def startElement(self, name, attrs): if name == "regexp": self.__regexp = sanitizeStr(attrs.get("value")) self.__match = re.search(self.__regexp, self.__banner, re.I | re.M) if name == "info" and self.__match: self.__feedInfo("type", attrs.get("type")) self.__feedInfo("distrib", attrs.get("distrib")) self.__feedInfo("release", attrs.get("release")) self.__feedInfo("codename", attrs.get("codename")) self.__dbmsVersion = sanitizeStr(attrs.get("dbms_version")) self.__techVersion = sanitizeStr(attrs.get("tech_version")) self.__sp = sanitizeStr(attrs.get("sp")) if self.__dbmsVersion.isdigit(): self.__feedInfo("dbmsVersion", self.__match.group(int(self.__dbmsVersion))) if self.__techVersion.isdigit(): self.__feedInfo("technology", "%s %s" % (attrs.get("technology"), self.__match.group(int(self.__techVersion)))) else: self.__feedInfo("technology", attrs.get("technology")) if self.__sp.isdigit(): self.__feedInfo("sp", "Service Pack %s" % self.__match.group(int(self.__sp))) self.__regexp = None self.__match = None self.__dbmsVersion = None self.__techVersion = None
def startElement(self, name, attrs): if name == "regexp": self._regexp = sanitizeStr(attrs.get("value")) _ = re.match("\A[A-Za-z0-9]+", self._regexp) # minor trick avoiding compiling of large amount of regexes if _ and _.group(0).lower() in self._banner.lower() or not _: self._match = re.search(self._regexp, self._banner, re.I | re.M) else: self._match = None if name == "info" and self._match: self._feedInfo("type", attrs.get("type")) self._feedInfo("distrib", attrs.get("distrib")) self._feedInfo("release", attrs.get("release")) self._feedInfo("codename", attrs.get("codename")) self._dbmsVersion = sanitizeStr(attrs.get("dbms_version")) self._techVersion = sanitizeStr(attrs.get("tech_version")) self._sp = sanitizeStr(attrs.get("sp")) if self._dbmsVersion.isdigit(): self._feedInfo("dbmsVersion", self._match.group(int(self._dbmsVersion))) if self._techVersion.isdigit(): self._feedInfo("technology", "%s %s" % (attrs.get("technology"), self._match.group(int(self._techVersion)))) else: self._feedInfo("technology", attrs.get("technology")) if self._sp.isdigit(): self._feedInfo("sp", "Service Pack %s" % int(self._sp)) self._regexp = None self._match = None self._dbmsVersion = None self._techVersion = None
def __init__(self, banner, info): self.__banner = sanitizeStr(banner) self.__regexp = None self.__match = None self.__dbmsVersion = None self.__techVersion = None self.__info = info
def _feedInfo(self, key, value): value = sanitizeStr(value) if value in (None, "None"): return self._info[key] = value
def _feedInfo(self, key, value): value = sanitizeStr(value) if value in ( None, "None" ): return self._info[key] = value
def __feedInfo(self, key, value): value = sanitizeStr(value) if value in (None, "None"): return kb.bannerFp[key] = value
def __setHTTPUserAgent(): """ Set the HTTP User-Agent header. Depending on the user options it can be: * The default sqlmap string * A default value read as user option * A random value read from a list of User-Agent headers from a file choosed as user option """ if conf.agent: debugMsg = "setting the HTTP User-Agent header" logger.debug(debugMsg) conf.httpHeaders.append(("User-Agent", conf.agent)) return if not conf.userAgentsFile: addDefaultUserAgent = True for header, _ in conf.httpHeaders: if header == "User-Agent": addDefaultUserAgent = False break if addDefaultUserAgent: conf.httpHeaders.append(("User-Agent", __defaultHTTPUserAgent())) return if not kb.userAgents: debugMsg = "loading random HTTP User-Agent header(s) from " debugMsg += "file '%s'" % conf.userAgentsFile logger.debug(debugMsg) try: kb.userAgents = getFileItems(conf.userAgentsFile) except IOError: warnMsg = "unable to read HTTP User-Agent header " warnMsg += "file '%s'" % conf.userAgentsFile logger.warn(warnMsg) conf.httpHeaders.append(("User-Agent", __defaultHTTPUserAgent())) return __count = len(kb.userAgents) if __count == 1: __userAgent = kb.userAgents[0] else: __userAgent = kb.userAgents[randomRange(stop=__count-1)] __userAgent = sanitizeStr(__userAgent) conf.httpHeaders.append(("User-Agent", __userAgent)) logMsg = "fetched random HTTP User-Agent header from " logMsg += "file '%s': %s" % (conf.userAgentsFile, __userAgent) logger.info(logMsg)
