLE, DBMS.PGSQL, DBMS.HSQLDB):
174+
elif Backend.getIdentifiedDbms() in (DBMS.ORACLE, DBMS.PGSQL, DBMS.HSQLDB, DBMS.H2):
175175
self.string("current schema (equivalent to database on %s)" % Backend.getIdentifiedDbms(), data, content_type=CONTENT_TYPE.CURRENT_DB)
176176
else:
177177
self.string("current database", data, content_type=CONTENT_TYPE.CURRENT_DB)

lib/core/settings.py

Lines changed: 2 additions & 2 deletions
Original file line numberDiff line numberDiff line change
@@ -19,7 +19,7 @@
1919
from lib.core.enums import OS
2020

2121
# sqlmap version (<major>.<minor>.<month>.<monthly commit>)
22-
VERSION = "1.2.10.21"
22+
VERSION = "1.2.10.22"
2323
TYPE = "dev" if VERSION.count('.') > 2 and VERSION.split('.')[-1] != '0' else "stable"
2424
TYPE_COLORS = {"dev": 33, "stable": 90, "pip": 34}
2525
VERSION_STRING = "sqlmap/%s#%s" % ('.'.join(VERSION.split('.')[:-1]) if VERSION.count('.') > 2 and VERSION.split('.')[-1] == '0' else VERSION, TYPE)
@@ -265,7 +265,7 @@
265265
REFERER_ALIASES = ("ref", "referer", "referrer")
266266
HOST_ALIASES = ("host",)
267267

268-
HSQLDB_DEFAULT_SCHEMA = "PUBLIC"
268+
H2_DEFAULT_SCHEMA = HSQLDB_DEFAULT_SCHEMA = "PUBLIC"
269269

270270
# Names that can't be used to name files on Windows OS
271271
WINDOWS_RESERVED_NAMES = ("CON", "PRN", "AUX", "NUL", "COM1", "COM2", "COM3", "COM4", "COM5", "COM6", "COM7", "COM8", "COM9", "LPT1", "LPT2", "LPT3", "LPT4", "LPT5", "LPT6", "LPT7", "LPT8", "LPT9")

plugins/dbms/h2/connector.py

Lines changed: 4 additions & 77 deletions
Original file line numberDiff line numberDiff line change
@@ -5,87 +5,14 @@
55
See the file 'LICENSE' for copying permission
66
"""
77

8-
try:
9-
import jaydebeapi
10-
import jpype
11-
except:
12-
pass
13-
14-
import logging
15-
16-
from lib.core.common import checkFile
17-
from lib.core.common import readInput
18-
from lib.core.data import conf
19-
from lib.core.data import logger
20-
from lib.core.exception import SqlmapConnectionException
8+
from lib.core.exception import SqlmapUnsupportedFeatureException
219
from plugins.generic.connector import Connector as GenericConnector
2210

2311
class Connector(GenericConnector):
24-
"""
25-
Homepage: https://pypi.python.org/pypi/JayDeBeApi/ & http://jpype.sourceforge.net/
26-
User guide: https://pypi.python.org/pypi/JayDeBeApi/#usage & http://jpype.sourceforge.net/doc/user-guide/userguide.html
27-
API: -
28-
Debian package: -
29-
License: LGPL & Apache License 2.0
30-
"""
31-
3212
def __init__(self):
3313
GenericConnector.__init__(self)
3414

