Thanks to visit codestin.com
Credit goes to github.com

Skip to content

Commit b6af80b

Browse files
stamparmstamparm
committed
refactoring, cleanup and improvement
1 parent adfbfef commit b6af80b

7 files changed

Lines changed: 135 additions & 134 deletions

File tree

lib/core/common.py

Lines changed: 34 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -2444,3 +2444,37 @@ def normalizeUnicode(value):
24442444
if isinstance(value, unicode):
24452445
retVal = unicodedata.normalize('NFKD', value).encode('ascii','ignore')
24462446
return retVal
2447+
2448+
def safeSQLIdentificatorNaming(name, isTable=False):
2449+
"""
2450+
Returns a safe representation of SQL identificator name
2451+
"""
2452+
retVal = name
2453+
if isinstance(name, basestring):
2454+
if isTable and Backend.getIdentifiedDbms() in (DBMS.MSSQL, DBMS.SYBASE) and '.' not in name:
2455+
name = "%s.%s" % (DEFAULT_MSSQL_SCHEMA, name)
2456+
2457+
parts = name.split('.')
2458+
for i in range(len(parts)):
2459+
if not re.match(r"\A[A-Za-z0-9_]+\Z", parts[i]):
2460+
if Backend.getIdentifiedDbms() in (DBMS.MYSQL, DBMS.ACCESS):
2461+
parts[i] = "`%s`" % parts[i].strip("`")
2462+
elif Backend.getIdentifiedDbms() in (DBMS.MSSQL, DBMS.ORACLE, DBMS.PGSQL):
2463+
parts[i] = "\"%s\"" % parts[i].strip("\"")
2464+
retVal = ".".join(parts)
2465+
2466+
return retVal
2467+
2468+
def unsafeSQLIdentificatorNaming(name):
2469+
"""
2470+
Extracts identificator's name from it's safe SQL representation
2471+
"""
2472+
retVal = name
2473+
if isinstance(name, basestring):
2474+
if Backend.getIdentifiedDbms() in (DBMS.MYSQL, DBMS.ACCESS):
2475+
retVal = name.replace("`", "")
2476+
elif Backend.getIdentifiedDbms() in (DBMS.MSSQL, DBMS.ORACLE, DBMS.PGSQL):
2477+
retVal = name.replace("\"", "")
2478+
if Backend.getIdentifiedDbms() in (DBMS.MSSQL, DBMS.SYBASE):
2479+
retVal = retVal.lstrip("%s." % DEFAULT_MSSQL_SCHEMA)
2480+
return retVal

lib/core/option.py

Lines changed: 1 addition & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -1307,6 +1307,7 @@ def __useWizardInterface():
13071307
map(lambda x: conf.__setitem__(x, True), ['getBanner', 'getCurrentUser', 'getCurrentDb', 'isDba'])
13081308

13091309
conf.batch = True
1310+
conf.threads = 4
13101311
print
13111312

13121313
def __saveCmdline():

lib/techniques/brute/use.py

Lines changed: 4 additions & 2 deletions
Original file line numberDiff line numberDiff line change
@@ -22,6 +22,7 @@
2222
from lib.core.common import randomInt
2323
from lib.core.common import readInput
2424
from lib.core.common import safeStringFormat
25+
from lib.core.common import safeSQLIdentificatorNaming
2526
from lib.core.data import conf
2627
from lib.core.data import kb
2728
from lib.core.data import logger
@@ -60,7 +61,7 @@ def tableExists(tableFile, regex=None):
6061
def tableExistsThread():
6162
while count[0] < length and kb.threadContinue:
6263
tbllock.acquire()
63-
table = tables[count[0]]
64+
table = safeSQLIdentificatorNaming(tables[count[0]])
6465
count[0] += 1
6566
tbllock.release()
6667

@@ -165,6 +166,7 @@ def columnExists(columnFile, regex=None):
165166
table = "%s%s%s" % (conf.db, '..' if Backend.getIdentifiedDbms() in (DBMS.MSSQL, DBMS.SYBASE) else '.', conf.tbl)
166167
else:
167168
table = conf.tbl
169+
table = safeSQLIdentificatorNaming(table)
168170