def __init__(self, banner): self.__banner = sanitizeStr(banner) self.__inVersion = False self.__inServicePack = False self.__release = None self.__version = "" self.__servicePack = ""
def __init__(self, banner, info): ContentHandler.__init__(self) self._banner = sanitizeStr(banner) self._regexp = None self._match = None self._dbmsVersion = None self._techVersion = None self._info = info
def __init__(self, banner, info): self.__banner = sanitizeStr(banner) self.__inVersion = False self.__inServicePack = False self.__release = None self.__version = "" self.__versionAlt = None self.__servicePack = "" self.__info = info
def startElement(self, name, attrs): if name == "signatures": self.__release = sanitizeStr(attrs.get("release")) elif name == "version": self.__inVersion = True elif name == "servicepack": self.__inServicePack = True
def startElement(self, name, attrs): if name == "signatures": self._release = sanitizeStr(attrs.get("release")) elif name == "version": self._inVersion = True elif name == "servicepack": self._inServicePack = True
def __init__(self, banner, info): ContentHandler.__init__(self) self._banner = sanitizeStr(banner) self._inVersion = False self._inServicePack = False self._release = None self._version = "" self._versionAlt = None self._servicePack = "" self._info = info
def _feedInfo(self, key, value): value = sanitizeStr(value) if value in (None, "None"): return if key == "dbmsVersion": self._info[key] = value else: if key not in self._info: self._info[key] = set() for _ in value.split("|"): self._info[key].add(_)
def __feedInfo(self, key, value): value = sanitizeStr(value) if value in ( None, "None" ): return if key in ( "dbmsVersion" ): self.__info[key] = value else: if key not in self.__info.keys(): self.__info[key] = set() for v in value.split("|"): self.__info[key].add(v)
def __feedInfo(self, key, value): value = sanitizeStr(value) if value in (None, "None"): return if key in ("dbmsVersion"): self.__info[key] = value else: if key not in self.__info.keys(): self.__info[key] = set() for v in value.split("|"): self.__info[key].add(v)
def startElement(self, name, attrs): if name == "regexp": self.__regexp = sanitizeStr(attrs.get("value")) self.__match = re.search(self.__regexp, self.__banner, re.I | re.M) if name == "info" and self.__match: self.__feedInfo("type", attrs.get("type")) self.__feedInfo("distrib", attrs.get("distrib")) self.__feedInfo("release", attrs.get("release")) self.__feedInfo("codename", attrs.get("codename")) self.__dbmsVersion = sanitizeStr(attrs.get("dbms_version")) self.__techVersion = sanitizeStr(attrs.get("tech_version")) self.__sp = sanitizeStr(attrs.get("sp")) if self.__dbmsVersion.isdigit(): self.__feedInfo("dbmsVersion", self.__match.group(int(self.__dbmsVersion))) if self.__techVersion.isdigit(): self.__feedInfo( "technology", "%s %s" % (attrs.get("technology"), self.__match.group(int(self.__techVersion)))) else: self.__feedInfo("technology", attrs.get("technology")) if self.__sp.isdigit(): self.__feedInfo( "sp", "Service Pack %s" % self.__match.group(int(self.__sp))) self.__regexp = None self.__match = None self.__dbmsVersion = None self.__techVersion = None
def htmlParser(page): """ This function calls a class that parses the input HTML page to fingerprint the back-end database management system """ xmlfile = paths.ERRORS_XML checkFile(xmlfile) page = sanitizeStr(page) handler = htmlHandler(page) parse(xmlfile, handler) if handler.dbms and handler.dbms not in kb.htmlFp: kb.htmlFp.append(handler.dbms) return handler.dbms
