Minor bug fix to --dbms, updated user's manual

bdamele · bdamele · commit 24a3a231599e · 2009-07-09T11:05:24.000Z
diff --git a/doc/README.html b/doc/README.html
@@ -1571,11 +1571,13 @@ <H3>Force the database management system name</H3>
 </UL>
 </P>
 
-<P>It is possible to force the name if you already know it so that sqlmap
-will skip the fingerprint with an exception for MySQL to only identify if
-it is MySQL &lt; 5.0 or MySQL &gt;= 5.0.
-To avoid also this check you can provide instead <CODE>MySQL 4</CODE> or
-<CODE>MySQL 5</CODE>.</P>
+<P>It is possible to force the DBMS name if you already know it so that sqlmap
+will skip the fingerprint with an exception for MySQL and Microsoft SQL
+Server to only identify the version.
+To avoid also this check you can provide instead <CODE>MySQL VERSION</CODE> or
+<CODE>Microsoft SQL Server VERSION</CODE> where version is a valid version for
+the DBMS, for instance <CODE>5.0</CODE> for MySQL and <CODE>2005</CODE> for
+Microsoft SQL Server.</P>
 <P>Example on a <B>PostgreSQL 8.3.5</B> target:</P>
 <P>
 <BLOCKQUOTE><CODE>
diff --git a/doc/README.pdf b/doc/README.pdf
diff --git a/doc/README.sgml b/doc/README.sgml
@@ -1507,11 +1507,13 @@ At the moment the fully supported database management system are four:
 </itemize>
 
 <p>
-It is possible to force the name if you already know it so that sqlmap
-will skip the fingerprint with an exception for MySQL to only identify if
-it is MySQL &lt; 5.0 or MySQL &gt;= 5.0.
-To avoid also this check you can provide instead <tt>MySQL 4</tt> or
-<tt>MySQL 5</tt>.
+It is possible to force the DBMS name if you already know it so that sqlmap
+will skip the fingerprint with an exception for MySQL and Microsoft SQL
+Server to only identify the version.
+To avoid also this check you can provide instead <tt>MySQL VERSION</tt> or
+<tt>Microsoft SQL Server VERSION</tt> where version is a valid version for
+the DBMS, for instance <tt>5.0</tt> for MySQL and <tt>2005</tt> for
+Microsoft SQL Server.
 
 Example on a <bf>PostgreSQL 8.3.5</bf> target:
 
diff --git a/lib/core/option.py b/lib/core/option.py
@@ -55,6 +55,8 @@
 from lib.core.optiondict import optDict
 from lib.core.settings import MSSQL_ALIASES
 from lib.core.settings import MYSQL_ALIASES
+from lib.core.settings import PGSQL_ALIASES
+from lib.core.settings import ORACLE_ALIASES
 from lib.core.settings import IS_WIN
 from lib.core.settings import PLATFORM
 from lib.core.settings import SITE
@@ -461,8 +463,10 @@ def __setDBMS():
     logger.debug(debugMsg)
 
     conf.dbms = conf.dbms.lower()
-    firstRegExp = "(%s|%s)" % ("|".join([alias for alias in MSSQL_ALIASES]),
-                               "|".join([alias for alias in MYSQL_ALIASES]))
+    firstRegExp = "(%s|%s|%s|%s)" % ("|".join([alias for alias in MSSQL_ALIASES]),
+                                     "|".join([alias for alias in MYSQL_ALIASES]),
+                                     "|".join([alias for alias in PGSQL_ALIASES]),
+                                     "|".join([alias for alias in ORACLE_ALIASES]))
     dbmsRegExp = re.search("%s ([\d\.]+)" % firstRegExp, conf.dbms)
 
     if dbmsRegExp:
diff --git a/lib/core/session.py b/lib/core/session.py
@@ -34,6 +34,8 @@
 from lib.core.data import logger
 from lib.core.settings import MSSQL_ALIASES
 from lib.core.settings import MYSQL_ALIASES
+from lib.core.settings import PGSQL_ALIASES
+from lib.core.settings import ORACLE_ALIASES
 
 
 def setString():
@@ -133,8 +135,10 @@ def setDbms(dbms):
     if condition:
         dataToSessionFile("[%s][%s][%s][DBMS][%s]\n" % (conf.url, kb.injPlace, conf.parameters[kb.injPlace], dbms))
 
-    firstRegExp = "(%s|%s)" % ("|".join([alias for alias in MSSQL_ALIASES]),
-                               "|".join([alias for alias in MYSQL_ALIASES]))
+    firstRegExp = "(%s|%s|%s|%s)" % ("|".join([alias for alias in MSSQL_ALIASES]),
+                                     "|".join([alias for alias in MYSQL_ALIASES]),
+                                     "|".join([alias for alias in PGSQL_ALIASES]),
+                                     "|".join([alias for alias in ORACLE_ALIASES]))
     dbmsRegExp = re.search("^%s" % firstRegExp, dbms, re.I)
 
     if dbmsRegExp:
@@ -368,20 +372,23 @@ def resumeConfKb(expression, url, value):
         logger.info(logMsg)
 
     elif expression == "DBMS" and url == conf.url:
-        dbms = value[:-1]
+        dbms        = value[:-1]
+        dbms        = dbms.lower()
+        dbmsVersion = None
 
         logMsg  = "resuming back-end DBMS '%s' " % dbms
         logMsg += "from session file"
         logger.info(logMsg)
 
-        dbms = dbms.lower()
-        firstRegExp = "(%s|%s)" % ("|".join([alias for alias in MSSQL_ALIASES]),
-                                   "|".join([alias for alias in MYSQL_ALIASES]))
+        firstRegExp = "(%s|%s|%s|%s)" % ("|".join([alias for alias in MSSQL_ALIASES]),
+                                         "|".join([alias for alias in MYSQL_ALIASES]),
+                                         "|".join([alias for alias in PGSQL_ALIASES]),
+                                         "|".join([alias for alias in ORACLE_ALIASES]))
         dbmsRegExp = re.search("%s ([\d\.]+)" % firstRegExp, dbms)
 
         if dbmsRegExp:
-            dbms = dbmsRegExp.group(1)
-            kb.dbmsVersion = [ dbmsRegExp.group(2) ]
+            dbms        = dbmsRegExp.group(1)
+            dbmsVersion = [ dbmsRegExp.group(2) ]
 
         if conf.dbms and conf.dbms.lower() != dbms:
             message  = "you provided '%s' as back-end DBMS, " % conf.dbms
@@ -392,9 +399,11 @@ def resumeConfKb(expression, url, value):
             test = readInput(message, default="N")
 
             if not test or test[0] in ("n", "N"):
-                conf.dbms = dbms
+                conf.dbms      = dbms
+                kb.dbmsVersion = dbmsVersion
         else:
-            conf.dbms = dbms
+            conf.dbms      = dbms
+            kb.dbmsVersion = dbmsVersion
 
     elif expression == "OS" and url == conf.url:
         os = value[:-1]
