Book a Demo!
CoCalc Logo Icon
StoreFeaturesDocsShareSupportNewsAboutPoliciesSign UpSign In
sqlmapproject
GitHub Repository: sqlmapproject/sqlmap
 Path: blob/master/plugins/dbms/firebird/fingerprint.py
2992 views
1
#!/usr/bin/env python

2


3
"""

4
Copyright (c) 2006-2025 sqlmap developers (https://sqlmap.org)

5
See the file 'LICENSE' for copying permission

6
"""

7


8
import re

9


10
from lib.core.common import Backend

11
from lib.core.common import Format

12
from lib.core.common import randomRange

13
from lib.core.common import randomStr

14
from lib.core.compat import xrange

15
from lib.core.convert import getUnicode

16
from lib.core.data import conf

17
from lib.core.data import kb

18
from lib.core.data import logger

19
from lib.core.enums import DBMS

20
from lib.core.session import setDbms

21
from lib.core.settings import FIREBIRD_ALIASES

22
from lib.core.settings import METADB_SUFFIX

23
from lib.request import inject

24
from plugins.generic.fingerprint import Fingerprint as GenericFingerprint

25


26
class Fingerprint(GenericFingerprint):

27
    def __init__(self):

28
        GenericFingerprint.__init__(self, DBMS.FIREBIRD)

29


30
    def getFingerprint(self):

31
        value = ""

32
        wsOsFp = Format.getOs("web server", kb.headersFp)

33


34
        if wsOsFp:

35
            value += "%s\n" % wsOsFp

36


37
        if kb.data.banner:

38
            dbmsOsFp = Format.getOs("back-end DBMS", kb.bannerFp)

39


40
            if dbmsOsFp:

41
                value += "%s\n" % dbmsOsFp

42


43
        value += "back-end DBMS: "

44
        actVer = Format.getDbms()

45


46
        if not conf.extensiveFp:

47
            value += actVer

48
            return value

49


50
        actVer = Format.getDbms() + " (%s)" % (self._dialectCheck())

51
        blank = " " * 15

52
        value += "active fingerprint: %s" % actVer

53


54
        if kb.bannerFp:

55
            banVer = kb.bannerFp.get("dbmsVersion")

56


57
            if banVer:

58
                if re.search(r"-log$", kb.data.banner or ""):

59
                    banVer += ", logging enabled"

60


61
                banVer = Format.getDbms([banVer])

62
                value += "\n%sbanner parsing fingerprint: %s" % (blank, banVer)

63


64
        htmlErrorFp = Format.getErrorParsedDBMSes()

65


66
        if htmlErrorFp:

67
            value += "\n%shtml error message fingerprint: %s" % (blank, htmlErrorFp)

68


69
        return value

70


71
    def _sysTablesCheck(self):

72
        retVal = None

73
        table = (

74
            ("1.0", ("EXISTS(SELECT CURRENT_USER FROM RDB$DATABASE)",)),

75
            ("1.5", ("NULLIF(%d,%d) IS NULL", "EXISTS(SELECT CURRENT_TRANSACTION FROM RDB$DATABASE)")),

76
            ("2.0", ("EXISTS(SELECT CURRENT_TIME(0) FROM RDB$DATABASE)", "BIT_LENGTH(%d)>0", "CHAR_LENGTH(%d)>0")),

77
            ("2.1", ("BIN_XOR(%d,%d)=0", "PI()>0.%d", "RAND()<1.%d", "FLOOR(1.%d)>=0")),

78
            ("2.5", ("'%s' SIMILAR TO '%s'",)),  # Reference: https://firebirdsql.org/refdocs/langrefupd25-similar-to.html

79
            ("3.0", ("FALSE IS FALSE",)),  # https://www.firebirdsql.org/file/community/conference-2014/pdf/02_fb.2014.whatsnew.30.en.pdf

80
        )

81


82
        for i in xrange(len(table)):

83
            version, checks = table[i]

84
            failed = False

85
            check = checks[randomRange(0, len(checks) - 1)].replace("%d", getUnicode(randomRange(1, 100))).replace("%s", getUnicode(randomStr()))

86
            result = inject.checkBooleanExpression(check)

87


88
            if result:

89
                retVal = version

90
            else:

91
                failed = True

92
                break

93


94
            if failed:

95
                break

96


97
        return retVal

98


99
    def _dialectCheck(self):

100
        retVal = None

101


102
        if Backend.getIdentifiedDbms():

103
            result = inject.checkBooleanExpression("EXISTS(SELECT CURRENT_DATE FROM RDB$DATABASE)")

104
            retVal = "dialect 3" if result else "dialect 1"

105


106
        return retVal

107


108
    def checkDbms(self):

109
        if not conf.extensiveFp and Backend.isDbmsWithin(FIREBIRD_ALIASES):

110
            setDbms("%s %s" % (DBMS.FIREBIRD, Backend.getVersion()))

111


112
            self.getBanner()

113


114
            return True

115


116
        infoMsg = "testing %s" % DBMS.FIREBIRD

117
        logger.info(infoMsg)

118


119
        result = inject.checkBooleanExpression("(SELECT COUNT(*) FROM RDB$DATABASE WHERE [RANDNUM]=[RANDNUM])>0")

120


121
        if result:

122
            infoMsg = "confirming %s" % DBMS.FIREBIRD

123
            logger.info(infoMsg)

124


125
            result = inject.checkBooleanExpression("EXISTS(SELECT CURRENT_USER FROM RDB$DATABASE)")

126


127
            if not result:

128
                warnMsg = "the back-end DBMS is not %s" % DBMS.FIREBIRD

129
                logger.warning(warnMsg)

130


131
                return False

132


133
            setDbms(DBMS.FIREBIRD)

134


135
            infoMsg = "actively fingerprinting %s" % DBMS.FIREBIRD

136
            logger.info(infoMsg)

137


138
            version = self._sysTablesCheck()

139


140
            if version is not None:

141
                Backend.setVersion(version)

142
                setDbms("%s %s" % (DBMS.FIREBIRD, version))

143


144
            self.getBanner()

145


146
            return True

147
        else:

148
            warnMsg = "the back-end DBMS is not %s" % DBMS.FIREBIRD

149
            logger.warning(warnMsg)

150


151
            return False

152


153
    def forceDbmsEnum(self):

154
        conf.db = "%s%s" % (DBMS.FIREBIRD, METADB_SUFFIX)

155


156
        if conf.tbl:

157
            conf.tbl = conf.tbl.upper()

158


159