Thanks to visit codestin.com
Credit goes to github.com

Skip to content

Commit 9eb6835

Browse files
bdamelebdamele
committed
Minor improvement at blind SQL inj technique for DB2
1 parent 75524c2 commit 9eb6835

2 files changed

Lines changed: 3 additions & 4 deletions

File tree

lib/techniques/blind/inference.py

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -135,7 +135,7 @@ def tryHint(idx):
135135
hintlock.release()
136136

137137
if hintValue is not None and len(hintValue) >= idx:
138-
if Backend.getIdentifiedDbms() in (DBMS.SQLITE, DBMS.ACCESS, DBMS.MAXDB):
138+
if Backend.getIdentifiedDbms() in (DBMS.SQLITE, DBMS.ACCESS, DBMS.MAXDB, DBMS.DB2):
139139
posValue = hintValue[idx-1]
140140
else:
141141
posValue = ord(hintValue[idx-1])

xml/queries.xml

Lines changed: 2 additions & 3 deletions
Original file line numberDiff line numberDiff line change
@@ -564,8 +564,7 @@
564564
<timedelay query=""/>
565565
<substring query="SUBSTR((%s),%d,%d)"/>
566566
<case query="SELECT (CASE WHEN (%s) THEN '1' ELSE '0' END) FROM SYSIBM.SYSDUMMY1"/>
567-
<!-- TODO: ASCII() not supported in all versions -->
568-
<inference query="ASCII(SUBSTR((%s),%d,1)) > %d"/>
567+
<inference query="SUBSTR((%s),%d,1) > '%c'"/>
569568
<!-- NOTE: We have to use the complicated UDB OLAP functions in query2 because sqlmap injects isnull query inside MAX function, else we would use: SELECT MAX(versionnumber) FROM sysibm.sysversions -->
570569
<banner query="SELECT service_level FROM TABLE (sysproc.env_get_inst_info())" query2="SELECT versionnumber FROM (SELECT ROW_NUMBER() OVER (ORDER BY versionnumber DESC) AS LIMIT, versionnumber FROM sysibm.sysversions) AS foobar WHERE LIMIT=1"/>
571570
<current_user query="SELECT user FROM SYSIBM.SYSDUMMY1"/>
@@ -602,7 +601,7 @@
602601
</dump_table>
603602
<search_db>
604603
<inband query="SELECT schemaname FROM syscat.schemata WHERE " query2="" condition="schemaname" condition2=""/>
605-
<blind query="SELECT schemaname FROM (SELECT DISTINCT(schemaname) FROM syscat.schemata WHERE " query2="" count="SELECT COUNT(DISTINCT(schemaname)) FROM syscat.schemata WHERE " count2="" condition="schemaname" condition2=""/>
604+
<blind query="SELECT schemaname FROM (SELECT DISTINCT(schemaname) FROM syscat.schemata WHERE " query2="" count="SELECT COUNT(DISTINCT(schemaname)) FROM syscat.schemata WHERE " count2="" condition="schemaname" condition2=""/>
606605
</search_db>
607606
<search_table>
608607
<inband query="SELECT tabschema, tabname FROM sysstat.tables WHERE " condition="tabname" condition2="tabschema"/>

0 commit comments

Comments
 (0)