Blame: data/xml/banner/postgresql.xml - sqlmapproject/sqlmap

Automatic SQL injection and database takeover tool

36977 0 0 Python

Minor enhancement to fingerprint the back-end DBMS operating system (type, version, release, distribution, codename and service pack) by parsing the DBMS banner value when both -f and -b are provided: adapted the code and added XML files defining regular expressions for matching. Example of the -f -b output now on MySQL 5.0.67 running on latest Ubuntu: --8<-- back-end DBMS: active fingerprint: MySQL >= 5.0.38 and < 5.1.2 comment injection fingerprint: MySQL 5.0.67 banner parsing fingerprint: MySQL 5.0.67 html error message fingerprint: MySQL back-end DBMS operating system: Linux Ubuntu 8.10 (Intrepid) --8<-- 2008-11-15 23:41:31 +00:00			`<?xml version="1.0" encoding="UTF-8"?>`

			`<root>`
			`<regexp value="PostgreSQL\s+([\w\.]+)">`
Minor enhancement to fingerprint the web server operating system and the web application technology by parsing also HTTP response Server header. Refactor libraries and plugins that parses XML to fingerprint and show on standard output the information. Updated changelog. 2008-11-18 17:42:46 +00:00			`<info dbms_version="1"/>`
Minor enhancement to fingerprint the back-end DBMS operating system (type, version, release, distribution, codename and service pack) by parsing the DBMS banner value when both -f and -b are provided: adapted the code and added XML files defining regular expressions for matching. Example of the -f -b output now on MySQL 5.0.67 running on latest Ubuntu: --8<-- back-end DBMS: active fingerprint: MySQL >= 5.0.38 and < 5.1.2 comment injection fingerprint: MySQL 5.0.67 banner parsing fingerprint: MySQL 5.0.67 html error message fingerprint: MySQL back-end DBMS operating system: Linux Ubuntu 8.10 (Intrepid) --8<-- 2008-11-15 23:41:31 +00:00			`</regexp>`

Minor improvement to PostgreSQL signatures file to identify Windows. Minor improvement to Microsoft SQL Server "limit" queries. 2009-01-02 23:23:55 +00:00			`<!-- Windows -->`
			`<regexp value="Visual C\+\+">`
			`<info type="Windows"/>`
			`</regexp>`

Added another PostgreSQL banner signature for Windows (it's specific for PostgreSQL compiled by hand with MinGW/GCC or using the binary MSI file of PostgreSQL version 8.2.x. PostgreSQL 8.3.x is compiled by default using Visual C++) 2009-01-30 00:35:05 +00:00			`<regexp value="mingw([\d]+)">`
			`<info type="Windows"/>`
			`</regexp>`
Minor enhancement to fingerprint the back-end DBMS operating system (type, version, release, distribution, codename and service pack) by parsing the DBMS banner value when both -f and -b are provided: adapted the code and added XML files defining regular expressions for matching. Example of the -f -b output now on MySQL 5.0.67 running on latest Ubuntu: --8<-- back-end DBMS: active fingerprint: MySQL >= 5.0.38 and < 5.1.2 comment injection fingerprint: MySQL 5.0.67 banner parsing fingerprint: MySQL 5.0.67 html error message fingerprint: MySQL back-end DBMS operating system: Linux Ubuntu 8.10 (Intrepid) --8<-- 2008-11-15 23:41:31 +00:00			`</root>`