169171
retVal = []
170172
infoMsg = "checking column existence using items from '%s'" % columnFile
@@ -180,7 +182,7 @@ def columnExists(columnFile, regex=None):
180182
def columnExistsThread():
181183
while count[0] < length and kb.threadContinue:
182184
collock.acquire()
183-
column = columns[count[0]]
185+
column = safeSQLIdentificatorNaming(columns[count[0]])
184186
count[0] += 1
185187
collock.release()
186188

plugins/dbms/mssqlserver/enumeration.py

Lines changed: 19 additions & 17 deletions
Original file line numberDiff line numberDiff line change
@@ -13,6 +13,8 @@
1313
from lib.core.common import getRange
1414
from lib.core.common import isNumPosStrValue
1515
from lib.core.common import isTechniqueAvailable
16+
from lib.core.common import safeSQLIdentificatorNaming
17+
from lib.core.common import unsafeSQLIdentificatorNaming
1618
from lib.core.data import conf
1719
from lib.core.data import kb
1820
from lib.core.data import logger
@@ -78,7 +80,7 @@ def getTables(self):
7880

7981
if isTechniqueAvailable(PAYLOAD.TECHNIQUE.UNION) or isTechniqueAvailable(PAYLOAD.TECHNIQUE.ERROR) or conf.direct:
8082
for db in dbs:
81-
db = self.__safeSQLIdentificatorNaming(db)
83+
db = safeSQLIdentificatorNaming(db)
8284

8385
if conf.excludeSysDbs and db in self.excludeDbsList:
8486
infoMsg = "skipping system database '%s'" % db
@@ -94,7 +96,7 @@ def getTables(self):
9496

9597
if not kb.data.cachedTables and not conf.direct:
9698
for db in dbs:
97-
db = self.__safeSQLIdentificatorNaming(db)
99+
db = safeSQLIdentificatorNaming(db)
98100

99101
if conf.excludeSysDbs and db in self.excludeDbsList:
100102
infoMsg = "skipping system database '%s'" % db
@@ -154,23 +156,23 @@ def searchTable(self):
154156
if isinstance(db, list):
155157
db = db[0]
156158

157-
db = self.__safeSQLIdentificatorNaming(db)
159+
db = safeSQLIdentificatorNaming(db)
158160
foundTbls[db] = []
159161

160162
for tbl in tblList:
161-
tbl = self.__safeSQLIdentificatorNaming(tbl, True)
163+
tbl = safeSQLIdentificatorNaming(tbl, True)
162164

163165
infoMsg = "searching table"
164166
if tblConsider == "1":
165167
infoMsg += "s like"
166-
infoMsg += " '%s'" % self.__unsafeSQLIdentificatorNaming(tbl)
168+
infoMsg += " '%s'" % unsafeSQLIdentificatorNaming(tbl)
167169
logger.info(infoMsg)
168170

169171
tblQuery = "%s%s" % (tblCond, tblCondParam)
170-
tblQuery = tblQuery % self.__unsafeSQLIdentificatorNaming(tbl)
172+
tblQuery = tblQuery % unsafeSQLIdentificatorNaming(tbl)
171173

172174
for db in foundTbls.keys():
173-
db = self.__safeSQLIdentificatorNaming(db)
175+
db = safeSQLIdentificatorNaming(db)
174176

175177
if conf.excludeSysDbs and db in self.excludeDbsList:
176178
infoMsg = "skipping system database '%s'" % db
@@ -196,7 +198,7 @@ def searchTable(self):
196198
infoMsg = "fetching number of table"
197199
if tblConsider == "1":
198200
infoMsg += "s like"
199-
infoMsg += " '%s' in database '%s'" % (self.__unsafeSQLIdentificatorNaming(tbl), self.__unsafeSQLIdentificatorNaming(db))
201+
infoMsg += " '%s' in database '%s'" % (unsafeSQLIdentificatorNaming(tbl), unsafeSQLIdentificatorNaming(db))
200202
logger.info(infoMsg)
201203

202204
query = rootQuery.blind.count2
@@ -208,8 +210,8 @@ def searchTable(self):
208210
warnMsg = "no table"
209211
if tblConsider == "1":
210212
warnMsg += "s like"
211-
warnMsg += " '%s' " % self.__unsafeSQLIdentificatorNaming(tbl)
212-
warnMsg += "in database '%s'" % self.__unsafeSQLIdentificatorNaming(db)
213+
warnMsg += " '%s' " % unsafeSQLIdentificatorNaming(tbl)
214+
warnMsg += "in database '%s'" % unsafeSQLIdentificatorNaming(db)
213215
logger.warn(warnMsg)
214216

215217
continue
@@ -245,25 +247,25 @@ def searchColumn(self):
245247
enumDbs = kb.data.cachedDbs
246248

247249
for db in enumDbs:
248-
db = self.__safeSQLIdentificatorNaming(db)
250+
db = safeSQLIdentificatorNaming(db)
249251
dbs[db] = {}
250252

