diff --git a/src/sqlmap-master/plugins/dbms/maxdb/enumeration.py b/src/sqlmap-master/plugins/dbms/maxdb/enumeration.py index b676f69..8fa5a43 100644 --- a/src/sqlmap-master/plugins/dbms/maxdb/enumeration.py +++ b/src/sqlmap-master/plugins/dbms/maxdb/enumeration.py @@ -32,40 +32,47 @@ from thirdparty.six.moves import zip as _zip class Enumeration(GenericEnumeration): def __init__(self): GenericEnumeration.__init__(self) - + # 将缓存的数据处理字符中的下划线替换为空格 kb.data.processChar = lambda x: x.replace('_', ' ') if x else x def getPasswordHashes(self): + # 输出警告信息,因SAP MaxDB不支持用户密码哈希的枚举 warnMsg = "on SAP MaxDB it is not possible to enumerate the user password hashes" logger.warning(warnMsg) return {} def getDbs(self): + # 若缓存的数据库信息不为空则返回缓存内容 if len(kb.data.cachedDbs) > 0: return kb.data.cachedDbs infoMsg = "fetching database names" logger.info(infoMsg) + # 查询数据库名称的SQL语句 rootQuery = queries[DBMS.MAXDB].dbs query = rootQuery.inband.query retVal = pivotDumpTable("(%s) AS %s" % (query, kb.aliasName), ['%s.schemaname' % kb.aliasName], blind=True) + # 如果查询结果有效,缓存数据库名称 if retVal: kb.data.cachedDbs = next(six.itervalues(retVal[0])) + # 对数据库名称进行排序 if kb.data.cachedDbs: kb.data.cachedDbs.sort() return kb.data.cachedDbs def getTables(self, bruteForce=None): + # 如果缓存的表信息不为空,则返回缓存内容 if len(kb.data.cachedTables) > 0: return kb.data.cachedTables self.forceDbmsEnum() + # 根据当前选中的数据库获取数据库名称 if conf.db == CURRENT_DB: conf.db = self.getCurrentDb() @@ -74,6 +81,7 @@ class Enumeration(GenericEnumeration): else: dbs = self.getDbs() + # 对数据库名称进行安全处理 for db in (_ for _ in dbs if _): dbs[dbs.index(db)] = safeSQLIdentificatorNaming(db) @@ -83,6 +91,7 @@ class Enumeration(GenericEnumeration): rootQuery = queries[DBMS.MAXDB].tables + # 遍历每个数据库,查询表名称 for db in dbs: query = rootQuery.inband.query % (("'%s'" % db) if db != "USER" else 'USER') blind = not isTechniqueAvailable(PAYLOAD.TECHNIQUE.UNION) @@ -95,6 +104,7 @@ class Enumeration(GenericEnumeration): else: kb.data.cachedTables[db].append(table) + # 对每个数据库的表进行排序 for db, tables in kb.data.cachedTables.items(): kb.data.cachedTables[db] = sorted(tables) if tables else tables @@ -103,6 +113,7 @@ class Enumeration(GenericEnumeration): def getColumns(self, onlyColNames=False, colTuple=None, bruteForce=None, dumpMode=False): self.forceDbmsEnum() + # 获取当前选中的数据库 if conf.db is None or conf.db == CURRENT_DB: if conf.db is None: warnMsg = "missing database parameter. sqlmap is going " @@ -118,19 +129,24 @@ class Enumeration(GenericEnumeration): errMsg += "the tables' columns" raise SqlmapMissingMandatoryOptionException(errMsg) + # 对数据库名称进行安全处理 conf.db = safeSQLIdentificatorNaming(conf.db) + # 获取需要查询的列名 if conf.col: colList = conf.col.split(',') else: colList = [] + # 处理排除的列名 if conf.exclude: colList = [_ for _ in colList if re.search(conf.exclude, _, re.I) is None] + # 对列名进行安全处理 for col in colList: colList[colList.index(col)] = safeSQLIdentificatorNaming(col) + # 获取需要查询的表名 if conf.tbl: tblList = conf.tbl.split(',') else: @@ -146,12 +162,14 @@ class Enumeration(GenericEnumeration): errMsg += "on database '%s'" % unsafeSQLIdentificatorNaming(conf.db) raise SqlmapNoneDataException(errMsg) + # 对表名进行安全处理 for tbl in tblList: tblList[tblList.index(tbl)] = safeSQLIdentificatorNaming(tbl, True) if bruteForce: resumeAvailable = False + # 检查列名是否已存在于缓存中 for tbl in tblList: for db, table, colName, colType in kb.brute.columns: if db == conf.db and table == tbl: @@ -188,6 +206,7 @@ class Enumeration(GenericEnumeration): rootQuery = queries[DBMS.MAXDB].columns + # 遍历每个表,查询列名称及数据类型 for tbl in tblList: if conf.db is not None and len(kb.data.cachedColumns) > 0 and conf.db in kb.data.cachedColumns and tbl in kb.data.cachedColumns[conf.db]: infoMsg = "fetched tables' columns on " @@ -196,6 +215,7 @@ class Enumeration(GenericEnumeration): return {conf.db: kb.data.cachedColumns[conf.db]} + # 在剩余模式且限制列名时,继续缓存 if dumpMode and colList: table = {} table[safeSQLIdentificatorNaming(tbl, True)] = dict((_, None) for _ in colList) @@ -209,6 +229,7 @@ class Enumeration(GenericEnumeration): blind = not isTechniqueAvailable(PAYLOAD.TECHNIQUE.UNION) + # 查询表的列名称和数据类型的SQL语句 query = rootQuery.inband.query % (unsafeSQLIdentificatorNaming(tbl), ("'%s'" % unsafeSQLIdentificatorNaming(conf.db)) if unsafeSQLIdentificatorNaming(conf.db) != "USER" else 'USER') retVal = pivotDumpTable("(%s) AS %s" % (query, kb.aliasName), ['%s.columnname' % kb.aliasName, '%s.datatype' % kb.aliasName, '%s.len' % kb.aliasName], blind=blind) @@ -216,6 +237,7 @@ class Enumeration(GenericEnumeration): table = {} columns = {} + # 将查询结果中的列名和数据类型进行处理 for columnname, datatype, length in _zip(retVal[0]["%s.columnname" % kb.aliasName], retVal[0]["%s.datatype" % kb.aliasName], retVal[0]["%s.len" % kb.aliasName]): columns[safeSQLIdentificatorNaming(columnname)] = "%s(%s)" % (datatype, length) @@ -225,21 +247,25 @@ class Enumeration(GenericEnumeration): return kb.data.cachedColumns def getPrivileges(self, *args, **kwargs): + # 输出警告信息,因SAP MaxDB不支持用户权限的枚举 warnMsg = "on SAP MaxDB it is not possible to enumerate the user privileges" logger.warning(warnMsg) return {} def search(self): + # 输出警告,表示SAP MaxDB不支持搜索功能 warnMsg = "on SAP MaxDB search option is not available" logger.warning(warnMsg) def getHostname(self): + # 输出警告信息,因SAP MaxDB不支持主机名的枚举 warnMsg = "on SAP MaxDB it is not possible to enumerate the hostname" logger.warning(warnMsg) def getStatements(self): + # 输出警告信息,因SAP MaxDB不支持SQL语句的枚举 warnMsg = "on SAP MaxDB it is not possible to enumerate the SQL statements" logger.warning(warnMsg) - return [] + return [] \ No newline at end of file