applying contributed patch for DB2

stamparm · stamparm · commit 6e392b6054b4 · 2011-05-06T09:30:39.000Z
diff --git a/lib/controller/handler.py b/lib/controller/handler.py
@@ -23,6 +23,7 @@
 from lib.core.settings import FIREBIRD_ALIASES
 from lib.core.settings import MAXDB_ALIASES
 from lib.core.settings import SYBASE_ALIASES
+from lib.core.settings import DB2_ALIASES
 
 from plugins.dbms.mssqlserver import MSSQLServerMap
 from plugins.dbms.mssqlserver.connector import Connector as MSSQLServerConn
@@ -42,6 +43,8 @@
 from plugins.dbms.maxdb.connector import Connector as MaxDBConn
 from plugins.dbms.sybase import SybaseMap
 from plugins.dbms.sybase.connector import Connector as SybaseConn
+from plugins.dbms.db2 import DB2Map
+from plugins.dbms.db2.connector import Connector as DB2Conn
 
 def setHandler():
     """
@@ -50,7 +53,7 @@ def setHandler():
     """
 
     count = 0
-    dbmsNames = ( "MySQL", "Oracle", "PostgreSQL", "Microsoft SQL Server", "SQLite", "Microsoft Access", "Firebird", "SAP MaxDB", "Sybase" )
+    dbmsNames = ( "MySQL", "Oracle", "PostgreSQL", "Microsoft SQL Server", "SQLite", "Microsoft Access", "Firebird", "SAP MaxDB", "Sybase", "DB2" )
     dbmsObj = [
                   ( MYSQL_ALIASES, MySQLMap, MySQLConn ),
                   ( ORACLE_ALIASES, OracleMap, OracleConn ),
@@ -61,6 +64,7 @@ def setHandler():
                   ( FIREBIRD_ALIASES, FirebirdMap, FirebirdConn ),
                   ( MAXDB_ALIASES, MaxDBMap, MaxDBConn ),
                   ( SYBASE_ALIASES, SybaseMap, SybaseConn ),
+                  ( DB2_ALIASES, DB2Map, DB2Conn )
                 ]
 
     if Backend.getIdentifiedDbms() is not None:
diff --git a/lib/core/agent.py b/lib/core/agent.py
@@ -407,7 +407,7 @@ def simpleConcatQuery(self, query1, query2):
         if Backend.isDbms(DBMS.MYSQL):
             concatenatedQuery = "CONCAT(%s,%s)" % (query1, query2)
 
-        elif Backend.getIdentifiedDbms() in (DBMS.PGSQL, DBMS.ORACLE, DBMS.SQLITE):
+        elif Backend.getIdentifiedDbms() in (DBMS.PGSQL, DBMS.ORACLE, DBMS.SQLITE, DBMS.DB2):
             concatenatedQuery = "%s||%s" % (query1, query2)
 
         elif Backend.getIdentifiedDbms() in (DBMS.MSSQL, DBMS.SYBASE):
@@ -466,7 +466,7 @@ def concatQuery(self, query, unpack=True):
             elif fieldsNoSelect:
                 concatenatedQuery = "CONCAT('%s',%s,'%s')" % (kb.misc.start, concatenatedQuery, kb.misc.stop)
 
-        elif Backend.getIdentifiedDbms() in (DBMS.PGSQL, DBMS.ORACLE, DBMS.SQLITE):
+        elif Backend.getIdentifiedDbms() in (DBMS.PGSQL, DBMS.ORACLE, DBMS.SQLITE, DBMS.DB2):
             if fieldsExists:
                 concatenatedQuery = concatenatedQuery.replace("SELECT ", "'%s'||" % kb.misc.start, 1)
                 concatenatedQuery += "||'%s'" % kb.misc.stop
@@ -643,7 +643,7 @@ def limitQuery(self, num, query, field=None, uniqueField=None):
             limitStr = queries[Backend.getIdentifiedDbms()].limit.query % (num+1, num+1)
             limitedQuery += " %s" % limitStr
 
