Skip to content

Commit 73d9920

Browse files
sqlmap-projectsqlmap-project
authored
Add files via upload
1 parent d6a42a8 commit 73d9920

64 files changed

Lines changed: 15252 additions & 0 deletions

Some content is hidden

Large Commits have some content hidden by default. Use the searchbox below for content that may be hidden.

lib/__init__.py

Lines changed: 8 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,8 @@
1+
#!/usr/bin/env python
2+
3+
"""
4+
Copyright (c) 2006-2024 sqlmap developers (https://sqlmap.org/)
5+
See the file 'LICENSE' for copying permission
6+
"""
7+
8+
pass

lib/parse/__init__.py

Lines changed: 8 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,8 @@
1+
#!/usr/bin/env python
2+
3+
"""
4+
Copyright (c) 2006-2024 sqlmap developers (https://sqlmap.org/)
5+
See the file 'LICENSE' for copying permission
6+
"""
7+
8+
pass

lib/parse/banner.py

Lines changed: 115 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,115 @@
1+
#!/usr/bin/env python
2+
3+
"""
4+
Copyright (c) 2006-2024 sqlmap developers (https://sqlmap.org/)
5+
See the file 'LICENSE' for copying permission
6+
"""
7+
8+
import re
9+
10+
from xml.sax.handler import ContentHandler
11+
12+
from lib.core.common import Backend
13+
from lib.core.common import parseXmlFile
14+
from lib.core.common import sanitizeStr
15+
from lib.core.data import kb
16+
from lib.core.data import paths
17+
from lib.core.enums import DBMS
18+
from lib.parse.handler import FingerprintHandler
19+
20+
class MSSQLBannerHandler(ContentHandler):
21+
"""
22+
This class defines methods to parse and extract information from the
23+
given Microsoft SQL Server banner based upon the data in XML file
24+
"""
25+
26+
def __init__(self, banner, info):
27+
ContentHandler.__init__(self)
28+
29+
self._banner = sanitizeStr(banner or "")
30+
self._inVersion = False
31+
self._inServicePack = False
32+
self._release = None
33+
self._version = ""
34+
self._versionAlt = None
35+
self._servicePack = ""
36+
self._info = info
37+
38+
def _feedInfo(self, key, value):
39+
value = sanitizeStr(value)
40+
41+
if value in (None, "None"):
42+
return
43+
44+
self._info[key] = value
45+
46+
def startElement(self, name, attrs):
47+
if name == "signatures":
48+
self._release = sanitizeStr(attrs.get("release"))
49+
50+
elif name == "version":
51+
self._inVersion = True
52+
53+
elif name == "servicepack":
54+
self._inServicePack = True
55+
56+
def characters(self, content):
57+
if self._inVersion:
58+
self._version += sanitizeStr(content)
59+
elif self._inServicePack:
60+
self._servicePack += sanitizeStr(content)
61+
62+
def endElement(self, name):
63+
if name == "signature":
64+
for version in (self._version, self._versionAlt):
65+
if version and self._banner and re.search(r" %s[\.\ ]+" % re.escape(version), self._banner):
66+
self._feedInfo("dbmsRelease", self._release)
67+
self._feedInfo("dbmsVersion", self._version)
68+
self._feedInfo("dbmsServicePack", self._servicePack)
69+
break
70+
71+
self._version = ""
72+
self._versionAlt = None
73+
self._servicePack = ""
74+
75+
elif name == "version":
76+
self._inVersion = False
77+
self._version = self._version.replace(" ", "")
78+
79+
match = re.search(r"\A(?P<major>\d+)\.00\.(?P<build>\d+)\Z", self._version)
80+
self._versionAlt = "%s.0.%s.0" % (match.group('major'), match.group('build')) if match else None
81+
82+
elif name == "servicepack":
83+
self._inServicePack = False
84+
self._servicePack = self._servicePack.replace(" ", "")
85+
86+
def bannerParser(banner):
87+
"""
88+
This function calls a class to extract information from the given
89+
DBMS banner based upon the data in XML file
90+
"""
91+
92+
xmlfile = None
93+
94+
if Backend.isDbms(DBMS.MSSQL):
95+
xmlfile = paths.MSSQL_XML
96+
elif Backend.isDbms(DBMS.MYSQL):
97+
xmlfile = paths.MYSQL_XML
98+
elif Backend.isDbms(DBMS.ORACLE):
99+
xmlfile = paths.ORACLE_XML
100+
elif Backend.isDbms(DBMS.PGSQL):
101+
xmlfile = paths.PGSQL_XML
102+
103+
if not xmlfile:
104+
return
105+
106+
if Backend.isDbms(DBMS.MSSQL):
107+
handler = MSSQLBannerHandler(banner, kb.bannerFp)
108+
parseXmlFile(xmlfile, handler)
109+
110+
handler = FingerprintHandler(banner, kb.bannerFp)
111+
parseXmlFile(paths.GENERIC_XML, handler)
112+
else:
113+
handler = FingerprintHandler(banner, kb.bannerFp)
114+
parseXmlFile(xmlfile, handler)
115+
parseXmlFile(paths.GENERIC_XML, handler)

0 commit comments

Comments
 (0)