251253
for column in colList:
252-
column = self.__safeSQLIdentificatorNaming(column)
254+
column = safeSQLIdentificatorNaming(column)
253255

254256
infoMsg = "searching column"
255257
if colConsider == "1":
256258
infoMsg += "s like"
257-
infoMsg += " '%s'" % self.__unsafeSQLIdentificatorNaming(column)
259+
infoMsg += " '%s'" % unsafeSQLIdentificatorNaming(column)
258260
logger.info(infoMsg)
259261

260262
foundCols[column] = {}
261263

262264
colQuery = "%s%s" % (colCond, colCondParam)
263-
colQuery = colQuery % self.__unsafeSQLIdentificatorNaming(column)
265+
colQuery = colQuery % unsafeSQLIdentificatorNaming(column)
264266

265267
for db in dbs.keys():
266-
db = self.__safeSQLIdentificatorNaming(db)
268+
db = safeSQLIdentificatorNaming(db)
267269

268270
if conf.excludeSysDbs and db in self.excludeDbsList:
269271
infoMsg = "skipping system database '%s'" % db
@@ -281,7 +283,7 @@ def searchColumn(self):
281283
values = [ values ]
282284

283285
for foundTbl in values:
284-
foundTbl = self.__safeSQLIdentificatorNaming(foundTbl, True)
286+
foundTbl = safeSQLIdentificatorNaming(foundTbl, True)
285287

286288
if foundTbl is None:
287289
continue
@@ -339,7 +341,7 @@ def searchColumn(self):
339341
tbl = inject.getValue(query, inband=False, error=False)
340342
kb.hintValue = tbl
341343

342-
tbl = self.__safeSQLIdentificatorNaming(tbl, True)
344+
tbl = safeSQLIdentificatorNaming(tbl, True)
343345

344346
if tbl not in dbs[db]:
345347
dbs[db][tbl] = {}

plugins/dbms/oracle/enumeration.py

Lines changed: 8 additions & 6 deletions
Original file line numberDiff line numberDiff line change
@@ -12,6 +12,8 @@
1212
from lib.core.common import getRange
1313
from lib.core.common import isNumPosStrValue
1414
from lib.core.common import isTechniqueAvailable
15+
from lib.core.common import safeSQLIdentificatorNaming
16+
from lib.core.common import unsafeSQLIdentificatorNaming
1517
from lib.core.data import conf
1618
from lib.core.data import kb
1719
from lib.core.data import logger
@@ -181,21 +183,21 @@ def searchColumn(self):
181183
colConsider, colCondParam = self.likeOrExact("column")
182184

183185
for column in colList:
184-
column = self.__safeSQLIdentificatorNaming(column)
186+
column = safeSQLIdentificatorNaming(column)
185187

186188
infoMsg = "searching column"
187189
if colConsider == "1":
188190
infoMsg += "s like"
189-
infoMsg += " '%s'" % self.__unsafeSQLIdentificatorNaming(column)
191+
infoMsg += " '%s'" % unsafeSQLIdentificatorNaming(column)
190192
logger.info(infoMsg)
191193

192194
foundCols[column] = {}
193195

194196
colQuery = "%s%s" % (colCond, colCondParam)
195-
colQuery = colQuery % self.__unsafeSQLIdentificatorNaming(column)
197+
colQuery = colQuery % unsafeSQLIdentificatorNaming(column)
196198

197199
for db in dbs.keys():
198-
db = self.__safeSQLIdentificatorNaming(db)
200+
db = safeSQLIdentificatorNaming(db)
199201

200202
if isTechniqueAvailable(PAYLOAD.TECHNIQUE.UNION) or isTechniqueAvailable(PAYLOAD.TECHNIQUE.ERROR) or conf.direct:
201203
query = rootQuery.inband.query
@@ -207,7 +209,7 @@ def searchColumn(self):
207209
values = [ values ]
208210

209211
for foundTbl in values:
210-
foundTbl = self.__safeSQLIdentificatorNaming(foundTbl, True)
212+
foundTbl = safeSQLIdentificatorNaming(foundTbl, True)
211213

212214
if foundTbl is None:
213215
continue
@@ -263,7 +265,7 @@ def searchColumn(self):
263265
tbl = inject.getValue(query, inband=False, error=False)
264266
kb.hintValue = tbl
265267

266-
tbl = self.__safeSQLIdentificatorNaming(tbl, True)
268+
tbl = safeSQLIdentificatorNaming(tbl, True)
267269

268270
if tbl not in dbs[db]:
269271
dbs[db][tbl] = {}

0 commit comments

Comments
 (0)