-        elif Backend.isDbms(DBMS.ORACLE):
+        elif Backend.getIdentifiedDbms() in (DBMS.ORACLE, DBMS.DB2):
             if " ORDER BY " in limitedQuery and "(SELECT " in limitedQuery:
                 orderBy = limitedQuery[limitedQuery.index(" ORDER BY "):]
                 limitedQuery = limitedQuery[:limitedQuery.index(" ORDER BY ")]
diff --git a/lib/core/common.py b/lib/core/common.py
@@ -2546,7 +2546,7 @@ def safeSQLIdentificatorNaming(name, isTable=False):
             if not re.match(r"\A[A-Za-z0-9_]+\Z", parts[i]):
                 if Backend.getIdentifiedDbms() in (DBMS.MYSQL, DBMS.ACCESS):
                     parts[i] = "`%s`" % parts[i].strip("`")
-                elif Backend.getIdentifiedDbms() in (DBMS.MSSQL, DBMS.ORACLE, DBMS.PGSQL):
+                elif Backend.getIdentifiedDbms() in (DBMS.MSSQL, DBMS.ORACLE, DBMS.PGSQL, DBMS.DB2):
                     parts[i] = "\"%s\"" % parts[i].strip("\"")
 
         retVal = ".".join(parts)
@@ -2563,7 +2563,7 @@ def unsafeSQLIdentificatorNaming(name):
     if isinstance(name, basestring):
         if Backend.getIdentifiedDbms() in (DBMS.MYSQL, DBMS.ACCESS):
             retVal = name.replace("`", "")
-        elif Backend.getIdentifiedDbms() in (DBMS.MSSQL, DBMS.ORACLE, DBMS.PGSQL):
+        elif Backend.getIdentifiedDbms() in (DBMS.MSSQL, DBMS.ORACLE, DBMS.PGSQL, DBMS.DB2):
             retVal = name.replace("\"", "")
         if Backend.getIdentifiedDbms() in (DBMS.MSSQL, DBMS.SYBASE):
             prefix = "%s." % DEFAULT_MSSQL_SCHEMA
diff --git a/lib/core/data.py b/lib/core/data.py
@@ -19,6 +19,7 @@
 from lib.core.settings import FIREBIRD_ALIASES
 from lib.core.settings import MAXDB_ALIASES
 from lib.core.settings import SYBASE_ALIASES
+from lib.core.settings import DB2_ALIASES
 
 # sqlmap paths
 paths = advancedDict()
diff --git a/lib/core/dicts.py b/lib/core/dicts.py
@@ -98,3 +98,14 @@
                     "R": "REFERENCES",
                     "E": "EXECUTE"
                 }
+
+db2Privs = {
+                    1:"CONTROLAUTH",
+                    2:"ALTERAUTH",
+                    3:"DELETEAUTH",
+                    4:"INDEXAUTH",
+                    5:"INSERTAUTH",
+                    6:"REFAUTH",
+                    7:"SELECTAUTH",
+                    8:"UPDATEAUTH"
+           }
diff --git a/lib/core/enums.py b/lib/core/enums.py
@@ -34,6 +34,7 @@ class DBMS:
     PGSQL = "PostgreSQL"
     SQLITE = "SQLite"
     SYBASE = "Sybase"
+    DB2 = "IBM DB2"
 
 class OS:
     LINUX = "Linux"
diff --git a/lib/core/option.py b/lib/core/option.py
@@ -89,6 +89,7 @@
 from lib.core.settings import FIREBIRD_ALIASES
 from lib.core.settings import MAXDB_ALIASES
 from lib.core.settings import SYBASE_ALIASES
+from lib.core.settings import DB2_ALIASES
 from lib.core.settings import BURP_SPLITTER
 from lib.core.settings import MAX_NUMBER_OF_THREADS
 from lib.core.settings import TIME_DEFAULT_DELAY
@@ -682,7 +683,7 @@ def __setDBMS():
 
     for aliases in (MSSQL_ALIASES, MYSQL_ALIASES, PGSQL_ALIASES, \
                     ORACLE_ALIASES, SQLITE_ALIASES, ACCESS_ALIASES, \
-                    FIREBIRD_ALIASES, MAXDB_ALIASES, SYBASE_ALIASES):
+                    FIREBIRD_ALIASES, MAXDB_ALIASES, SYBASE_ALIASES, DB2_ALIASES):
         if conf.dbms in aliases:
             conf.dbms = aliases[0]
 
