|
|
|
|
@ -17,31 +17,33 @@ from lib.request import inject
|
|
|
|
|
from plugins.generic.fingerprint import Fingerprint as GenericFingerprint
|
|
|
|
|
|
|
|
|
|
class Fingerprint(GenericFingerprint):
|
|
|
|
|
# 初始化方法,调用父类 GenericFingerprint 的构造函数,设置数据库管理系统为 CUBRID
|
|
|
|
|
# 获取数据库的指纹信息
|
|
|
|
|
def __init__(self):
|
|
|
|
|
GenericFingerprint.__init__(self, DBMS.CUBRID)
|
|
|
|
|
|
|
|
|
|
def getFingerprint(self):
|
|
|
|
|
value = ""
|
|
|
|
|
wsOsFp = Format.getOs("web server", kb.headersFp)
|
|
|
|
|
wsOsFp = Format.getOs("web server", kb.headersFp) # 获取Web服务器的操作系统指纹
|
|
|
|
|
|
|
|
|
|
if wsOsFp:
|
|
|
|
|
value += "%s\n" % wsOsFp
|
|
|
|
|
value += "%s\n" % wsOsFp # 如果获取到指纹,将其添加到指纹信息
|
|
|
|
|
|
|
|
|
|
if kb.data.banner:
|
|
|
|
|
dbmsOsFp = Format.getOs("back-end DBMS", kb.bannerFp)
|
|
|
|
|
if kb.data.banner: # 检查是否有数据库的Banner信息
|
|
|
|
|
dbmsOsFp = Format.getOs("back-end DBMS", kb.bannerFp) # 获取后端数据库的操作系统指纹
|
|
|
|
|
|
|
|
|
|
if dbmsOsFp:
|
|
|
|
|
value += "%s\n" % dbmsOsFp
|
|
|
|
|
value += "%s\n" % dbmsOsFp # 如果获取到指纹,将其添加到指纹信息
|
|
|
|
|
|
|
|
|
|
value += "back-end DBMS: "
|
|
|
|
|
value += "back-end DBMS: " # 添加后端DBMS的标签
|
|
|
|
|
|
|
|
|
|
if not conf.extensiveFp:
|
|
|
|
|
value += DBMS.CUBRID
|
|
|
|
|
if not conf.extensiveFp: # 如果不是详细指纹模式
|
|
|
|
|
value += DBMS.CUBRID # 直接返回CUBRID数据库的信息
|
|
|
|
|
return value
|
|
|
|
|
|
|
|
|
|
actVer = Format.getDbms()
|
|
|
|
|
blank = " " * 15
|
|
|
|
|
value += "active fingerprint: %s" % actVer
|
|
|
|
|
blank = " " * 15 # 创建一个长度为15个空格的字符串,用作后续格式化输出
|
|
|
|
|
value += "active fingerprint: %s" % actVer # 添加当前数据库管理系统的指纹信息
|
|
|
|
|
|
|
|
|
|
if kb.bannerFp:
|
|
|
|
|
banVer = kb.bannerFp.get("dbmsVersion")
|
|
|
|
|
@ -50,16 +52,17 @@ class Fingerprint(GenericFingerprint):
|
|
|
|
|
banVer = Format.getDbms([banVer])
|
|
|
|
|
value += "\n%sbanner parsing fingerprint: %s" % (blank, banVer)
|
|
|
|
|
|
|
|
|
|
htmlErrorFp = Format.getErrorParsedDBMSes()
|
|
|
|
|
htmlErrorFp = Format.getErrorParsedDBMSes() # 获取解析HTML错误消息的数据库系统指纹
|
|
|
|
|
|
|
|
|
|
if htmlErrorFp:
|
|
|
|
|
value += "\n%shtml error message fingerprint: %s" % (blank, htmlErrorFp)
|
|
|
|
|
|
|
|
|
|
return value
|
|
|
|
|
|
|
|
|
|
# 检查后端数据库管理系统
|
|
|
|
|
def checkDbms(self):
|
|
|
|
|
if not conf.extensiveFp and Backend.isDbmsWithin(CUBRID_ALIASES):
|
|
|
|
|
setDbms(DBMS.CUBRID)
|
|
|
|
|
setDbms(DBMS.CUBRID) # 设置当前数据库管理系统为CUBRID
|
|
|
|
|
|
|
|
|
|
self.getBanner()
|
|
|
|
|
|
|
|
|
|
@ -68,12 +71,14 @@ class Fingerprint(GenericFingerprint):
|
|
|
|
|
infoMsg = "testing %s" % DBMS.CUBRID
|
|
|
|
|
logger.info(infoMsg)
|
|
|
|
|
|
|
|
|
|
# 执行布尔表达式注入测试
|
|
|
|
|
result = inject.checkBooleanExpression("{} SUBSETEQ (CAST ({} AS SET))")
|
|
|
|
|
|
|
|
|
|
if result:
|
|
|
|
|
infoMsg = "confirming %s" % DBMS.CUBRID
|
|
|
|
|
logger.info(infoMsg)
|
|
|
|
|
|
|
|
|
|
# 再次执行布尔表达式注入测试
|
|
|
|
|
result = inject.checkBooleanExpression("DRAND()<2")
|
|
|
|
|
|
|
|
|
|
if not result:
|
|
|
|
|
@ -82,7 +87,7 @@ class Fingerprint(GenericFingerprint):
|
|
|
|
|
|
|
|
|
|
return False
|
|
|
|
|
|
|
|
|
|
setDbms(DBMS.CUBRID)
|
|
|
|
|
setDbms(DBMS.CUBRID) # 设置当前数据库管理系统为CUBRID
|
|
|
|
|
|
|
|
|
|
self.getBanner()
|
|
|
|
|
|
|
|
|
|
|