3515
def connect(self):
36-
self.initConnection()
37-
try:
38-
msg = "what's the location of 'hsqldb.jar'? "
39-
jar = readInput(msg)
40-
checkFile(jar)
41-
args = "-Djava.class.path=%s" % jar
42-
jvm_path = jpype.getDefaultJVMPath()
43-
jpype.startJVM(jvm_path, args)
44-
except Exception, msg:
45-
raise SqlmapConnectionException(msg[0])
46-
47-
try:
48-
driver = 'org.hsqldb.jdbc.JDBCDriver'
49-
connection_string = 'jdbc:hsqldb:mem:.' # 'jdbc:hsqldb:hsql://%s/%s' % (self.hostname, self.db)
50-
self.connector = jaydebeapi.connect(driver, connection_string, str(self.user), str(self.password))
51-
except Exception, msg:
52-
raise SqlmapConnectionException(msg[0])
53-
54-
self.initCursor()
55-
self.printConnected()
56-
57-
def fetchall(self):
58-
try:
59-
return self.cursor.fetchall()
60-
except Exception, msg:
61-
logger.log(logging.WARN if conf.dbmsHandler else logging.DEBUG, "(remote) %s" % msg[1])
62-
return None
63-
64-
def execute(self, query):
65-
retVal = False
66-
67-
try:
68-
self.cursor.execute(query)
69-
retVal = True
70-
except Exception, msg: # TODO: fix with specific error
71-
logger.log(logging.WARN if conf.dbmsHandler else logging.DEBUG, "(remote) %s" % msg[1])
72-
73-
self.connector.commit()
74-
75-
return retVal
76-
77-
def select(self, query):
78-
retVal = None
79-
80-
upper_query = query.upper()
81-
82-
if query and not (upper_query.startswith("SELECT ") or upper_query.startswith("VALUES ")):
83-
query = "VALUES %s" % query
84-
85-
if query and upper_query.startswith("SELECT ") and " FROM " not in upper_query:
86-
query = "%s FROM (VALUES(0))" % query
87-
88-
self.cursor.execute(query)
89-
retVal = self.cursor.fetchall()
90-
91-
return retVal
16+
errMsg = "on H2 it is not (currently) possible to establish a "
17+
errMsg += "direct connection"
18+
raise SqlmapUnsupportedFeatureException(errMsg)

plugins/dbms/h2/enumeration.py

Lines changed: 10 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -12,6 +12,7 @@
1212
from lib.core.data import queries
1313
from lib.core.common import unArrayizeValue
1414
from lib.core.enums import DBMS
15+
from lib.core.settings import H2_DEFAULT_SCHEMA
1516
from lib.request import inject
1617

1718
class Enumeration(GenericEnumeration):
@@ -40,3 +41,12 @@ def getPrivileges(self, *args):
4041
def getHostname(self):
4142
warnMsg = "on H2 it is not possible to enumerate the hostname"
4243
logger.warn(warnMsg)
44+
45+
def getCurrentDb(self):
46+
return H2_DEFAULT_SCHEMA
47+
48+
def getPasswordHashes(self):
49+
warnMsg = "on H2 it is not possible to list password hashes"
50+
logger.warn(warnMsg)
51+
52+
return {}

plugins/dbms/h2/fingerprint.py

Lines changed: 9 additions & 32 deletions
Original file line numberDiff line numberDiff line change
@@ -27,32 +27,28 @@ def getFingerprint(self):
2727
value = ""
2828
wsOsFp = Format.getOs("web server", kb.headersFp)
2929

30-
if wsOsFp and not conf.api:
30+
if wsOsFp:
3131
value += "%s\n" % wsOsFp
3232

3333
if kb.data.banner:
3434
dbmsOsFp = Format.getOs("back-end DBMS", kb.bannerFp)
3535

36-
if dbmsOsFp and not conf.api:
36+
if dbmsOsFp:
3737
value += "%s\n" % dbmsOsFp
3838

3939
value += "back-end DBMS: "
40-
actVer = Format.getDbms()
4140

4241
if not conf.extensiveFp:
43-
value += actVer
42+
value += DBMS.H2
4443
return value
4544

45+
actVer = Format.getDbms()
4646
blank = " " * 15
4747
value += "active fingerprint: %s" % actVer
4848

4949
if kb.bannerFp:
5050
banVer = kb.bannerFp.get("dbmsVersion")
51-
52-
if re.search(r"-log$", kb.data.banner):
53-
banVer += ", logging enabled"
54-
55-
banVer = Format.getDbms([banVer] if banVer else None)
51+
banVer = Format.getDbms([banVer])
5652
value += "\n%sbanner parsing fingerprint: %s" % (blank, banVer)
5753

5854
htmlErrorFp = Format.getErrorParsedDBMSes()
@@ -66,9 +62,6 @@ def checkDbms(self):
6662
if not conf.extensiveFp and Backend.isDbmsWithin(H2_ALIASES):
6763
setDbms("%s %s" % (DBMS.H2, Backend.getVersion()))
6864

69-
if Backend.isVersionGreaterOrEqualThan("1.7.2"):
70-
kb.data.has_information_schema = True
71-
7265
self.getBanner()
7366