diff --git a/lib/core/settings.py b/lib/core/settings.py
@@ -147,6 +147,8 @@
                         "RDB$TRIGGER_MESSAGES", "RDB$TYPES", "RDB$USER_PRIVILEGES", "RDB$VIEW_RELATIONS" )
 MAXDB_SYSTEM_DBS = ( "SYSINFO", "DOMAIN" )
 SYBASE_SYSTEM_DBS = ( "master", "model", "sybsystemdb", "sybsystemprocs" )
+DB2_SYSTEM_DBS = ( "NULLID", "SQLJ", "SYSCAT", "SYSFUN", "SYSIBM", "SYSIBMADM", "SYSIBMINTERNAL", "SYSIBMTS", "SYSPROC", "SYSPUBLIC",\
+                   "SYSSTAT", "SYSTOOLS" )
 
 MSSQL_ALIASES = [ "microsoft sql server", "mssqlserver", "mssql", "ms" ]
 MYSQL_ALIASES = [ "mysql", "my" ]
@@ -157,8 +159,9 @@
 FIREBIRD_ALIASES = [ "firebird", "mozilla firebird", "interbase", "ibase", "fb" ]
 MAXDB_ALIASES = [ "maxdb", "sap maxdb", "sap db" ]
 SYBASE_ALIASES = [ "sybase", "sybase sql server" ]
+DB2_ALIASES = [ "ibm db2", "db2" ]
 
-SUPPORTED_DBMS = MSSQL_ALIASES + MYSQL_ALIASES + PGSQL_ALIASES + ORACLE_ALIASES + SQLITE_ALIASES + ACCESS_ALIASES + FIREBIRD_ALIASES + MAXDB_ALIASES + SYBASE_ALIASES
+SUPPORTED_DBMS = MSSQL_ALIASES + MYSQL_ALIASES + PGSQL_ALIASES + ORACLE_ALIASES + SQLITE_ALIASES + ACCESS_ALIASES + FIREBIRD_ALIASES + MAXDB_ALIASES + SYBASE_ALIASES + DB2_ALIASES
 SUPPORTED_OS = ( "linux", "windows" )
 
 DBMS_DICT = { DBMS.MSSQL: [MSSQL_ALIASES, "python-pymssql", "http://pymssql.sourceforge.net/"],
@@ -169,7 +172,8 @@
               DBMS.ACCESS: [ACCESS_ALIASES, "python-pyodbc", "http://pyodbc.googlecode.com/"],
               DBMS.FIREBIRD: [FIREBIRD_ALIASES, "python-kinterbasdb", "http://kinterbasdb.sourceforge.net/"],
               DBMS.MAXDB: [MAXDB_ALIASES, None, None],
-              DBMS.SYBASE: [SYBASE_ALIASES, "python-pymssql", "http://pymssql.sourceforge.net/"]
+              DBMS.SYBASE: [SYBASE_ALIASES, "python-pymssql", "http://pymssql.sourceforge.net/"],
+              DBMS.DB2: [DB2_ALIASES, None, None]
             }
 
