Major enhancement to directly connect to the dbms without passing via a sql injection: adapted code accordingly - see #158. This feature relies on python third-party libraries to be able to connect to the database. For the moment it has been implemented for MySQL (with python-mysqldb module) and PostgreSQL (with python-psycopg2 module).

Minor layout adjustments.
2025-12-27 18:09:01 +00:00 · 2010-03-26 23:23:25 +00:00
parent 4ca1adba2c
commit 1416cd0d86
32 changed files with 791 additions and 122 deletions
--- a/lib/controller/action.py
+++ b/lib/controller/action.py
@@ -43,7 +43,7 @@ def action():

    # First of all we have to identify the back-end database management
    # system to be able to go ahead with the injection
-    conf.dbmsHandler = setHandler()
+    setHandler()

    if not conf.dbmsHandler:
        htmlParsed = getHtmlErrorFp()
@@ -166,3 +166,6 @@ def action():
    # Miscellaneous options
    if conf.cleanup:
        conf.dbmsHandler.cleanup()
+
+    if conf.direct:
+        conf.dbmsConnector.close()
--- a/lib/controller/controller.py
+++ b/lib/controller/controller.py
@@ -76,7 +76,7 @@ def __selectInjection(injData):
        return "Quit"

    else:
-        warnMsg = "Invalid choice, retry"
+        warnMsg = "invalid choice, retry"
        logger.warn(warnMsg)
        __selectInjection(injData)

@@ -92,6 +92,13 @@ def start():
    if not conf.start:
        return

+    if conf.direct:
+        initTargetEnv()
+        setupTargetEnv()
+        action()
+
+        return
+
    if conf.url:
        kb.targetUrls.add(( conf.url, conf.method, conf.data, conf.cookie ))

@@ -104,9 +111,9 @@ def start():
        infoMsg = "sqlmap got a total of %d targets" % len(kb.targetUrls)
        logger.info(infoMsg)

-    hostCount               = 0
-    cookieStr               = ""
-    setCookieAsInjectable   = True
+    hostCount             = 0
+    cookieStr             = ""
+    setCookieAsInjectable = True

    for targetUrl, targetMethod, targetData, targetCookie in kb.targetUrls:
        try:
--- a/lib/controller/handler.py
+++ b/lib/controller/handler.py
@@ -34,12 +34,19 @@ from lib.core.settings import ACCESS_ALIASES
 from lib.core.settings import FIREBIRD_ALIASES

 from plugins.dbms.mssqlserver import MSSQLServerMap
+from plugins.dbms.mssqlserver.connector import Connector as MSSQLServerConn
 from plugins.dbms.mysql import MySQLMap
+from plugins.dbms.mysql.connector import Connector as MySQLConn
 from plugins.dbms.oracle import OracleMap
+from plugins.dbms.oracle.connector import Connector as OracleConn
 from plugins.dbms.postgresql import PostgreSQLMap
+from plugins.dbms.postgresql.connector import Connector as PostgreSQLConn
 from plugins.dbms.sqlite import SQLiteMap
+from plugins.dbms.sqlite.connector import Connector as SQLiteConn
 from plugins.dbms.access import AccessMap
+from plugins.dbms.access.connector import Connector as AccessConn
 from plugins.dbms.firebird import FirebirdMap
+from plugins.dbms.firebird.connector import Connector as FirebirdConn

 def setHandler():
    """
@@ -50,16 +57,16 @@ def setHandler():
    count     = 0
    dbmsNames = ( "MySQL", "Oracle", "PostgreSQL", "Microsoft SQL Server", "SQLite", "Microsoft Access", "Firebird" )
    dbmsMap   = (
-                  ( MYSQL_ALIASES, MySQLMap ),
-                  ( ORACLE_ALIASES, OracleMap ),
-                  ( PGSQL_ALIASES, PostgreSQLMap ),
-                  ( MSSQL_ALIASES, MSSQLServerMap ),
-                  ( SQLITE_ALIASES, SQLiteMap ),
-                  ( ACCESS_ALIASES, AccessMap ),
-                  ( FIREBIRD_ALIASES, FirebirdMap ),
+                  ( MYSQL_ALIASES, MySQLMap, MySQLConn ),
+                  ( ORACLE_ALIASES, OracleMap, OracleConn ),
+                  ( PGSQL_ALIASES, PostgreSQLMap, PostgreSQLConn ),
+                  ( MSSQL_ALIASES, MSSQLServerMap, MSSQLServerConn ),
+                  ( SQLITE_ALIASES, SQLiteMap, SQLiteConn ),
+                  ( ACCESS_ALIASES, AccessMap, AccessConn ),
+                  ( FIREBIRD_ALIASES, FirebirdMap, FirebirdConn ),
                )

-    for dbmsAliases, dbmsEntry in dbmsMap:
+    for dbmsAliases, dbmsMap, dbmsConn in dbmsMap:
        if conf.dbms and conf.dbms not in dbmsAliases:
            debugMsg  = "skipping test for %s" % dbmsNames[count]
            logger.debug(debugMsg)
@@ -68,12 +75,15 @@ def setHandler():

            continue

-        handler = dbmsEntry()
+        handler = dbmsMap()
+        conf.dbmsConnector = dbmsConn()

        if handler.checkDbms():
            if not conf.dbms or conf.dbms in dbmsAliases:
                kb.dbmsDetected = True

-                return handler
+                conf.dbmsHandler = handler

-    return None
+                return
+        else:
+            conf.dbmsConnector = None