7467
return True
@@ -90,31 +83,15 @@ def checkDbms(self):
9083

9184
return False
9285
else:
93-
kb.data.has_information_schema = True
94-
Backend.setVersion(">= 1.7.2")
95-
setDbms("%s 1.7.2" % DBMS.H2)
96-
97-
banner = self.getBanner()
98-
if banner:
99-
Backend.setVersion("= %s" % banner)
100-
else:
101-
if inject.checkBooleanExpression("(SELECT [RANDNUM] FROM (VALUES(0)))=[RANDNUM]"):
102-
Backend.setVersionList([">= 2.0.0", "< 2.3.0"])
103-
else:
104-
banner = unArrayizeValue(inject.getValue("\"org.hsqldbdb.Library.getDatabaseFullProductVersion\"()", safeCharEncode=True))
105-
if banner:
106-
Backend.setVersion("= %s" % banner)
107-
else:
108-
Backend.setVersionList([">= 1.7.2", "< 1.8.0"])
86+
setDbms(DBMS.H2)
10987

110-
return True
88+
self.getBanner()
89+
90+
return True
11191
else:
11292
warnMsg = "the back-end DBMS is not %s" % DBMS.H2
11393
logger.warn(warnMsg)
11494

115-
dbgMsg = "...or version is < 1.7.2"
116-
logger.debug(dbgMsg)
117-
11895
return False
11996

12097
def getHostname(self):

plugins/dbms/maxdb/connector.py

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -13,6 +13,6 @@ def __init__(self):
1313
GenericConnector.__init__(self)
1414

1515
def connect(self):
16-
errMsg = "on SAP MaxDB it is not possible to establish a "
16+
errMsg = "on SAP MaxDB it is not (currently) possible to establish a "
1717
errMsg += "direct connection"
1818
raise SqlmapUnsupportedFeatureException(errMsg)

plugins/generic/databases.py

Lines changed: 2 additions & 2 deletions
Original file line numberDiff line numberDiff line change
@@ -438,7 +438,7 @@ def getColumns(self, onlyColNames=False, colTuple=None, bruteForce=None, dumpMod
438438
raise SqlmapNoneDataException(errMsg)
439439

440440
elif conf.db is not None:
441-
if Backend.getIdentifiedDbms() in (DBMS.ORACLE, DBMS.DB2, DBMS.HSQLDB):
441+
if Backend.getIdentifiedDbms() in (DBMS.ORACLE, DBMS.DB2, DBMS.HSQLDB, DBMS.H2):
442442
conf.db = conf.db.upper()
443443

444444
if ',' in conf.db:
@@ -465,7 +465,7 @@ def getColumns(self, onlyColNames=False, colTuple=None, bruteForce=None, dumpMod
465465
colList = filter(None, colList)
466466

467467
if conf.tbl:
468-
if Backend.getIdentifiedDbms() in (DBMS.ORACLE, DBMS.DB2, DBMS.HSQLDB):
468+
if Backend.getIdentifiedDbms() in (DBMS.ORACLE, DBMS.DB2, DBMS.HSQLDB, DBMS.H2):
469469
conf.tbl = conf.tbl.upper()
470470

471471
tblList = conf.tbl.split(',')