 REFERER_ALIASES = ( "ref", "referer", "referrer" )
diff --git a/plugins/dbms/db2/__init__.py b/plugins/dbms/db2/__init__.py
@@ -0,0 +1,36 @@
+#!/usr/bin/env python
+
+"""
+$Id: __init__.py 3678 2011-04-15 12:33:18Z stamparm $
+
+Copyright (c) 2006-2011 sqlmap developers (http://sqlmap.sourceforge.net/)
+See the file 'doc/COPYING' for copying permission
+"""
+
+from lib.core.enums import DBMS
+from lib.core.settings import DB2_SYSTEM_DBS
+from lib.core.unescaper import unescaper
+
+from plugins.dbms.db2.enumeration import Enumeration
+from plugins.dbms.db2.filesystem import Filesystem
+from plugins.dbms.db2.fingerprint import Fingerprint
+from plugins.dbms.db2.syntax import Syntax
+from plugins.dbms.db2.takeover import Takeover
+from plugins.generic.misc import Miscellaneous
+
+class DB2Map(Syntax, Fingerprint, Enumeration, Filesystem, Miscellaneous, Takeover):
+    """
+    This class defines DB2 methods
+    """
+
+    def __init__(self):
+        self.excludeDbsList = DB2_SYSTEM_DBS
+
+        Syntax.__init__(self)
+        Fingerprint.__init__(self)
+        Enumeration.__init__(self)
+        Filesystem.__init__(self)
+        Miscellaneous.__init__(self)
+        Takeover.__init__(self)
+
+    unescaper[DBMS.DB2] = Syntax.unescape
diff --git a/plugins/dbms/db2/connector.py b/plugins/dbms/db2/connector.py
@@ -0,0 +1,31 @@
+#!/usr/bin/env python
+
+"""
+$Id: connector.py 3678 2011-04-15 12:33:18Z stamparm $
+
+Copyright (c) 2006-2011 sqlmap developers (http://sqlmap.sourceforge.net/)
+See the file 'doc/COPYING' for copying permission
+"""
+
+try:
+    import pyodbc
+except ImportError, _:
+    pass
+
+from lib.core.data import logger
+from lib.core.exception import sqlmapConnectionException
+from lib.core.exception import sqlmapUnsupportedFeatureException
+
+from plugins.generic.connector import Connector as GenericConnector
+
+class Connector(GenericConnector):
+    """
+    Homepage: http://pyodbc.googlecode.com/
+    User guide: http://code.google.com/p/pyodbc/wiki/GettingStarted
+    API: http://code.google.com/p/pyodbc/w/list
+    Debian package: python-pyodbc
+    License: MIT
+    """
+
+    def __init__(self):
+        GenericConnector.__init__(self)
diff --git a/plugins/dbms/db2/enumeration.py b/plugins/dbms/db2/enumeration.py
@@ -0,0 +1,22 @@
+#!/usr/bin/env python
+
+"""
+$Id: enumeration.py 3678 2011-04-15 12:33:18Z stamparm $
+
+Copyright (c) 2006-2011 sqlmap developers (http://sqlmap.sourceforge.net/)
+See the file 'doc/COPYING' for copying permission
+"""
+
+
+from lib.core.data import logger
+from plugins.generic.enumeration import Enumeration as GenericEnumeration
+
+class Enumeration(GenericEnumeration):
+    def __init__(self):
+        GenericEnumeration.__init__(self)        
+    
+    def getPasswordHashes(self):
+        warnMsg = "on DB2 it is not possible to list password hashes"
+        logger.warn(warnMsg)
+
+        return {}
diff --git a/plugins/dbms/db2/filesystem.py b/plugins/dbms/db2/filesystem.py
@@ -0,0 +1,23 @@
+#!/usr/bin/env python
+
+"""
+$Id: filesystem.py 3678 2011-04-15 12:33:18Z stamparm $
+
+Copyright (c) 2006-2011 sqlmap developers (http://sqlmap.sourceforge.net/)
+See the file 'doc/COPYING' for copying permission
+"""
+
+from lib.core.common import randomStr
+from lib.core.data import conf
+from lib.core.data import kb
+from lib.core.data import logger
+from lib.core.enums import PLACE
+from lib.core.exception import sqlmapNoneDataException
+from lib.request import inject
+from lib.techniques.inband.union.use import unionUse
+
+from plugins.generic.filesystem import Filesystem as GenericFilesystem
+
+class Filesystem(GenericFilesystem):
+    def __init__(self):
+        GenericFilesystem.__init__(self)
diff --git a/plugins/dbms/db2/fingerprint.py b/plugins/dbms/db2/fingerprint.py
@@ -0,0 +1,114 @@
+#!/usr/bin/env python
+
+"""
+$Id: fingerprint.py 3678 2011-04-15 12:33:18Z stamparm $
