From dd5d522a5c58bd1231f76c89f772809fae3973ed Mon Sep 17 00:00:00 2001
From: Warmlight <344053630@qq.com>
Date: Wed, 8 Jan 2025 20:03:24 +0800
Subject: [PATCH] =?UTF-8?q?=E8=8E=B7=E5=8F=96=E5=92=8C=E7=A1=AE=E8=AE=A4CU?=
=?UTF-8?q?BRID=E6=95=B0=E6=8D=AE=E5=BA=93=E7=AE=A1=E7=90=86=E7=B3=BB?=
=?UTF-8?q?=E7=BB=9F=E6=8C=87=E7=BA=B9?=
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit
---
.../plugins/dbms/cubrid/fingerprint.py | 31 +++++++++++--------
1 file changed, 18 insertions(+), 13 deletions(-)
diff --git a/src/sqlmap-master/plugins/dbms/cubrid/fingerprint.py b/src/sqlmap-master/plugins/dbms/cubrid/fingerprint.py
index afb7258..893b480 100644
--- a/src/sqlmap-master/plugins/dbms/cubrid/fingerprint.py
+++ b/src/sqlmap-master/plugins/dbms/cubrid/fingerprint.py
@@ -17,31 +17,33 @@ from lib.request import inject
from plugins.generic.fingerprint import Fingerprint as GenericFingerprint
class Fingerprint(GenericFingerprint):
+ # 初始化方法,调用父类 GenericFingerprint 的构造函数,设置数据库管理系统为 CUBRID
+ # 获取数据库的指纹信息
def __init__(self):
GenericFingerprint.__init__(self, DBMS.CUBRID)
def getFingerprint(self):
value = ""
- wsOsFp = Format.getOs("web server", kb.headersFp)
+ wsOsFp = Format.getOs("web server", kb.headersFp) # 获取Web服务器的操作系统指纹
if wsOsFp:
- value += "%s\n" % wsOsFp
+ value += "%s\n" % wsOsFp # 如果获取到指纹,将其添加到指纹信息
- if kb.data.banner:
- dbmsOsFp = Format.getOs("back-end DBMS", kb.bannerFp)
+ if kb.data.banner: # 检查是否有数据库的Banner信息
+ dbmsOsFp = Format.getOs("back-end DBMS", kb.bannerFp) # 获取后端数据库的操作系统指纹
if dbmsOsFp:
- value += "%s\n" % dbmsOsFp
+ value += "%s\n" % dbmsOsFp # 如果获取到指纹,将其添加到指纹信息
- value += "back-end DBMS: "
+ value += "back-end DBMS: " # 添加后端DBMS的标签
- if not conf.extensiveFp:
- value += DBMS.CUBRID
+ if not conf.extensiveFp: # 如果不是详细指纹模式
+ value += DBMS.CUBRID # 直接返回CUBRID数据库的信息
return value
actVer = Format.getDbms()
- blank = " " * 15
- value += "active fingerprint: %s" % actVer
+ blank = " " * 15 # 创建一个长度为15个空格的字符串,用作后续格式化输出
+ value += "active fingerprint: %s" % actVer # 添加当前数据库管理系统的指纹信息
if kb.bannerFp:
banVer = kb.bannerFp.get("dbmsVersion")
@@ -50,16 +52,17 @@ class Fingerprint(GenericFingerprint):
banVer = Format.getDbms([banVer])
value += "\n%sbanner parsing fingerprint: %s" % (blank, banVer)
- htmlErrorFp = Format.getErrorParsedDBMSes()
+ htmlErrorFp = Format.getErrorParsedDBMSes() # 获取解析HTML错误消息的数据库系统指纹
if htmlErrorFp:
value += "\n%shtml error message fingerprint: %s" % (blank, htmlErrorFp)
return value
+ # 检查后端数据库管理系统
def checkDbms(self):
if not conf.extensiveFp and Backend.isDbmsWithin(CUBRID_ALIASES):
- setDbms(DBMS.CUBRID)
+ setDbms(DBMS.CUBRID) # 设置当前数据库管理系统为CUBRID
self.getBanner()
@@ -68,12 +71,14 @@ class Fingerprint(GenericFingerprint):
infoMsg = "testing %s" % DBMS.CUBRID
logger.info(infoMsg)
+ # 执行布尔表达式注入测试
result = inject.checkBooleanExpression("{} SUBSETEQ (CAST ({} AS SET))")
if result:
infoMsg = "confirming %s" % DBMS.CUBRID
logger.info(infoMsg)
+ # 再次执行布尔表达式注入测试
result = inject.checkBooleanExpression("DRAND()<2")
if not result:
@@ -82,7 +87,7 @@ class Fingerprint(GenericFingerprint):
return False
- setDbms(DBMS.CUBRID)
+ setDbms(DBMS.CUBRID) # 设置当前数据库管理系统为CUBRID
self.getBanner()