txt/checksum.md5

Lines changed: 9 additions & 9 deletions
Original file line numberDiff line numberDiff line change
@@ -27,7 +27,7 @@ c1bccc94522d3425a372dcd57f78418e extra/wafdetectify/wafdetectify.py
2727
d6deacb76e1f479b3c690c215fad1c08 lib/controller/controller.py
2828
97a0f363bfc33a5ee4853cdf91515423 lib/controller/handler.py
2929
1e5532ede194ac9c083891c2f02bca93 lib/controller/__init__.py
30-
a866dd953fdc4b5273a9c28f6b2361f1 lib/core/agent.py
30+
cb865cf6eff60118bc97a0f106af5e4d lib/core/agent.py
3131
c347f085bd561adfa26d3a9512e5f3b9 lib/core/bigarray.py
3232
ce7fb7270b104f05d1e2be088b69c976 lib/core/common.py
3333
0d082da16c388b3445e656e0760fb582 lib/core/convert.py
@@ -36,7 +36,7 @@ ce7fb7270b104f05d1e2be088b69c976 lib/core/common.py
3636
4086fb55f42e27de5330505605baad0f lib/core/decorators.py
3737
fbb55cc6100318ff922957b6577dc58f lib/core/defaults.py
3838
56b79ee7acd2da19c1678250edfdafab lib/core/dicts.py
39-
d4b3d448bcfd9f15d089fc81d38f4825 lib/core/dump.py
39+
760de985e09f5d11aacd3a8f2d8e9ff2 lib/core/dump.py
4040
ee7da34f4947739778a07d6c9c05ab54 lib/core/enums.py
4141
cada93357a7321655927fc9625b3bfec lib/core/exception.py
4242
1e5532ede194ac9c083891c2f02bca93 lib/core/__init__.py
@@ -49,7 +49,7 @@ c8c386d644d57c659d74542f5f57f632 lib/core/patch.py
4949
0c3eef46bdbf87e29a3f95f90240d192 lib/core/replication.py
5050
a7db43859b61569b601b97f187dd31c5 lib/core/revision.py
5151
fcb74fcc9577523524659ec49e2e964b lib/core/session.py
52-
1eb1c8d9bf5f38efc0625524d7dfa8ed lib/core/settings.py
52+
5a5c0538e7464803ea3cd2b55b98f991 lib/core/settings.py
5353
dd68a9d02fccb4fa1428b20e15b0db5d lib/core/shell.py
5454
a7edc9250d13af36ac0108f259859c19 lib/core/subprocessng.py
5555
47ad325975ab21fc9f11d90b46d0d143 lib/core/target.py
@@ -140,10 +140,10 @@ bf98dbd666c162088f23ee697c065010 plugins/dbms/firebird/fingerprint.py
140140
d4ea3036492b8ae15340548b2936021f plugins/dbms/firebird/__init__.py
141141
c56f2dabe88fd761a1a9a51e4d104088 plugins/dbms/firebird/syntax.py
142142
1522a29bd4b54ea78bb2855fc32b6c72 plugins/dbms/firebird/takeover.py
143-
271a7f16e781d56a0a31a3d5515a1945 plugins/dbms/h2/connector.py
144-
687005cf105ab50c62b6686866d6ef13 plugins/dbms/h2/enumeration.py
143+
79c44d8d0dffc140d38796a32e92a66a plugins/dbms/h2/connector.py
144+
5b99e9a60409f54a140747ce1ca0342f plugins/dbms/h2/enumeration.py
145145
b1ed542fff0aa53c54e8bc07658aeaf1 plugins/dbms/h2/filesystem.py
146-
443bc9ac09ce180360ff5a660ac3d6ba plugins/dbms/h2/fingerprint.py
146+
4fe530d10b74210bd045205d9318b5d6 plugins/dbms/h2/fingerprint.py
147147
1de698e4cfddd754ffe31ea2640a481a plugins/dbms/h2/__init__.py
148148
4673ebfdce9859718c19e8a7765da8d3 plugins/dbms/h2/syntax.py
149149
af746ef421cfefedc1aaa9dca1503de2 plugins/dbms/h2/takeover.py
@@ -162,7 +162,7 @@ b182f01c2ba82aa94fbe4948383ea98d plugins/dbms/informix/fingerprint.py
162162
aa77fec4fe6b2d7ca4a91aebd9ff4e21 plugins/dbms/informix/syntax.py
163163
25f0fb28e9defcab48a2e946fbb7550a plugins/dbms/informix/takeover.py
164164
1e5532ede194ac9c083891c2f02bca93 plugins/dbms/__init__.py
165-
6917f9b045f6188b89e816dea9b46a3f plugins/dbms/maxdb/connector.py
165+
9c0307881fae556521bec393956664b0 plugins/dbms/maxdb/connector.py
166166
1f3f9d4c7ec62452ed2465cd9cf50aa1 plugins/dbms/maxdb/enumeration.py
167167
ffd26f64142226d0b1ed1d70f7f294c0 plugins/dbms/maxdb/filesystem.py
168168
9f9f1c4c4c3150545c4b61d1cffc76a8 plugins/dbms/maxdb/fingerprint.py
@@ -213,7 +213,7 @@ a3db8618eed5bb2807b6f77605cba9cc plugins/dbms/sybase/__init__.py
213213
79f6c7017db4ded8f74a0117188836ff plugins/dbms/sybase/takeover.py
214214
34d181a7086d6dfc7e72ae5f8a4cfe0f plugins/generic/connector.py
215215
ce6a6ff713852b5eca7b78316cc941c4 plugins/generic/custom.py
216-
ca122ea307ed367a55b12a67a6079e74 plugins/generic/databases.py
216+
dd0875db408080c8192c5186d2d9c246 plugins/generic/databases.py
217217
35546acab0eea406c23b84363df4d534 plugins/generic/entries.py
218218
d82f2c78c1d4d7c6487e94fd3a68a908 plugins/generic/enumeration.py
219219
0a67b8b46f69df7cfacc286b47a0d9a5 plugins/generic/filesystem.py
@@ -484,4 +484,4 @@ a279656ea3fcb85c727249b02f828383 xml/livetests.xml
484484
82c65823a0af3fccbecf37f1c75f0b29 xml/payloads/stacked_queries.xml
485485
92c41925eba27afeed76bceba6b18be2 xml/payloads/time_blind.xml
486486
ac649aff0e7db413e4937e446e398736 xml/payloads/union_query.xml
487-
39173640d6807991a6b78e9bea973339 xml/queries.xml
487+
c83a948e23219f1d101d3b3aa7eb1391 xml/queries.xml