+
+Copyright (c) 2006-2011 sqlmap developers (http://sqlmap.sourceforge.net/)
+See the file 'doc/COPYING' for copying permission
+"""
+
+
+from lib.core.common import Backend
+from lib.core.common import Format
+from lib.core.common import randomInt
+from lib.core.data import conf
+from lib.core.data import kb
+from lib.core.data import logger
+from lib.core.enums import DBMS
+from lib.core.session import setDbms
+from lib.core.settings import DB2_ALIASES
+from lib.request import inject
+
+from plugins.generic.fingerprint import Fingerprint as GenericFingerprint
+
+class Fingerprint(GenericFingerprint):
+    def __init__(self):
+        GenericFingerprint.__init__(self, DBMS.DB2)		
+
+    def versionCheck(self):
+        minor, major = None, None
+    
+        for version in reversed(xrange(5, 15)):
+            result = inject.checkBooleanExpression("(SELECT COUNT(*) FROM sysibm.sysversions WHERE versionnumber BETWEEN %d000000 AND %d999999)>0" % (version, version))
+            if result:
+                major = version
+    
+                for version in reversed(xrange(0, 20)):
+                    result = inject.checkBooleanExpression("(SELECT COUNT(*) FROM sysibm.sysversions WHERE versionnumber BETWEEN %d%02d0000 AND %d%02d9999)>0" % (major, version, major, version))
+                    if result:
+                        minor = version
+                        version = "%s.%s" % (major, minor)
+                        break                    
+                break
+            
+        if major and minor:
+            return "%s.%s" % (major, minor)
+        else:
+            return None
+
+    def getFingerprint(self):
+        value  = ""
+        wsOsFp = Format.getOs("web server", kb.headersFp)
+
+        if wsOsFp:
+            value += "%s\n" % wsOsFp
+
+        if kb.data.banner:
+            dbmsOsFp = Format.getOs("back-end DBMS", kb.bannerFp)
+
+            if dbmsOsFp:
+                value += "%s\n" % dbmsOsFp
+
+        value += "back-end DBMS: "
+
+        if not conf.extensiveFp:
+            value += DBMS.DB2
+            return value
+
+        actVer      = Format.getDbms()
+        blank       = " " * 15
+        value      += "active fingerprint: %s" % actVer
+
+        if kb.bannerFp:
+            banVer = kb.bannerFp["dbmsVersion"] if 'dbmsVersion' in kb.bannerFp else None
+            banVer = Format.getDbms([banVer])
+            value += "\n%sbanner parsing fingerprint: %s" % (blank, banVer)
+
+        htmlErrorFp = Format.getErrorParsedDBMSes()
+
+        if htmlErrorFp:
+            value += "\n%shtml error message fingerprint: %s" % (blank, htmlErrorFp)
+
+        return value
+
+    def checkDbms(self):
+        if not conf.extensiveFp and (Backend.isDbmsWithin(DB2_ALIASES) or conf.dbms in DB2_ALIASES):
+            setDbms(DBMS.DB2)
+
+            return True
+
+        logMsg = "testing %s" % DBMS.DB2
+        logger.info(logMsg)
+
+        randInt = randomInt()
+        result = inject.checkBooleanExpression("(SELECT %d FROM sysibm.sysdummy1) = %d" % (randInt, randInt))
+
+        if result:
+            logMsg = "confirming %s" % DBMS.DB2
+            logger.info(logMsg)
+
+            version = self.versionCheck()
+
+            if version:
+                Backend.setVersion(version)
+                setDbms("%s %s" % (DBMS.DB2, Backend.getVersion()))
+            else:
+                setDbms(DBMS.DB2) 
+
+
+            return True
+        else:
+            warnMsg = "the back-end DBMS is not %s" % DBMS.DB2
+            logger.warn(warnMsg)
+
+            return False
diff --git a/plugins/dbms/db2/syntax.py b/plugins/dbms/db2/syntax.py
diff --git a/plugins/dbms/db2/takeover.py b/plugins/dbms/db2/takeover.py
diff --git a/plugins/generic/enumeration.py b/plugins/generic/enumeration.py
diff --git a/xml/queries.xml b/xml/queries.xml
