获取和确认CUBRID数据库管理系统指纹

4 months ago · dd5d522a5c
parent 39986e2ba6
commit dd5d522a5c
1 changed files with 18 additions and 13 deletions
--- a/src/sqlmap-master/plugins/dbms/cubrid/fingerprint.py
+++ b/src/sqlmap-master/plugins/dbms/cubrid/fingerprint.py
@ -17,31 +17,33 @@ from lib.request import inject
 from plugins.generic.fingerprint import Fingerprint as GenericFingerprint
 class Fingerprint(GenericFingerprint):
    # 初始化方法，调用父类 GenericFingerprint 的构造函数，设置数据库管理系统为 CUBRID
     # 获取数据库的指纹信息
    def __init__(self):
        GenericFingerprint.__init__(self, DBMS.CUBRID)
    def getFingerprint(self):
        value = ""
-        wsOsFp = Format.getOs("web server", kb.headersFp)
+        wsOsFp = Format.getOs("web server", kb.headersFp) # 获取Web服务器的操作系统指纹
        if wsOsFp:
-            value += "%s\n" % wsOsFp
+            value += "%s\n" % wsOsFp  # 如果获取到指纹，将其添加到指纹信息
-        if kb.data.banner:
+        if kb.data.banner: # 检查是否有数据库的Banner信息
-            dbmsOsFp = Format.getOs("back-end DBMS", kb.bannerFp)
+            dbmsOsFp = Format.getOs("back-end DBMS", kb.bannerFp) # 获取后端数据库的操作系统指纹
            if dbmsOsFp:
-                value += "%s\n" % dbmsOsFp
+                value += "%s\n" % dbmsOsFp # 如果获取到指纹，将其添加到指纹信息
-        value += "back-end DBMS: "
+        value += "back-end DBMS: " # 添加后端DBMS的标签
-        if not conf.extensiveFp:
+        if not conf.extensiveFp: # 如果不是详细指纹模式
-            value += DBMS.CUBRID
+            value += DBMS.CUBRID # 直接返回CUBRID数据库的信息
            return value
        actVer = Format.getDbms()
-        blank = " " * 15
+        blank = " " * 15 # 创建一个长度为15个空格的字符串，用作后续格式化输出
-        value += "active fingerprint: %s" % actVer
+        value += "active fingerprint: %s" % actVer # 添加当前数据库管理系统的指纹信息
        if kb.bannerFp:
            banVer = kb.bannerFp.get("dbmsVersion")
@ -50,16 +52,17 @@ class Fingerprint(GenericFingerprint):
                banVer = Format.getDbms([banVer])
                value += "\n%sbanner parsing fingerprint: %s" % (blank, banVer)
-        htmlErrorFp = Format.getErrorParsedDBMSes()
+        htmlErrorFp = Format.getErrorParsedDBMSes() # 获取解析HTML错误消息的数据库系统指纹
        if htmlErrorFp:
            value += "\n%shtml error message fingerprint: %s" % (blank, htmlErrorFp)
        return value
    # 检查后端数据库管理系统
    def checkDbms(self):
        if not conf.extensiveFp and Backend.isDbmsWithin(CUBRID_ALIASES):
-            setDbms(DBMS.CUBRID)
+            setDbms(DBMS.CUBRID) # 设置当前数据库管理系统为CUBRID
            self.getBanner()
@ -68,12 +71,14 @@ class Fingerprint(GenericFingerprint):
        infoMsg = "testing %s" % DBMS.CUBRID
        logger.info(infoMsg)
        # 执行布尔表达式注入测试
        result = inject.checkBooleanExpression("{} SUBSETEQ (CAST ({} AS SET))")
        if result:
            infoMsg = "confirming %s" % DBMS.CUBRID
            logger.info(infoMsg)
             # 再次执行布尔表达式注入测试
            result = inject.checkBooleanExpression("DRAND()<2")
            if not result:
@ -82,7 +87,7 @@ class Fingerprint(GenericFingerprint):
                return False
-            setDbms(DBMS.CUBRID)
+            setDbms(DBMS.CUBRID) # 设置当前数据库管理系统为CUBRID
            self.getBanner()