xml/queries.xml

Lines changed: 6 additions & 11 deletions
Original file line numberDiff line numberDiff line change
@@ -676,7 +676,7 @@
676676
<hostname/>
677677
<table_comment/>
678678
<column_comment/>
679-
<is_dba query="SELECT ADMIN FROM INFORMATION_SCHEMA.SYSTEM_USERS WHERE USER=CURRENT_USER"/>
679+
<is_dba query="SELECT ADMIN FROM INFORMATION_SCHEMA.USERS WHERE NAME=CURRENT_USER"/>
680680
<check_udf/>
681681
<users>
682682
<!-- LIMIT is needed at start for v1.7 this gets mangled unless no-cast is used -->
@@ -739,23 +739,18 @@
739739
<hex query="RAWTOHEX(%s)"/>
740740
<inference query="ASCII(SUBSTR((%s),%d,1))>%d"/>
741741
<banner query="H2VERSION()"/>
742-
<current_user query="CURRENT_USER"/>
742+
<current_user query="CURRENT_USER"/>mirek
743743
<current_db query="DATABASE()"/>
744744
<hostname/>
745745
<table_comment/>
746746
<column_comment/>
747-
<is_dba query="SELECT ADMIN FROM INFORMATION_SCHEMA.SYSTEM_USERS WHERE USER=CURRENT_USER"/>
747+
<is_dba query="SELECT CURRENT_USER='SA'"/>
748748
<check_udf/>
749749
<users>
750-
<!-- LIMIT is needed at start for v1.7 this gets mangled unless no-cast is used -->
751-
<blind query="SELECT LIMIT %d 1 DISTINCT(user) FROM INFORMATION_SCHEMA.SYSTEM_USERS ORDER BY user" count="SELECT COUNT(DISTINCT(user)) FROM INFORMATION_SCHEMA.SYSTEM_USERS"/>
752-
<inband query="SELECT user FROM INFORMATION_SCHEMA.SYSTEM_USERS ORDER BY user"/>
750+
<inband query="SELECT NAME FROM INFORMATION_SCHEMA.USERS"/>
751+
<blind query="SELECT NAME FROM INFORMATION_SCHEMA.USERS OFFSET %d LIMIT 1" count="SELECT COUNT(NAME) FROM INFORMATION_SCHEMA.USERS"/>
753752
</users>
754-
<passwords>
755-
<!-- Passwords only shown in later versions &gt;=2.0 -->
756-
<blind query="SELECT LIMIT %d 1 DISTINCT(password_digest) FROM INFORMATION_SCHEMA.SYSTEM_USERS WHERE user_name='%s' ORDER BY password_digest" count="SELECT COUNT(DISTINCT(password_digest)) FROM INFORMATION_SCHEMA.SYSTEM_USERS WHERE user_name='%s'"/>
757-
<inband query="SELECT user_name,password_digest FROM INFORMATION_SCHEMA.SYSTEM_USERS ORDER BY user_name" condition="user_name"/>
758-
</passwords>
753+
<passwords/>
759754
<privileges/>
760755
<roles/>
761756
<dbs>

0 commit comments

Comments
 (0)