def startElement(self, name, attrs): if name == "dbms": data = sanitizeStr(attrs.get("value")) self.__dbms = data elif name == "cast": data = sanitizeStr(attrs.get("query")) self.__queries.cast = data elif name == "length": data = sanitizeStr(attrs.get("query")) self.__queries.length = data elif name == "isnull": data = sanitizeStr(attrs.get("query")) self.__queries.isnull = data elif name == "delimiter": data = sanitizeStr(attrs.get("query")) self.__queries.delimiter = data elif name == "limit": data = sanitizeStr(attrs.get("query")) self.__queries.limit = data elif name == "limitregexp": data = sanitizeStr(attrs.get("query")) self.__queries.limitregexp = data elif name == "limitgroupstart": data = sanitizeStr(attrs.get("query")) self.__queries.limitgroupstart = data elif name == "limitgroupstop": data = sanitizeStr(attrs.get("query")) self.__queries.limitgroupstop = data elif name == "limitstring": data = sanitizeStr(attrs.get("query")) self.__queries.limitstring = data elif name == "order": data = sanitizeStr(attrs.get("query")) self.__queries.order = data elif name == "count": data = sanitizeStr(attrs.get("query")) self.__queries.count = data elif name == "comment": data = sanitizeStr(attrs.get("query")) self.__queries.comment = data elif name == "timedelay": data = sanitizeStr(attrs.get("query")) self.__queries.timedelay = data elif name == "substring": data = sanitizeStr(attrs.get("query")) self.__queries.substring = data elif name == "inference": data = sanitizeStr(attrs.get("query")) self.__queries.inference = data elif name == "banner": data = sanitizeStr(attrs.get("query")) self.__queries.banner = data elif name == "current_user": data = sanitizeStr(attrs.get("query")) self.__queries.currentUser = data elif name == "current_db": data = sanitizeStr(attrs.get("query")) self.__queries.currentDb = data elif name == "inband": self.__inband = sanitizeStr(attrs.get("query")) self.__inband2 = sanitizeStr(attrs.get("query2")) self.__condition = sanitizeStr(attrs.get("condition")) self.__condition2 = sanitizeStr(attrs.get("condition2")) elif name == "blind": self.__blind = sanitizeStr(attrs.get("query")) self.__blind2 = sanitizeStr(attrs.get("query2")) self.__count = sanitizeStr(attrs.get("count")) self.__count2 = sanitizeStr(attrs.get("count2"))
def characters(self, data): if self.__inVersion: self.__version += sanitizeStr(data) elif self.__inServicePack: self.__servicePack += sanitizeStr(data)
def characters(self, content): if self._inVersion: self._version += sanitizeStr(content) elif self._inServicePack: self._servicePack += sanitizeStr(content)
def __setHTTPUserAgent(): """ Set the HTTP User-Agent header. Depending on the user options it can be: * The default sqlmap string * A default value read as user option * A random value read from a list of User-Agent headers from a file choosed as user option """ if conf.agent: debugMsg = "setting the HTTP User-Agent header" logger.debug(debugMsg) conf.httpHeaders.append(("User-Agent", conf.agent)) return if not conf.userAgentsFile: conf.httpHeaders.append(("User-Agent", __defaultHTTPUserAgent())) return debugMsg = "fetching random HTTP User-Agent header from " debugMsg += "file '%s'" % conf.userAgentsFile logger.debug(debugMsg) try: fd = open(conf.userAgentsFile, "r") except IOError: warnMsg = "unable to read HTTP User-Agent header " warnMsg += "file '%s'" % conf.userAgentsFile logger.warn(warnMsg) conf.httpHeaders.append(("User-Agent", __defaultHTTPUserAgent())) return __count = 0 __userAgents = [] while True: line = fd.readline() if not line: break __userAgents.append(line) __count += 1 fd.close() if __count == 1: __userAgent = __userAgents[0] else: __userAgent = __userAgents[randomRange(stop=__count)] __userAgent = sanitizeStr(__userAgent) conf.httpHeaders.append(("User-Agent", __userAgent)) logMsg = "fetched random HTTP User-Agent header from " logMsg += "file '%s': %s" % (conf.userAgentsFile, __userAgent) logger.info(logMsg)
def characters(self, data): if self._inVersion: self._version += sanitizeStr(data) elif self._inServicePack: self._servicePack += sanitizeStr(data)