implemented --banner for MaxDB and some minor fixes

stamparm · stamparm · commit cd0d4135ace3 · 2010-11-02T20:51:55.000Z
diff --git a/extra/xmlobject/xmlobject.py b/extra/xmlobject/xmlobject.py
@@ -479,6 +479,9 @@ def __getitem__(self, idx):
         else:
             raise IndexError(idx)
 
+    def __contains__(self, k):
+        return self._has_key(k)
+
     def _addNode(self, child):
         """
         Tries to append a child node to the tree, and returns it
diff --git a/lib/core/dump.py b/lib/core/dump.py
@@ -148,7 +148,7 @@ def dbTables(self, dbTables):
 
             dbTables.sort(key=lambda x: x.lower())
 
-            self.__write("Brute-forced databases:")
+            self.__write("Brute-forced tables:")
 
             if len(dbTables) == 1:
                 self.__write("[1 table]")
diff --git a/lib/techniques/blind/inference.py b/lib/techniques/blind/inference.py
@@ -31,6 +31,7 @@
 from lib.core.exception import sqlmapThreadException
 from lib.core.exception import unhandledException
 from lib.core.progress import ProgressBar
+from lib.core.settings import DBMS
 from lib.core.unescaper import unescaper
 from lib.request.connect import Connect as Request
 
@@ -114,7 +115,7 @@ def tryHint(idx):
         hintlock.release()
 
         if hintValue is not None and len(hintValue) >= idx:
-            if kb.dbms in ("SQLite", "Microsoft Access", "SAP MaxDB"):
+            if kb.dbms in (DBMS.SQLITE, DBMS.ACCESS, DBMS.MAXDB):
                 posValue = hintValue[idx-1]
             else:
                 posValue = ord(hintValue[idx-1])
@@ -166,7 +167,7 @@ def getChar(idx, charTbl=asciiTbl, continuousOrder=True, expand=charsetType is N
             position = (len(charTbl) >> 1)
             posValue = charTbl[position]
 
-            if kb.dbms in ("SQLite", "Microsoft Access", "SAP MaxDB"):
+            if kb.dbms in (DBMS.SQLITE, DBMS.ACCESS, DBMS.MAXDB):
                 pushValue(posValue)
                 posValue = chr(posValue) if posValue < 128 else unichr(posValue)
 
@@ -175,7 +176,7 @@ def getChar(idx, charTbl=asciiTbl, continuousOrder=True, expand=charsetType is N
             queriesCount[0] += 1
             result = Request.queryPage(forgedPayload)
 
-            if kb.dbms in ("SQLite", "Microsoft Access", "SAP MaxDB"):
+            if kb.dbms in (DBMS.SQLITE, DBMS.ACCESS, DBMS.MAXDB):
                 posValue = popValue()
 
             if result:
@@ -491,6 +492,9 @@ def downloadThread():
             if val is None or ( lastChar > 0 and index > lastChar ):
                 break
 
+            if kb.data.processChar:
+                val = kb.data.processChar(val)
+
             finalValue += val
             dataToSessionFile(replaceNewlineTabs(val))
 
diff --git a/plugins/dbms/maxdb/enumeration.py b/plugins/dbms/maxdb/enumeration.py
@@ -7,6 +7,7 @@
 See the file 'doc/COPYING' for copying permission
 """
 
+from lib.core.data import kb
 from lib.core.data import logger
 from lib.core.settings import DBMS
 
@@ -15,19 +16,15 @@
 class Enumeration(GenericEnumeration):
     def __init__(self):
         GenericEnumeration.__init__(self, DBMS.MAXDB)
+        
+        kb.data.processChar = lambda x: x.replace('_', ' ') if x else x
 
     def getDbs(self):
         warnMsg = "on SAP MaxDB it is not possible to enumerate databases"
         logger.warn(warnMsg)
 
         return []
 
-    def getBanner(self):
-        warnMsg = "on SAP MaxDB it is not possible to get a banner"
-        logger.warn(warnMsg)
-
-        return None
-
     def getPasswordHashes(self):
         warnMsg = "on SAP MaxDB it is not possible to enumerate the user password hashes"
         logger.warn(warnMsg)
diff --git a/plugins/dbms/maxdb/syntax.py b/plugins/dbms/maxdb/syntax.py
@@ -16,55 +16,8 @@ def __init__(self):
 
     @staticmethod
     def unescape(expression, quote=True):
-        if quote:
-            while True:
-                index = expression.find("'")
-                if index == -1:
-                    break
-
-                firstIndex = index + 1
-                index = expression[firstIndex:].find("'")
-
-                if index == -1:
-                    raise sqlmapSyntaxException, "Unenclosed ' in '%s'" % expression
-
-                lastIndex = firstIndex + index
-                old = "'%s'" % expression[firstIndex:lastIndex]
-                #unescaped = "("
-                unescaped = ""
-
-                for i in range(firstIndex, lastIndex):
-                    unescaped += "CHR(%d)" % (ord(expression[i]))
-                    if i < lastIndex - 1:
-                        unescaped += "||"
-
-                #unescaped += ")"
-                expression = expression.replace(old, unescaped)
-        else:
-            expression = "||".join("CHR(%d)" % ord(c) for c in expression)
-
         return expression
 
     @staticmethod
     def escape(expression):
-        while True:
-            index = expression.find("CHR(")
-            if index == -1:
-                break
-
-            firstIndex = index
-            index = expression[firstIndex:].find("))")
-
-            if index == -1:
-                raise sqlmapSyntaxException, "Unenclosed ) in '%s'" % expression
-
-            lastIndex = firstIndex + index + 1
-            old = expression[firstIndex:lastIndex]
-            oldUpper = old.upper()
-            oldUpper = oldUpper.replace("CHR(", "").replace(")", "")
-            oldUpper = oldUpper.split("||")
-
-            escaped = "'%s'" % "".join([chr(int(char)) for char in oldUpper])
-            expression = expression.replace(old, escaped)
-
         return expression
diff --git a/plugins/generic/enumeration.py b/plugins/generic/enumeration.py
@@ -63,6 +63,7 @@ def __init__(self, dbms):
         kb.data.cachedTables           = {}
         kb.data.cachedColumns          = {}
         kb.data.dumpedTable            = {}
+        kb.data.processChar            = None
         kb.misc.testedDbms             = dbms
 
     def getBanner(self):
diff --git a/xml/queries.xml b/xml/queries.xml
@@ -420,13 +420,13 @@
    <!-- SAP MaxDB -->
    <dbms value="SAP MaxDB">
         <length query="LENGTH(%s)"/>
-        <inference/>
         <timedelay/>
         <banner query="SELECT ID FROM SYSINFO.VERSION"/>
         <isnull query="VALUE(%s,' ')" query2="IFNULL(%s, ' ')"/>
         <comment query="--" query2="#"/>
         <count query="COUNT(%s)"/>
-        <cast query="CHR(%s)"/>
+        <!-- No real cast on SAP MaxDB -->
+        <cast query="REPLACE(%s, ' ', '_')"/>
         <current_user query="SELECT USER() FROM DUAL"/>
         <current_db query="SELECT DATABASE() FROM DUAL"/>
         <order query="ORDER BY %s ASC"/>
